Fix ghost domain attack vulnerability (CVE-2012-1191)

Author: Peter Conrad <conrad@tivano.de>
Origin: http://marc.info/?l=djbdns&m=134269902121506&w=2

Gentoo-Bug: https://bugs.gentoo.org/404959

--- a/query.c
+++ b/query.c
@@ -792,6 +792,12 @@ static int doit(struct query *z,int state)
     }
 
     if (!dns_domain_suffix(t1,control)) { i = j; continue; }
+
+    if (!flagforwardonly && byte_equal(type,2,DNS_T_NS) && dns_domain_equal(t1,control)) {
+        char dummy[256];
+        if (!roots(dummy,control)) { i = j; continue; }
+    }
+
     if (!roots_same(t1,control)) { i = j; continue; }
 
     if (byte_equal(type,2,DNS_T_ANY))