Log BOGUS validation result when upstream sends SERVFAIL.

author Simon Kelley <simon@thekelleys.org.uk>

Thu, 13 Feb 2014 16:56:30 +0000 (16:56 +0000)

committer Simon Kelley <simon@thekelleys.org.uk>

Thu, 13 Feb 2014 16:56:30 +0000 (16:56 +0000)
author Simon Kelley <simon@thekelleys.org.uk>
Thu, 13 Feb 2014 16:56:30 +0000 (16:56 +0000)
committer Simon Kelley <simon@thekelleys.org.uk>
Thu, 13 Feb 2014 16:56:30 +0000 (16:56 +0000)
diff --git a/src/dnssec.c b/src/dnssec.c

index 30d1a26188616d434ec0fc935f4bbd84716afd34..13e67872569a5143699695eebaac3be83ac6168a 100644 (file)
--- a/src/dnssec.c
+++ b/src/dnssec.c
@@ -1127,6 +1127,9 @@ int dnssec_validate_reply(time_t now, struct dns_header *header, size_t plen, ch
    int type1, class1, rdlen1, type2, class2, rdlen2;
    int i, j, rc, have_nsec, have_nsec_equal, cname_count = 5;
  
+  if (RCODE(header) == SERVFAIL)
+    return STAT_BOGUS;
+  
    if ((RCODE(header) != NXDOMAIN && RCODE(header) != NOERROR) || ntohs(header->qdcount) != 1)
      return STAT_INSECURE;
author	Simon Kelley <simon@thekelleys.org.uk>
	Thu, 13 Feb 2014 16:56:30 +0000 (16:56 +0000)
committer	Simon Kelley <simon@thekelleys.org.uk>
	Thu, 13 Feb 2014 16:56:30 +0000 (16:56 +0000)