]> git.ipfire.org Git - thirdparty/pdns.git/commitdiff
projects / thirdparty / pdns.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 9e28746)
Even for HardenNXD::Yes we don't want to believe Bogus NXDOMAINs.
authorOtto Moerbeek <otto.moerbeek@open-xchange.com>
Tue, 5 Nov 2019 13:03:19 +0000 (14:03 +0100)
committerOtto Moerbeek <otto.moerbeek@open-xchange.com>
Tue, 5 Nov 2019 13:03:19 +0000 (14:03 +0100)
pdns/syncres.cc patch | blob | blame | history

diff --git a/pdns/syncres.cc b/pdns/syncres.cc
index e2aa148a48e9707962226e10ab7b4d4ca302ba98..3ffeae0dbaa331784dedb614f802b9148a4a946a 100644 (file)
--- a/pdns/syncres.cc
+++ b/pdns/syncres.cc
@@ -1427,7 +1427,7 @@ bool SyncRes::doCacheCheck(const DNSName &qname, const DNSName& authname, bool w
           // And get the updated ne struct
           //t_sstorage.negcache.get(negCacheName, QType(0), d_now, &ne, true);
         }
-        if (s_hardenNXD == HardenNXD::Yes || ne->d_validationState == Secure) {
+        if ((s_hardenNXD == HardenNXD::Yes && ne->d_validationState != Bogus) || ne->d_validationState == Secure) {
           res = RCode::NXDomain;
           sttl = ne->d_ttd - d_now.tv_sec;
           giveNegative = true;
Unnamed repository; edit this file 'description' to name the repository.