if(sec == sec_status_secure)
return sec;
numchecked ++;
+ numverified ++;
if(sec == sec_status_indeterminate)
numindeterminate ++;
+ if(numverified > MAX_VALIDATE_RRSIGS) {
+ verbose(VERB_QUERY, "rrset failed to verify, too many RRSIG validations");
+ *reason = "too many RRSIG validations";
+ if(reason_bogus)
+ *reason_bogus = LDNS_EDE_DNSSEC_BOGUS;
+ return sec_status_bogus;
+ }
}
- verbose(VERB_ALGO, "rrset failed to verify: all signatures are bogus");
if(!numchecked) {
*reason = "signature for expected key and algorithm missing";
if(reason_bogus)
projects / thirdparty / unbound.git / commitdiff
