+6 July 2012: Wouter
+ - Fix validation of qtype DS queries that result in no data for
+ non-optout NSEC3 zones.
+
4 July 2012: Wouter
- compile libunbound with libnss on Suse, passes regression tests.
* If not type DS: matching nsec3 must not be a delegation.
*/
if(qinfo->qtype == LDNS_RR_TYPE_DS && qinfo->qname_len != 1
- && nsec3_has_type(rrset, rr, LDNS_RR_TYPE_SOA &&
- !dname_is_root(qinfo->qname))) {
+ && nsec3_has_type(rrset, rr, LDNS_RR_TYPE_SOA) &&
+ !dname_is_root(qinfo->qname)) {
verbose(VERB_ALGO, "proveNodata: apex NSEC3 "
"abused for no DS proof, bogus");
return sec_status_bogus;
projects / thirdparty / unbound.git / commitdiff
