Return INSECURE, rather than BOGUS when DS proved not to exist.

[people/ms/dnsmasq.git] / src / dnssec.c

diff --git a/src/dnssec.c b/src/dnssec.c
index 14bae7e9bf75f9be68f7760a838f37355ff915e3..05e0983cb25134ba7e4d5d8f0d48678efebd455b 100644 (file)
--- a/src/dnssec.c
+++ b/src/dnssec.c
@@ -981,7 +981,7 @@ int dnssec_validate_by_ds(time_t now, struct dns_header *header, size_t plen, ch
   
   /* If we've cached that DS provably doesn't exist, result must be INSECURE */
   if (crecp->flags & F_NEG)
-    return STAT_INSECURE;
+    return STAT_INSECURE_DS;
   
   /* NOTE, we need to find ONE DNSKEY which matches the DS */
   for (valid = 0, j = ntohs(header->ancount); j != 0 && !valid; j--)