Handle signed dangling CNAME replies to DS queries.

author Simon Kelley <simon@thekelleys.org.uk>

Wed, 9 Sep 2015 21:51:13 +0000 (22:51 +0100)

committer Simon Kelley <simon@thekelleys.org.uk>

Wed, 9 Sep 2015 21:51:13 +0000 (22:51 +0100)
author Simon Kelley <simon@thekelleys.org.uk>
Wed, 9 Sep 2015 21:51:13 +0000 (22:51 +0100)
committer Simon Kelley <simon@thekelleys.org.uk>
Wed, 9 Sep 2015 21:51:13 +0000 (22:51 +0100)
diff --git a/src/dnssec.c b/src/dnssec.c

index 4deda24b67f1f70966f07b6c04e9e77cf054d707..67ce4867ade0aff3c195c0881f75528f3a0f30fa 100644 (file)
--- a/src/dnssec.c
+++ b/src/dnssec.c
@@ -1232,11 +1232,8 @@ int dnssec_validate_ds(time_t now, struct dns_header *header, size_t plen, char
     
    /* If we return STAT_NO_SIG, name contains the name of the DS query */
    if (val == STAT_NO_SIG)
-    {
-      *keyname = 0;
-      return val;
-    }  
-
+    return val;
+  
    /* If the key needed to validate the DS is on the same domain as the DS, we'll
       loop getting nowhere. Stop that now. This can happen of the DS answer comes
       from the DS's zone, and not the parent zone. */
author	Simon Kelley <simon@thekelleys.org.uk>
	Wed, 9 Sep 2015 21:51:13 +0000 (22:51 +0100)
committer	Simon Kelley <simon@thekelleys.org.uk>
	Wed, 9 Sep 2015 21:51:13 +0000 (22:51 +0100)