]> git.ipfire.org Git - thirdparty/systemd.git/commit - src/resolve/resolved-dns-dnssec.c
projects / thirdparty / systemd.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: d86c982) | patch
resolved: complete NSEC non-existance proofs
authorLennart Poettering <lennart@poettering.net>
Fri, 15 Jan 2016 01:21:22 +0000 (02:21 +0100)
committerLennart Poettering <lennart@poettering.net>
Sun, 17 Jan 2016 19:47:46 +0000 (20:47 +0100)
commitab481675f98d3d3f12e7e48ba6d2159123b9c7bf
tree52a0faf980bd886b7ccb9cbb98a67e6be38c5935tree | snapshot
parentd86c982a3476bcff39a196868c835309c7a6c7fccommit | diff
resolved: complete NSEC non-existance proofs

This fills in the last few gaps:

- When checking if a domain is non-existing, also check that no wildcard for it exists
- Ensure we don't base "covering" tests on NSEC RRs from a parent zone
- Refuse to accept expanded wildcard NSEC RRs for absence proofs.
src/resolve/resolved-dns-dnssec.c diff | blob | blame | history
src/resolve/resolved-dns-rr.c diff | blob | blame | history
src/resolve/resolved-dns-rr.h diff | blob | blame | history
Unnamed repository; edit this file 'description' to name the repository.