]> git.ipfire.org Git - thirdparty/pdns.git/commit
projects / thirdparty / pdns.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 5213239) | patch
rec: Fix gathering of denial of existence proof for wildcard-expanded names
authorRemi Gacogne <remi.gacogne@powerdns.com>
Fri, 1 Mar 2024 13:07:35 +0000 (14:07 +0100)
committerOtto Moerbeek <otto.moerbeek@open-xchange.com>
Mon, 4 Mar 2024 09:45:45 +0000 (10:45 +0100)
commit3f427fc636282792374e2eb754621f0520e52402
tree6a471294343842d520906d728baf396c04712e2ftree
parent52132390f285f9dfcaf45d151206fb5136c20a98commit | diff
rec: Fix gathering of denial of existence proof for wildcard-expanded names

When the recursor is forwarding to a resolver, we accept the names composing
the CNAME chain starting at the queried name. This means we also need to gather
the denial of existence proof for CNAMEs that were expanded from a wildcard,
otherwise the response sent to the client cannot be DNSSEC-validated.

(cherry picked from commit 2eb9f095fe06f77cd816135c03c7ac558e0f324d)
pdns/recursordist/syncres.cc diff | blob | blame | history
Unnamed repository; edit this file 'description' to name the repository.