git.ipfire.org Git - thirdparty/bind9.git/commit

]> git.ipfire.org Git - thirdparty/bind9.git/commit

projects / thirdparty / bind9.git / commit

author	Evan Hunt <each@isc.org>
	Fri, 24 Jan 2025 01:16:30 +0000 (17:16 -0800)
committer	Evan Hunt <each@isc.org>
	Thu, 20 Feb 2025 01:25:20 +0000 (17:25 -0800)
commit	6aba56ae89cde535fcc6fbee0366c843cdf47845
tree	f52134c9221cc48a41b2b8debf17d89607d4484e	tree \| snapshot
parent	948f8d7a9893eaf3b0f00d92d9a8b421346d3c86	commit \| diff

Check whether a rejected rrset is different

Add a new dns_rdataset_equals() function to check whether two
rdatasets are equal in DNSSEC terms.

When an rdataset being cached is rejected because its trust
level is lower than the existing rdataset, we now check to see
whether the rejected data was identical to the existing data.
This allows us to cache a potentially useful RRSIG when handling
CD=1 queries, while still rejecting RRSIGs that would definitely
have resulted in a validation failure.

lib/dns/include/dns/rdataset.h		diff \| blob \| blame \| history
lib/dns/rdataset.c		diff \| blob \| blame \| history
lib/dns/rdataslab.c		diff \| blob \| blame \| history
lib/dns/resolver.c		diff \| blob \| blame \| history

Mirror of https://gitlab.isc.org/isc-projects/bind9.git

RSS Atom