]> git.ipfire.org Git - thirdparty/knot-resolver.git/commit
projects / thirdparty / knot-resolver.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 3ab7733) | patch
rrcache: don't store NSEC3 and their signatures
authorVladimír Čunát <vladimir.cunat@nic.cz>
Thu, 2 Mar 2017 17:28:14 +0000 (18:28 +0100)
committerVladimír Čunát <vladimir.cunat@nic.cz>
Thu, 2 Mar 2017 17:28:14 +0000 (18:28 +0100)
commitd0317e7f7e713902438185b3f2f7b3d73f82fca9
tree3789f2d3616ed870e93b3f484a49d2e01d6786fdtree
parent3ab773324fb00e0bc1954e00b06f943466489e2ccommit | diff
rrcache: don't store NSEC3 and their signatures

They would end up cached by their hashed owner names and then even
returned if explicitly queried by that hashed name, which is not correct:
https://tools.ietf.org/html/rfc4035#section-2.3

Internally we only need these for non-existence proofs, and those are
stored in pktcache instead.
lib/layer/rrcache.c diff | blob | blame | history
Mirror of https://gitlab.nic.cz/knot/knot-resolver.git