]> git.ipfire.org Git - thirdparty/pdns.git/commit
projects / thirdparty / pdns.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 10bd45a) | patch
rec: Validate cached DNSKEYs against the DSs, not the RRSIGs only 9309/head
authorRemi Gacogne <remi.gacogne@powerdns.com>
Mon, 6 Jul 2020 13:00:44 +0000 (15:00 +0200)
committerRemi Gacogne <remi.gacogne@powerdns.com>
Mon, 6 Jul 2020 13:00:44 +0000 (15:00 +0200)
commit453f37736a4d372e16755a903f5b5d5ac52b0c17
tree39afe3d80326d356a260dadef20d6de5f1a61435tree
parent10bd45ab2e7d4e4b01ee6dcf02d3b550a38241c9commit | diff
rec: Validate cached DNSKEYs against the DSs, not the RRSIGs only

DNSKEYs might be cached in a non-validated state ("Indeterminate")
when the DNSSEC mode is set to "Process" and the initial query did
not ask for validation.
We would then validate the DNSKEY records against the RRSIGs, like
for regular records, but not against the DSs.
pdns/recursordist/test-syncres_cc4.cc diff | blob | blame | history
pdns/syncres.cc diff | blob | blame | history
Unnamed repository; edit this file 'description' to name the repository.