rec: A ServFail while retrieving DS/DNSKEY records is just that
Before that commit, failing to get the DS or DNSKEY records needed
during validation because of a network issue would trigger a Bogus
DNSSEC validation result because validation could not be performed,
but that should just be a Server Failure instead.
This is especially an issue because the Bogus result would get
inserted into the cache and could stay there for as long as
'max-cache-bogus-ttl' seconds.
(cherry picked from commit
e122af1cf073cab4bd0b1b346b6e166b49870d70)
projects / thirdparty / pdns.git / commit
