]> git.ipfire.org Git - thirdparty/pdns.git/commit
projects / thirdparty / pdns.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 0cc0497) | patch
rec: Validate cached DNSKEYs against the DSs, not the RRSIGs only 9334/head
authorRemi Gacogne <remi.gacogne@powerdns.com>
Mon, 6 Jul 2020 13:00:44 +0000 (15:00 +0200)
committerOtto Moerbeek <otto.moerbeek@open-xchange.com>
Mon, 13 Jul 2020 15:06:13 +0000 (17:06 +0200)
commit99b5a2c6dff2e686472872a0059761af3f0b8ffb
treeebda2b194ef6c4de2be5252d4c2c73975812cae5tree
parent0cc0497f0b334713feae215c6412a04db2bf4774commit | diff
rec: Validate cached DNSKEYs against the DSs, not the RRSIGs only

DNSKEYs might be cached in a non-validated state ("Indeterminate")
when the DNSSEC mode is set to "Process" and the initial query did
not ask for validation.
We would then validate the DNSKEY records against the RRSIGs, like
for regular records, but not against the DSs.

(cherry picked from commit 453f37736a4d372e16755a903f5b5d5ac52b0c17)
pdns/recursordist/test-syncres_cc4.cc diff | blob | blame | history
pdns/syncres.cc diff | blob | blame | history
Unnamed repository; edit this file 'description' to name the repository.