]> git.ipfire.org Git - thirdparty/pdns.git/commitdiff
projects / thirdparty / pdns.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 0ad2601)
rec: Go Bogus if the name exists but retrieving the DS results in NXD
authorRemi Gacogne <remi.gacogne@powerdns.com>
Tue, 5 Sep 2017 10:23:12 +0000 (12:23 +0200)
committerRemi Gacogne <remi.gacogne@powerdns.com>
Tue, 12 Sep 2017 15:15:34 +0000 (17:15 +0200)
pdns/syncres.cc patch | blob | blame | history
pdns/syncres.hh patch | blob | blame | history

diff --git a/pdns/syncres.cc b/pdns/syncres.cc
index a4c0fdb63f93a51a2e4c228705e956a29f44ccfc..f6a959e93986a70cdeedcbbff51b6a74c78b197b 100644 (file)
--- a/pdns/syncres.cc
+++ b/pdns/syncres.cc
@@ -1350,7 +1350,7 @@ static size_t countSupportedDS(const dsmap_t& dsmap)
   return count;
 }
 
-vState SyncRes::getDSRecords(const DNSName& zone, dsmap_t& ds, bool taOnly, unsigned int depth)
+vState SyncRes::getDSRecords(const DNSName& zone, dsmap_t& ds, bool taOnly, unsigned int depth, bool bogusOnNXD)
 {
   vState result = getTA(zone, ds);
 
@@ -1376,7 +1376,7 @@ vState SyncRes::getDSRecords(const DNSName& zone, dsmap_t& ds, bool taOnly, unsi
   d_skipCNAMECheck = oldSkipCNAME;
   d_requireAuthData = oldRequireAuthData;
 
-  if (rcode == RCode::NoError || rcode == RCode::NXDomain) {
+  if (rcode == RCode::NoError || (rcode == RCode::NXDomain && !bogusOnNXD)) {
     if (state == Secure) {
       for (const auto& record : dsrecords) {
         if (record.d_type == QType::DS) {
diff --git a/pdns/syncres.hh b/pdns/syncres.hh
index afc52bf8d1caf766a41bfb38524a6d7ad44528d8..980650f6d31d306b49ebb27da6392523564a8e63 100644 (file)
--- a/pdns/syncres.hh
+++ b/pdns/syncres.hh
@@ -753,7 +753,7 @@ private:
   void updateValidationState(vState& state, const vState stateUpdate);
   vState validateRecordsWithSigs(unsigned int depth, const DNSName& qname, const QType& qtype, const DNSName& name, const std::vector<DNSRecord>& records, const std::vector<std::shared_ptr<RRSIGRecordContent> >& signatures);
   vState validateDNSKeys(const DNSName& zone, const std::vector<DNSRecord>& dnskeys, const std::vector<std::shared_ptr<RRSIGRecordContent> >& signatures, unsigned int depth);
-  vState getDSRecords(const DNSName& zone, dsmap_t& ds, bool onlyTA, unsigned int depth);
+  vState getDSRecords(const DNSName& zone, dsmap_t& ds, bool onlyTA, unsigned int depth, bool bogusOnNXD=true);
   vState getDNSKeys(const DNSName& signer, skeyset_t& keys, unsigned int depth);
   void getDenialValidationState(NegCache::NegCacheEntry& ne, vState& state, const dState expectedState, bool allowOptOut);
   vState getTA(const DNSName& zone, dsmap_t& ds);
Unnamed repository; edit this file 'description' to name the repository.