- This makes a key-prime succeed in validator, with DS or DNSKEY as
trust-anchor.
- fixup canonical compare byfield routine, fix bug and also neater.
-
+ - fixed iterator response type classification for queries of type
+ ANY and NS.
+ dig ANY gives sometimes NS rrset in AN and NS section, and parser
+ removes the NS section duplicate. dig NS gives sometimes the NS
+ in the answer section, as referral.
+
15 August 2007: Wouter
- crypto calls to verify signatures.
- unit test for rrsig verification.
for(i=0; i<msg->rep->an_numrrsets; i++) {
struct ub_packed_rrset_key* s = msg->rep->rrsets[i];
+ /* if the answer section has NS rrset, and qtype ANY
+ * and the delegation is lower, and no CNAMEs followed,
+ * this is a referral where the NS went to AN section */
+ if((request->qtype == LDNS_RR_TYPE_ANY ||
+ request->qtype == LDNS_RR_TYPE_NS) &&
+ ntohs(s->rk.type) == LDNS_RR_TYPE_NS &&
+ ntohs(s->rk.rrset_class) == request->qclass &&
+ dname_strict_subdomain_c(s->rk.dname,
+ origzone)) {
+ return RESPONSE_TYPE_REFERRAL;
+ }
+
/* If we have encountered an answer (before or
* after a CNAME), then we are done! Note that
* if qtype == CNAME then this will be noted as an
projects / thirdparty / unbound.git / commitdiff
