Revert "validate: don't turn all NS records insecure on non-existent DS"

This reverts commit f522436b62cdfd972f603809a367859c4576445b.

diff --git a/lib/resolve.c b/lib/resolve.c
index 89e66ff6f3a591ee453e6769acd325730b1a76e0..c57ff3e1781a41dfcb28508462b442c60e1f2bc3 100644 (file)
--- a/lib/resolve.c
+++ b/lib/resolve.c
@@ -225,12 +225,10 @@ static int ns_fetch_cut(struct kr_query *qry, const knot_dname_t *requested_name
                 * even if cut name is covered by TA. */
                qry->flags.DNSSEC_WANT = false;
                qry->flags.DNSSEC_INSECURE = true;
-               VERBOSE_MSG(qry, "=> going insecure because parent query is insecure\n");
        } else if (kr_ta_covers_qry(req->ctx, qry->zone_cut.name, KNOT_RRTYPE_NS)) {
                qry->flags.DNSSEC_WANT = true;
        } else {
                qry->flags.DNSSEC_WANT = false;
-               VERBOSE_MSG(qry, "=> going insecure because there's no covering TA\n");
        }
 
        struct kr_zonecut cut_found;

diff --git a/lib/zonecut.c b/lib/zonecut.c
index 49fa805edec523f3267e837d4ca6c1f05c90197b..c793fb6fb76b0d060d919467bbc2fe3f4ce3f174 100644 (file)
--- a/lib/zonecut.c
+++ b/lib/zonecut.c
@@ -450,8 +450,8 @@ int kr_zonecut_find_cached(struct kr_context *ctx, struct kr_zonecut *cut,
                        WITH_VERBOSE(qry) {
                                auto_free char *label_str = kr_dname_text(label);
                                VERBOSE_MSG(qry,
-                                       "found cut: %s (rank 0%.2o return codes: DS %d, DNSKEY %d)\n",
-                                       label_str, rank, ret_ds, ret_dnskey);
+                                       "found cut: %s (return codes: DS %d, DNSKEY %d)\n",
+                                       label_str, ret_ds, ret_dnskey);
                        }
                        return kr_ok();
                }