]> git.ipfire.org Git - thirdparty/knot-resolver.git/commitdiff
projects / thirdparty / knot-resolver.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 4d5c646)
rrcache: fix code that was missed by mistake
authorVladimír Čunát <vladimir.cunat@nic.cz>
Mon, 3 Apr 2017 11:50:39 +0000 (13:50 +0200)
committerVladimír Čunát <vladimir.cunat@nic.cz>
Mon, 3 Apr 2017 11:50:39 +0000 (13:50 +0200)
lib/layer/rrcache.c patch | blob | blame | history

diff --git a/lib/layer/rrcache.c b/lib/layer/rrcache.c
index cd8b9f5e9a4ef47601797dbbd360bae676dc9857..ac54db38c37ef5e1f7bca3f450f4c4585c3fb322 100644 (file)
--- a/lib/layer/rrcache.c
+++ b/lib/layer/rrcache.c
@@ -243,26 +243,13 @@ static int commit_rr(const char *key, void *val, void *data)
 
        /* Save RRSIG in a special cache. */
        uint8_t rank = KEY_FLAG_RANK(key);
-       /* Non-authoritative NSs should never be trusted,
-        * it may be present in an otherwise secure answer but it
-        * is only a hint for local state. */
-       if (rr->type != KNOT_RRTYPE_NS || (rank & KR_RANK_AUTH)) {
-               if (baton->qry->flags & QUERY_DNSSEC_WANT &&
-                   rank != KR_RANK_BAD) {
-                       rank |= KR_RANK_SECURE;
-               }
-       }
-       if (baton->qry->flags & QUERY_DNSSEC_INSECURE && rank != KR_RANK_BAD) {
-               rank &= ~KR_RANK_SECURE;
-               rank |= KR_RANK_INSECURE;
-       }
        if (KEY_COVERING_RRSIG(key)) {
                return commit_rrsig(baton, rank, KR_CACHE_FLAG_NONE, rr);
        }
-       /* Accept only better rank (if not overriding) */
+       /* Accept only better or equal rank if not secure */
        if (!(rank & KR_RANK_SECURE)) {
                int cached_rank = kr_cache_peek_rank(baton->cache, KR_CACHE_RR, rr->owner, rr->type, baton->timestamp);
-               if (cached_rank >= rank) {
+               if (cached_rank > rank) {
                        return kr_ok();
                }
        }
Mirror of https://gitlab.nic.cz/knot/knot-resolver.git