- Fix to have cachedb not return expired bogus data as non-bogus.

diff --git a/cachedb/cachedb.c b/cachedb/cachedb.c
index b45c0a3ea69f017e9970fc36fda8c7cb14a2a48b..226669fcd481d61b1fce75c87ba67f1ef3912a4f 100644 (file)
--- a/cachedb/cachedb.c
+++ b/cachedb/cachedb.c
@@ -754,8 +754,10 @@ cachedb_intcache_store(struct module_qstate* qstate, int msg_expired,
                        "(original ttl: %d)", (int)original_ttl);
                /* The expired entry does not get checked by the validator
                 * and we need a validation value for it. */
+               /* By setting this to unchecked, bogus data is not returned
+                * as non-bogus. */
                if(qstate->env->cfg->cachedb_check_when_serve_expired)
-                       qstate->return_msg->rep->security = sec_status_insecure;
+                       qstate->return_msg->rep->security = sec_status_unchecked;
        }
        (void)dns_cache_store(qstate->env, &qstate->qinfo,
                qstate->return_msg->rep, 0, qstate->prefetch_leeway, 0,

diff --git a/doc/Changelog b/doc/Changelog
index 6ac6a1038998f00f1009ea7e301b8f13978e6d05..84e1f05cfaa8f43c42fa9a952790583c788c21f0 100644 (file)
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -1,3 +1,6 @@
+23 February 2026: Wouter
+       - Fix to have cachedb not return expired bogus data as non-bogus.
+
 17 February 2026: Wouter
        - Fix to remove unused conditional from cookie timestamp at
          worker env.