]> git.ipfire.org Git - thirdparty/ldns.git/commitdiff
projects / thirdparty / ldns.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 8dd6dec)
fix nsec chain chasing where a DS is not present halfway in the chain
authorJelte Jansen <jeltejan@NLnetLabs.nl>
Fri, 21 Apr 2006 19:08:31 +0000 (19:08 +0000)
committerJelte Jansen <jeltejan@NLnetLabs.nl>
Fri, 21 Apr 2006 19:08:31 +0000 (19:08 +0000)
drill/chasetrace.c patch | blob | blame | history

diff --git a/drill/chasetrace.c b/drill/chasetrace.c
index a636adaa4278ef38bc76b23781dee2b9744f9df9..391d39109387b4200f1d1a0f5b6f4e40976c46b1 100644 (file)
--- a/drill/chasetrace.c
+++ b/drill/chasetrace.c
@@ -253,6 +253,14 @@ do_chase(ldns_resolver *res, ldns_rdf *name, ldns_rr_type type, ldns_rr_class c,
                                type,
                                LDNS_SECTION_ANSWER
                                );
+               if (!rrset) {
+                       /* nothing in answer, try authority */
+                       rrset = ldns_pkt_rr_list_by_name_and_type(pkt,
+                                       name,
+                                       type,
+                                       LDNS_SECTION_AUTHORITY
+                                       );
+               }
        } else {
                /* no packet? */
                return LDNS_STATUS_MEM_ERR;
@@ -424,6 +432,7 @@ do_chase(ldns_resolver *res, ldns_rdf *name, ldns_rr_type type, ldns_rr_class c,
                                        result = LDNS_STATUS_CRYPTO_NO_RRSIG;
                                } else {
                                        /* ok nsec denies existence, chase the nsec now */
+                                       printf(";; Existence of data set with this type denied by NSEC\n");
                                        result = do_chase(res, ldns_rr_owner(ldns_rr_list_rr(nsecs, nsec_i)), LDNS_RR_TYPE_NSEC, c, trusted_keys, pkt, qflags);
                                        if (result == LDNS_STATUS_OK) {
                                                ldns_pkt_free(pkt);
@@ -433,6 +442,7 @@ do_chase(ldns_resolver *res, ldns_rdf *name, ldns_rr_type type, ldns_rr_class c,
                                }
                        } else if (ldns_nsec_covers_name(ldns_rr_list_rr(nsecs, nsec_i), name)) {
                                /* Verifably insecure? chase the covering nsec */
+                               printf(";; Existence of data set with this name denied by NSEC\n");
                                result = do_chase(res, ldns_rr_owner(ldns_rr_list_rr(nsecs, nsec_i)), LDNS_RR_TYPE_NSEC, c, trusted_keys, pkt, qflags);
                                if (result == LDNS_STATUS_OK) {
                                        ldns_pkt_free(pkt);
Mirror of https://github.com/NLnetLabs/ldns.git