{
int c;
val_env->bogus_ttl = (uint32_t)cfg->bogus_ttl;
- val_env->clean_additional = cfg->val_clean_additional;
- val_env->permissive_mode = cfg->val_permissive_mode;
if(!env->anchors)
env->anchors = anchors_create();
if(!env->anchors) {
}
env->modinfo[id] = (void*)val_env;
env->need_to_validate = 1;
- val_env->permissive_mode = 0;
lock_basic_init(&val_env->bogus_lock);
lock_protect(&val_env->bogus_lock, &val_env->num_rrset_bogus,
sizeof(val_env->num_rrset_bogus));
}
}
- /* attempt to validate the ADDITIONAL section rrsets */
- if(!ve->clean_additional)
+ /* If set, the validator should clean the additional section of
+ * secure messages. */
+ if(!env->cfg->val_clean_additional)
return 1;
+ /* attempt to validate the ADDITIONAL section rrsets */
for(i=chase_reply->an_numrrsets+chase_reply->ns_numrrsets;
i<chase_reply->rrset_count; i++) {
s = chase_reply->rrsets[i];
free(err);
}
}
+ /*
+ * If set, the validator will not make messages bogus, instead
+ * indeterminate is issued, so that no clients receive SERVFAIL.
+ * This allows an operator to run validation 'shadow' without
+ * hurting responses to clients.
+ */
/* If we are in permissive mode, bogus gets indeterminate */
- if(ve->permissive_mode)
+ if(qstate->env->cfg->val_permissive_mode)
vq->orig_msg->rep->security = sec_status_indeterminate;
}
* seconds. */
uint32_t bogus_ttl;
- /** If set, the validator should clean the additional section of
- * secure messages.
- */
- int clean_additional;
-
- /**
- * If set, the validator will not make messages bogus, instead
- * indeterminate is issued, so that no clients receive SERVFAIL.
- * This allows an operator to run validation 'shadow' without
- * hurting responses to clients.
- */
- int permissive_mode;
-
/**
* Number of entries in the NSEC3 maximum iteration count table.
* Keep this table short, and sorted by size
projects / thirdparty / unbound.git / commitdiff
