dnssec lameness detection looks in key cache if dnssec is expected.

git-svn-id: file:///svn/unbound/trunk@2104 be551aaa-1e26-0410-a405-d3ace91eadb9

diff --git a/doc/Changelog b/doc/Changelog
index e6be106b8037badbe43af8f11bf4749a81ccc115..28da4ea95e28ff6d469d24f7c3e1495c26adcb9e 100644 (file)
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -1,3 +1,6 @@
+29 April 2010: Wouter
+       - Fix for dnssec lameness detection to use the key cache.
+
 28 April 2010: Wouter
        - ldns tarball updated and GOST support is detected and then enabled. 
        - iana portlist updated.

diff --git a/iterator/iter_utils.c b/iterator/iter_utils.c
index 6124650890b67b4c1244f8a01d086ffcd5c713c3..f63b6fe3923c13fac8007eaa9803970e27a3cca7 100644 (file)
--- a/iterator/iter_utils.c
+++ b/iterator/iter_utils.c
@@ -60,6 +60,8 @@
 #include "util/random.h"
 #include "util/fptr_wlist.h"
 #include "validator/val_anchor.h"
+#include "validator/val_kcache.h"
+#include "validator/val_kentry.h"
 
 /** time when nameserver glue is said to be 'recent' */
 #define SUSPICION_RECENT_EXPIRY 86400
@@ -570,6 +572,18 @@ iter_indicates_dnssec(struct module_env* env, struct delegpt* dp,
                reply_find_rrset_section_ns(msg->rep, dp->name, dp->namelen,
                LDNS_RR_TYPE_DS, dclass))
                return 1;
+       /* look in key cache */
+       if(env->key_cache) {
+               struct key_entry_key* kk = key_cache_obtain(env->key_cache,
+                       dp->name, dp->namelen, dclass, env->scratch, *env->now);
+               if(kk) {
+                       if(key_entry_isgood(kk) || key_entry_isbad(kk)) {
+                               regional_free_all(env->scratch);
+                               return 1;
+                       }
+                       regional_free_all(env->scratch);
+               }
+       }
        return 0;
 }