- suppress compile warning in lex files.
- init lzt variable, for older gcc compiler warnings.
- fix --enable-dsa to work, instead of copying ecdsa enable.
+ - Fix DNSSEC validation of query type ANY with DNAME answers.
19 October 2016: Wouter
- Fix #1130: whitespace in example.conf.in more consistent.
{
size_t i;
- if(subtype == VAL_CLASS_POSITIVE || subtype == VAL_CLASS_ANY) {
+ if(subtype == VAL_CLASS_POSITIVE) {
/* check for the answer rrset */
for(i=skip; i<rep->an_numrrsets; i++) {
if(query_dname_compare(qinf->qname,
signer_name, signer_len, &matchcount);
}
}
+ } else if(subtype == VAL_CLASS_ANY) {
+ /* check for one of the answer rrset that has signatures,
+ * or potentially a DNAME is in use with a different qname */
+ for(i=skip; i<rep->an_numrrsets; i++) {
+ if(query_dname_compare(qinf->qname,
+ rep->rrsets[i]->rk.dname) == 0) {
+ val_find_rrset_signer(rep->rrsets[i],
+ signer_name, signer_len);
+ if(*signer_name)
+ return;
+ }
+ }
+ /* no answer RRSIGs with qname, try a DNAME */
+ if(skip < rep->an_numrrsets &&
+ ntohs(rep->rrsets[skip]->rk.type) ==
+ LDNS_RR_TYPE_DNAME) {
+ val_find_rrset_signer(rep->rrsets[skip],
+ signer_name, signer_len);
+ if(*signer_name)
+ return;
+ }
+ *signer_name = NULL;
+ *signer_len = 0;
} else if(subtype == VAL_CLASS_REFERRAL) {
/* find keys for the item at skip */
if(skip < rep->rrset_count) {
projects / thirdparty / unbound.git / commitdiff
