From: Grigorii Demidov <grigorii.demidov@nic.cz>
Date: Thu, 10 Nov 2016 13:01:18 +0000 (+0100)
Subject: layer/validate: additional processing for chained DS queries
X-Git-Tag: v1.2.0-rc1~72^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=17001e1d23addefd9040cafe3cfe87ba1672ed62;p=thirdparty%2Fknot-resolver.git

layer/validate: additional processing for chained DS queries
---

diff --git a/lib/layer/validate.c b/lib/layer/validate.c
index f7d07999b..ed58f25c3 100644
--- a/lib/layer/validate.c
+++ b/lib/layer/validate.c
@@ -280,8 +280,14 @@ static int update_parent_keys(struct kr_query *qry, uint16_t answer_type)
 	case KNOT_RRTYPE_DS:
 		DEBUG_MSG(qry, "<= parent: updating DS\n");
 		if (qry->flags & QUERY_DNSSEC_INSECURE) { /* DS non-existence proven. */
-			parent->flags &= ~QUERY_DNSSEC_WANT;
-			parent->flags |= QUERY_DNSSEC_INSECURE;
+			do {
+				parent->flags &= ~QUERY_DNSSEC_WANT;
+				parent->flags |= QUERY_DNSSEC_INSECURE;
+				if (parent->stype != KNOT_RRTYPE_DS) {
+					break;
+				}
+				parent = parent->parent;
+			} while (parent);
 		} else { /* DS existence proven. */
 			parent->zone_cut.trust_anchor = knot_rrset_copy(qry->zone_cut.trust_anchor, parent->zone_cut.pool);
 			if (!parent->zone_cut.trust_anchor) {