From: Wouter Wijngaards <wouter@nlnetlabs.nl>
Date: Thu, 29 Apr 2010 12:36:12 +0000 (+0000)
Subject: dnssec lameness detection looks in key cache if dnssec is expected.
X-Git-Tag: release-1.4.5rc1~35
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=cccba6e2c7a4367a8ca9f57c2d6a3a0b30171f08;p=thirdparty%2Funbound.git

dnssec lameness detection looks in key cache if dnssec is expected.


git-svn-id: file:///svn/unbound/trunk@2104 be551aaa-1e26-0410-a405-d3ace91eadb9
---

diff --git a/doc/Changelog b/doc/Changelog
index e6be106b8..28da4ea95 100644
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -1,3 +1,6 @@
+29 April 2010: Wouter
+	- Fix for dnssec lameness detection to use the key cache.
+
 28 April 2010: Wouter
 	- ldns tarball updated and GOST support is detected and then enabled. 
 	- iana portlist updated.
diff --git a/iterator/iter_utils.c b/iterator/iter_utils.c
index 612465089..f63b6fe39 100644
--- a/iterator/iter_utils.c
+++ b/iterator/iter_utils.c
@@ -60,6 +60,8 @@
 #include "util/random.h"
 #include "util/fptr_wlist.h"
 #include "validator/val_anchor.h"
+#include "validator/val_kcache.h"
+#include "validator/val_kentry.h"
 
 /** time when nameserver glue is said to be 'recent' */
 #define SUSPICION_RECENT_EXPIRY 86400
@@ -570,6 +572,18 @@ iter_indicates_dnssec(struct module_env* env, struct delegpt* dp,
 		reply_find_rrset_section_ns(msg->rep, dp->name, dp->namelen,
 		LDNS_RR_TYPE_DS, dclass))
 		return 1;
+	/* look in key cache */
+	if(env->key_cache) {
+		struct key_entry_key* kk = key_cache_obtain(env->key_cache,
+			dp->name, dp->namelen, dclass, env->scratch, *env->now);
+		if(kk) {
+			if(key_entry_isgood(kk) || key_entry_isbad(kk)) {
+				regional_free_all(env->scratch);
+				return 1;
+			}
+			regional_free_all(env->scratch);
+		}
+	}
 	return 0;
 }