]> git.ipfire.org Git - thirdparty/knot-resolver.git/commit
projects / thirdparty / knot-resolver.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: eb2b03d) | patch
validator: use rank BOGUS where appropriate instead of MISSING
authorPetr Špaček <petr.spacek@nic.cz>
Tue, 7 Apr 2020 13:55:52 +0000 (15:55 +0200)
committerPetr Špaček <petr.spacek@nic.cz>
Wed, 15 Apr 2020 07:30:33 +0000 (09:30 +0200)
commitcce8d9355b07d50fd28615423d7a59d3f4cac279
tree60393924df3b6701dcd0ffeba3d9a8f544ba717etree
parenteb2b03df5d63c7141bda461c7a5ac7eabb8c630bcommit | diff
validator: use rank BOGUS where appropriate instead of MISSING

MISSING triggers re-query to auth in attempt to find missing RRSIGs.
It causes reduntant queries and also puts some BOGUS RRsets in answers.
(It sounds bad but we were correctly setting rcode=SERVFAIL and AD=0
even before this commit.)

Formerly RRSIG ranks did not reflect results of validation.
Now we mark them as BOGUS and upgrade them to SECURE if they validate.

New validator phase answer_finalize prevents BOGUS RRsets from being
put even into SERVFAIL answers.

Closes: #396
NEWS diff | blob | blame | history
lib/cache/api.c diff | blob | blame | history
lib/dnssec.c diff | blob | blame | history
lib/layer/validate.c diff | blob | blame | history
tests/integration/deckard diff | blob | blame | history
Mirror of https://gitlab.nic.cz/knot/knot-resolver.git