From: Fabian Möller Date: Wed, 22 Jan 2025 12:33:12 +0000 (+0100) Subject: resolved: fix DNSSEC `missing-key` error X-Git-Tag: v258-rc1~1416 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=cac3b43eee83829d68ebf7d4786ebc32e62fe813;p=thirdparty%2Fsystemd.git resolved: fix DNSSEC `missing-key` error Skip unsupport/invalid `DS` and `DNSKEY` combinations during verification. Fixes: #12545 --- diff --git a/src/resolve/resolved-dns-dnssec.c b/src/resolve/resolved-dns-dnssec.c index aff185a2dd9..5f0152c278c 100644 --- a/src/resolve/resolved-dns-dnssec.c +++ b/src/resolve/resolved-dns-dnssec.c @@ -1470,7 +1470,7 @@ int dnssec_verify_dnskey_by_ds_search(DnsResourceRecord *dnskey, DnsAnswer *vali r = dnssec_verify_dnskey_by_ds(dnskey, ds, false); if (IN_SET(r, -EKEYREJECTED, -EOPNOTSUPP)) - return 0; /* The DNSKEY is revoked or otherwise invalid, or we don't support the digest algorithm */ + continue; /* The DNSKEY is revoked or otherwise invalid, or we don't support the digest algorithm */ if (r < 0) return r; if (r > 0)