lib/validate: scrubbed extra rrs in NS were checked
the validator module should ignore any data that
will be scrubbed, that includes non-authoritative
data outside current bailiwick. previously,
validator attempted to ignore these records only
for answer section and had a special case for NS
records.
cache: non-authoritative NS records are always
unchecked and must be treated as insecure
affected: www.iana.org trying to provide
delegation information for CNAME target, which is
moot with CNAME target explicit-fetch policy unless
the the resolver already knows DNSKEY with which
is could verify the records
projects / thirdparty / knot-resolver.git / commit
