]> git.ipfire.org Git - thirdparty/bind9.git/commit
projects / thirdparty / bind9.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 92b4f88) | patch
Fail the DNSSEC validation on the first failure
authorMark Andrews <marka@isc.org>
Wed, 22 Nov 2023 05:59:03 +0000 (16:59 +1100)
committerMichał Kępień <michal@isc.org>
Thu, 22 Feb 2024 12:22:01 +0000 (13:22 +0100)
commit8b7ecba9885e163c07c2dd3e1ceab79b2ba89e34
treecdfa39854d5a2039113f7fdbbfaed314d93a9d85tree | snapshot
parent92b4f88bc88305d95abc91e76b393837c3f59040commit | diff
Fail the DNSSEC validation on the first failure

Be more strict when encountering DNSSEC validation failures - fail on
the first failure.  This will break domains that have DNSSEC signing
keys with duplicate key ids, but this is something that's much easier
to fix on the authoritative side, so we are just going to be strict
on the resolver side where it is causing performance problems.
lib/dns/include/dns/validator.h diff | blob | blame | history
lib/dns/validator.c diff | blob | blame | history
Mirror of https://gitlab.isc.org/isc-projects/bind9.git