]> git.ipfire.org Git - thirdparty/pdns.git/commit
projects / thirdparty / pdns.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 587f8fd) | patch
rec: Fix DNAME interaction with aggressive use of NSEC3 17157/head
authorRemi Gacogne <remi.gacogne@powerdns.com>
Fri, 17 Apr 2026 15:40:57 +0000 (17:40 +0200)
committerRemi Gacogne <remi.gacogne@powerdns.com>
Mon, 20 Apr 2026 09:12:49 +0000 (11:12 +0200)
commitbf64487523c19df2834c6def15585bd9abeef229
tree449b1b4f8d50964bef8d3bb8798077ffedbbf58atree | snapshot
parent587f8fd3986bcd4902d8d50ceea817aea020d88ecommit | diff
rec: Fix DNAME interaction with aggressive use of NSEC3

rfc6672 section 5.3.2 "DNAME Bit in NSEC Type Map":

In any negative response, the NSEC or NSEC3 [RFC5155] record type
bitmap SHOULD be checked to see that there was no DNAME that could
have been applied. If the DNAME bit in the type bitmap is set and
the query name is a subdomain of the closest encloser that is
asserted, then DNAME substitution should have been done, but the
substitution has not been done as specified.

Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>
pdns/recursordist/aggressive_nsec.cc diff | blob | blame | history
pdns/recursordist/test-aggressive_nsec_cc.cc diff | blob | blame | history
Unnamed repository; edit this file 'description' to name the repository.