- Fix #1404: Priming the root key fails after loading ipfire.org RPZ

author Yorgos Thessalonikefs <yorgos@nlnetlabs.nl>

Mon, 16 Feb 2026 12:37:19 +0000 (13:37 +0100)

committer Yorgos Thessalonikefs <yorgos@nlnetlabs.nl>

Mon, 16 Feb 2026 12:37:19 +0000 (13:37 +0100)
author Yorgos Thessalonikefs <yorgos@nlnetlabs.nl>
Mon, 16 Feb 2026 12:37:19 +0000 (13:37 +0100)
committer Yorgos Thessalonikefs <yorgos@nlnetlabs.nl>
Mon, 16 Feb 2026 12:37:19 +0000 (13:37 +0100)
diff --git a/doc/Changelog b/doc/Changelog

index cd6848653a6729de69d05c003422e65d61e0d449..4c96c99b83ac0e2f4070b53a59abff7a84f8a59d 100644 (file)
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -1,3 +1,8 @@
+16 February 2026: Yorgos
+       - Fix #1404: Priming the root key fails after loading ipfire.org RPZ
+         zones. Fixed by including the ZONEMD RRtype in the list of types to
+         ignore for RPZ zones. Analysis and patch provided by ummeegge.
+
  11 February 2026: Wouter
         - Fix #1403: Inconsistency between do-nat64 and do-not-query-address
           during retries.
diff --git a/services/rpz.c b/services/rpz.c

index f45cf65420d7e32efcb1fdbe664ccc0ef8628a19..d83acbfb08e0cc957f46f9a53f289084b260bf35 100644 (file)
--- a/services/rpz.c
+++ b/services/rpz.c
@@ -153,6 +153,7 @@ rpz_type_ignored(uint16_t rr_type)
                 case LDNS_RR_TYPE_SOA:
                 case LDNS_RR_TYPE_NS:
                 case LDNS_RR_TYPE_DNAME:
+               case LDNS_RR_TYPE_ZONEMD:
                 /* all DNSSEC-related RRs must be ignored */
                 case LDNS_RR_TYPE_DNSKEY:
                 case LDNS_RR_TYPE_DS:
author	Yorgos Thessalonikefs <yorgos@nlnetlabs.nl>
	Mon, 16 Feb 2026 12:37:19 +0000 (13:37 +0100)
committer	Yorgos Thessalonikefs <yorgos@nlnetlabs.nl>
	Mon, 16 Feb 2026 12:37:19 +0000 (13:37 +0100)
doc/Changelog		patch \| blob \| blame \| history
services/rpz.c		patch \| blob \| blame \| history