validator_log(val, ISC_LOG_WARNING,
"can't validate existing "
"negative responses (no DS)");
- *resp = DNS_R_MUSTBESECURE;
+ *resp = DNS_R_NOVALIDSIG;
return ISC_R_COMPLETE;
}
* Returns:
* \li ISC_R_SUCCESS val->name is in an unsecure zone
* \li DNS_R_WAIT validation is in progress.
- * \li DNS_R_MUSTBESECURE val->name is supposed to be secure
- * (policy) but we proved that it is unsecure.
* \li DNS_R_NOVALIDSIG
* \li DNS_R_NOVALIDNSEC
* \li DNS_R_NOTINSECURE
if (!dns_rdataset_isassociated(nssigset)) {
dnssec_log(zone, ISC_LOG_WARNING, "No NS RRSIGs found for '%s'",
pnamebuf);
- result = DNS_R_MUSTBESECURE;
+ result = DNS_R_NOVALIDSIG;
goto done;
}
dnssec_log(zone, ISC_LOG_WARNING,
"Invalid NS RRset for '%s' trust level %u", pnamebuf,
nsrrset->trust);
- result = DNS_R_MUSTBESECURE;
+ result = DNS_R_NOVALIDSIG;
goto done;
}
[DNS_R_BADNAME] = "bad name (check-names)",
[DNS_R_DYNAMIC] = "dynamic zone",
[DNS_R_UNKNOWNCOMMAND] = "unknown command",
- [DNS_R_MUSTBESECURE] = "must-be-secure",
[DNS_R_COVERINGNSEC] = "covering NSEC record returned",
[DNS_R_MXISADDRESS] = "MX is an address",
[DNS_R_DUPLICATE] = "duplicate query",
[DNS_R_BADNAME] = "DNS_R_BADNAME",
[DNS_R_DYNAMIC] = "DNS_R_DYNAMIC",
[DNS_R_UNKNOWNCOMMAND] = "DNS_R_UNKNOWNCOMMAND",
- [DNS_R_MUSTBESECURE] = "DNS_R_MUSTBESECURE",
[DNS_R_COVERINGNSEC] = "DNS_R_COVERINGNSEC",
[DNS_R_MXISADDRESS] = "DNS_R_MXISADDRESS",
[DNS_R_DUPLICATE] = "DNS_R_DUPLICATE",
projects / thirdparty / bind9.git / commitdiff
