+
+ --- 9.4.2rc1 released ---
+
2251. [doc] Update memstatistics-file documentation to reflect
reality. Note there is behaviour change for BIND 9.5.
[RT #17113]
- --- 9.4.2rc1 released ---
-
2249. [bug] Only set Authentic Data bit if client requested
DNSSEC, per RFC 3655 [RT #17175]
+2245. [bug] Validating lack of DS records at trust anchors wasn't
+ working. [RT #17151]
+
2238. [bug] It was possible to trigger a REQUIRE when a
validation was cancelled. [RT #17106]
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: validator.h,v 1.27.18.9 2007/08/28 07:20:05 tbox Exp $ */
+/* $Id: validator.h,v 1.27.18.10 2007/09/26 04:39:45 each Exp $ */
#ifndef DNS_VALIDATOR_H
#define DNS_VALIDATOR_H 1
ISC_EVENT_COMMON(struct dns_validatorevent);
dns_validator_t * validator;
isc_result_t result;
+ /*
+ * Name and type of the response to be validated.
+ */
dns_name_t * name;
dns_rdatatype_t type;
+ /*
+ * Rdata and RRSIG (if any) for positive responses.
+ */
dns_rdataset_t * rdataset;
dns_rdataset_t * sigrdataset;
+ /*
+ * The full response. Required for negative responses.
+ * Also required for positive wildcard responses.
+ */
dns_message_t * message;
+ /*
+ * Proofs to be cached.
+ */
dns_name_t * proofs[3];
} dns_validatorevent_t;
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: validator.c,v 1.119.18.34 2007/09/14 05:52:50 marka Exp $ */
+/* $Id: validator.c,v 1.119.18.35 2007/09/26 04:39:45 each Exp $ */
/*! \file */
dns_fixedname_init(&val->dlvsep);
dlvsep = dns_fixedname_name(&val->dlvsep);
dns_name_copy(val->event->name, dlvsep, NULL);
+ /*
+ * If this is a response to a DS query, we need to look in
+ * the parent zone for the trust anchor.
+ */
if (val->event->type == dns_rdatatype_ds) {
labels = dns_name_countlabels(dlvsep);
if (labels == 0)
if (val->havedlvsep)
dns_name_copy(dns_fixedname_name(&val->dlvsep), secroot, NULL);
else {
+ dns_name_copy(val->event->name, secroot, NULL);
+ /*
+ * If this is a response to a DS query, we need to look in
+ * the parent zone for the trust anchor.
+ */
+ if (val->event->type == dns_rdatatype_ds &&
+ dns_name_countlabels(secroot) > 1U)
+ dns_name_split(secroot, 1, NULL, secroot);
result = dns_keytable_finddeepestmatch(val->keytable,
- val->event->name,
- secroot);
+ secroot, secroot);
if (result == ISC_R_NOTFOUND) {
validator_log(val, ISC_LOG_DEBUG(3),
projects / thirdparty / bind9.git / commitdiff
