2876. [bug] Named could return SERVFAIL for negative responses

author Mark Andrews <marka@isc.org>

Wed, 21 Apr 2010 04:23:47 +0000 (04:23 +0000)

committer Mark Andrews <marka@isc.org>

Wed, 21 Apr 2010 04:23:47 +0000 (04:23 +0000)
author Mark Andrews <marka@isc.org>
Wed, 21 Apr 2010 04:23:47 +0000 (04:23 +0000)
committer Mark Andrews <marka@isc.org>
Wed, 21 Apr 2010 04:23:47 +0000 (04:23 +0000)
diff --git a/CHANGES b/CHANGES

index 3b209d86e48b7ca00661da844fc5d06d41fc4ad3..ea640be32240e794e7f82245f4d4520ff6b8b354 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+2876.  [bug]           Named could return SERVFAIL for negative responses
+                       from unsigned zones. [RT #21131]
+
         --- 9.4-ESV-R1 released ---
  
  2852.  [bug]           Handle broken DNSSEC trust chains better. [RT #15619]
diff --git a/lib/dns/validator.c b/lib/dns/validator.c

index 9642791ad1ac655af0f5df04cf0b3ee80a85017e..20843464a223c17a536d8f25d87a5dfe6c255ec6 100644 (file)
--- a/lib/dns/validator.c
+++ b/lib/dns/validator.c
@@ -15,7 +15,7 @@
   * PERFORMANCE OF THIS SOFTWARE.
   */
  
-/* $Id: validator.c,v 1.119.18.53 2010/02/26 23:46:37 tbox Exp $ */
+/* $Id: validator.c,v 1.119.18.54 2010/04/21 04:23:47 marka Exp $ */
  
  /*! \file */
  
@@ -2322,7 +2322,7 @@ nsecvalidate(dns_validator_t *val, isc_boolean_t resume) {
                 return (ISC_R_SUCCESS);
         }
  
-       if (val->authcount == val->authfail)
+       if (val->authfail != 0 && val->authcount == val->authfail)
                 return (DNS_R_BROKENCHAIN);
         validator_log(val, ISC_LOG_DEBUG(3),
                       "nonexistence proof(s) not found");
author	Mark Andrews <marka@isc.org>
	Wed, 21 Apr 2010 04:23:47 +0000 (04:23 +0000)
committer	Mark Andrews <marka@isc.org>
	Wed, 21 Apr 2010 04:23:47 +0000 (04:23 +0000)
CHANGES		patch \| blob \| blame \| history
lib/dns/validator.c		patch \| blob \| blame \| history