From: Evan Hunt Date: Mon, 13 Jul 2026 19:38:19 +0000 (+0000) Subject: fix: usr: Ensure NSEC authority does not cross zonecut boundary X-Git-Url: http://git.ipfire.org/gitweb/?a=commitdiff_plain;h=d47b5ea79b3aaa23beeee254974619699a9a0772;p=thirdparty%2Fbind9.git fix: usr: Ensure NSEC authority does not cross zonecut boundary When using a cached NSEC record to prove that a delegation is insecure, we now check that the signer name in the corresponding RRSIG is not above a known secure delegation point. This prevents a signed namespace from being downgraded to insecure using an NSEC record from the grandparent zone. Closes #5967 Merge branch '5967-nsec-grandparent' into 'main' See merge request isc-projects/bind9!12257 --- d47b5ea79b3aaa23beeee254974619699a9a0772