]> git.ipfire.org Git - thirdparty/pdns.git/commit
projects / thirdparty / pdns.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: a6bd70c) | patch
Failure to retrieve DNSKEYs of an Insecure zone should not be fatal. 11941/head
authorOtto Moerbeek <otto.moerbeek@open-xchange.com>
Wed, 31 Aug 2022 08:34:18 +0000 (10:34 +0200)
committerOtto Moerbeek <otto.moerbeek@open-xchange.com>
Mon, 12 Sep 2022 08:18:10 +0000 (10:18 +0200)
commit5369379591acf77b110484494b73ca40c94bf26b
treea3c96c77da38791f6a2db7f679c95b0f7b50dcb9tree
parenta6bd70c49185becb69a831b80f3dd8b8b20ecaf1commit | diff
Failure to retrieve DNSKEYs of an Insecure zone should not be fatal.

This issue happens if a record set is signed even though the zone
itself is Insecure. Syncres then tries to retrieve DNSKEYs and a
timeout on that would lead to an ImmediateServFailException.

Only throw exception later in validateRecordsWithSigs, after checking
zone cuts, when we are sure the zone is Secure.

(cherry picked from commit 6dc8b0b2c6fb2e628356f8dc5c5de4dfd919ec5d)
pdns/recursordist/test-syncres_cc5.cc diff | blob | blame | history
pdns/syncres.cc diff | blob | blame | history
pdns/syncres.hh diff | blob | blame | history
Unnamed repository; edit this file 'description' to name the repository.