mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-09-02 07:35:26 +00:00
Code Issues Releases Wiki Activity

address DNS_R_MUSTBESECURE failures

Browse Source
This commit is contained in:
Mark Andrews
2019-09-04 21:28:34 +10:00
parent 353d0cd8f0
commit 06d9e93a57
1 changed files with 12 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
lib/dns/validator.c
View File

@@ -531,9 +531,10 @@ dsfetched2(isc_task_t *task, isc_event_t *event) {
"must be secure failure, no DS" "must be secure failure, no DS"
" and this is a delegation"); " and this is a delegation");
validator_done(val, DNS_R_MUSTBESECURE); validator_done(val, DNS_R_MUSTBESECURE);
} } else {
markanswer(val, "dsfetched2"); markanswer(val, "dsfetched2");
validator_done(val, ISC_R_SUCCESS); validator_done(val, ISC_R_SUCCESS);
}
} else { } else {
result = proveunsecure(val, false, true); result = proveunsecure(val, false, true);
if (result != DNS_R_WAIT) if (result != DNS_R_WAIT)
@@ -686,9 +687,10 @@ dsvalidated(isc_task_t *task, isc_event_t *event) {
"must be secure failure, no DS " "must be secure failure, no DS "
"and this is a delegation"); "and this is a delegation");
result = DNS_R_MUSTBESECURE; result = DNS_R_MUSTBESECURE;
} } else {
markanswer(val, "dsvalidated"); markanswer(val, "dsvalidated");
result = ISC_R_SUCCESS;; result = ISC_R_SUCCESS;;
}
} else if ((val->attributes & VALATTR_INSECURITY) != 0) { } else if ((val->attributes & VALATTR_INSECURITY) != 0) {
result = proveunsecure(val, have_dsset, true); result = proveunsecure(val, have_dsset, true);
} else } else
@@ -1707,7 +1709,7 @@ validatezonekey(dns_validator_t *val) {
"must be secure failure, " "must be secure failure, "
"not beneath secure root"); "not beneath secure root");
return (DNS_R_MUSTBESECURE); return (DNS_R_MUSTBESECURE);
} else }
validator_log(val, ISC_LOG_DEBUG(3), validator_log(val, ISC_LOG_DEBUG(3),
"not beneath secure root"); "not beneath secure root");
markanswer(val, "validatezonekey (1)"); markanswer(val, "validatezonekey (1)");
@@ -2651,7 +2653,7 @@ proveunsecure(dns_validator_t *val, bool have_ds, bool resume) {
"not beneath secure root"); "not beneath secure root");
result = DNS_R_MUSTBESECURE; result = DNS_R_MUSTBESECURE;
goto out; goto out;
} else }
validator_log(val, ISC_LOG_DEBUG(3), validator_log(val, ISC_LOG_DEBUG(3),
"not beneath secure root"); "not beneath secure root");
markanswer(val, "proveunsecure (1)"); markanswer(val, "proveunsecure (1)");