mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-31 14:35:26 +00:00
Code Issues Releases Wiki Activity

Removed the restriction that answers under a security root must have SIG

Browse Source 
records in the answer, since they might be in an unsecure subdomain.
This commit is contained in:
Brian Wellington
2000-04-18 17:44:22 +00:00
parent eb5250f0bd
commit 605b13c0dc
1 changed files with 23 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
lib/dns/resolver.c
View File

@@ -2150,6 +2150,7 @@ validated(isc_task_t *task, isc_event_t *event) {
if (result != ISC_R_SUCCESS &&
result != DNS_R_UNCHANGED)
goto cleanup;
if (vevent->sigrdataset != NULL) {
result = dns_db_addrdataset(fctx->res->view->cachedb,
node, NULL, now,
vevent->sigrdataset, 0,
@@ -2157,6 +2158,7 @@ validated(isc_task_t *task, isc_event_t *event) {
if (result != ISC_R_SUCCESS &&
result != DNS_R_UNCHANGED)
goto cleanup;
}
fctx->attributes |= FCTX_ATTR_HAVEANSWER;
if (hevent != NULL) {
@@ -2289,15 +2291,7 @@ cache_name(fetchctx_t *fctx, dns_name_t *name, isc_stdtime_t now) {
break;
}
if (sigrdataset == NULL) {
if (ANSWER(rdataset)) {
/*
* The peer is broken.
*/
FCTXTRACE("DNSSEC response "
"missing SIG");
result = DNS_R_FORMERR;
break;
} else {
if (!ANSWER(rdataset)) {
/*
* Ignore non-answer rdatasets that
* are missing signatures.
@@ -2311,9 +2305,11 @@ cache_name(fetchctx_t *fctx, dns_name_t *name, isc_stdtime_t now) {
* pending data.
*/
#ifdef notyet
if (sigrdataset != NULL)
set_ttl(rdataset, sigrdataset);
#endif
rdataset->trust = dns_trust_pending;
if (sigrdataset != NULL)
sigrdataset->trust = dns_trust_pending;
result = dns_db_addrdataset(res->view->cachedb,
node, NULL, now,
@@ -2321,12 +2317,15 @@ cache_name(fetchctx_t *fctx, dns_name_t *name, isc_stdtime_t now) {
if (result != ISC_R_SUCCESS &&
result != DNS_R_UNCHANGED)
break;
if (sigrdataset != NULL) {
result = dns_db_addrdataset(res->view->cachedb,
node, NULL, now,
sigrdataset, 0, NULL);
sigrdataset, 0,
NULL);
if (result != ISC_R_SUCCESS &&
result != DNS_R_UNCHANGED)
break;
}
if (ANSWER(rdataset)) {
/*
* XXXRTH We should probably do this