mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-22 01:59:26 +00:00
Code Issues Releases Wiki Activity

fixup! Allow negative RRSIGs in the qpcache again

Browse Source
This commit is contained in:
Ondřej Surý 2025-08-21 17:47:29 +02:00
parent 7235a733e0
commit 8fce84f194
No known key found for this signature in database
GPG Key ID: 2820F37E873DEA41
1 changed files with 4 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
lib/dns/qpcache.c
View File

@ -1540,11 +1540,6 @@ qpcache_find(dns_db_t *db, const dns_name_t *name, dns_dbversion_t *version,
dns_slabheader_t *nsecheader = NULL, *nsecsig = NULL;
dns_typepair_t typepair, sigpair;
if (type == dns_rdatatype_none) {
/* We can't search negative cache directly */
return ISC_R_NOTFOUND;
}
qpc_search_t search;
qpc_search_init(&search, (qpcache_t *)db, options, __now);
@ -1629,10 +1624,11 @@ qpcache_find(dns_db_t *db, const dns_name_t *name, dns_dbversion_t *version,
/*
* Certain DNSSEC types are not subject to CNAME matching
* (RFC4035, section 2.5 and RFC3007).
*
* We don't check for RRSIG, because we don't store RRSIG records
* directly.
*/
if (type == dns_rdatatype_key || type == dns_rdatatype_nsec ||
type == dns_rdatatype_rrsig)
{
if (type == dns_rdatatype_key || type == dns_rdatatype_nsec) {
cname_ok = false;
}