mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-31 14:35:26 +00:00
Code Issues Releases Wiki Activity

[master] complete NTA work

Browse Source 
3882.	[func]		By default, negative trust anchors will be tested
			periodically to see whether data below them can be
			validated, and if so, they will be allowed to
			expire early. The "rndc nta -force" option
			overrides this behvaior.  The default NTA lifetime
			and the recheck frequency can be configured by the
			"nta-lifetime" and "nta-recheck" options. [RT #36146]
This commit is contained in:
Evan Hunt
2014-06-18 16:47:22 -07:00
parent 8eb2d262dc
commit b8a9632333
29 changed files with 802 additions and 169 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
lib/dns/validator.c
View File

@@ -1139,6 +1139,9 @@ create_fetch(dns_validator_t *val, dns_name_t *name, dns_rdatatype_t type,
if ((val->options & DNS_VALIDATOR_NOCDFLAG) != 0)
fopts |= DNS_FETCHOPT_NOCDFLAG;
if ((val->options & DNS_VALIDATOR_NONTA) != 0)
fopts |= DNS_FETCHOPT_NONTA;
validator_logcreate(val, name, type, caller, "fetch");
return (dns_resolver_createfetch(val->view->resolver, name, type,
NULL, NULL, NULL, fopts,
@@ -3164,7 +3167,8 @@ finddlvsep(dns_validator_t *val, isc_boolean_t resume) {
return (DNS_R_NOVALIDSIG);
}
if (dns_view_ntacovers(val->view, val->start, dlvname, val->view->dlv))
if (((val->options & DNS_VALIDATOR_NONTA) == 0) &&
dns_view_ntacovers(val->view, val->start, dlvname, val->view->dlv))
return (DNS_R_NTACOVERED);
while (dns_name_countlabels(dlvname) >=