diff options
| author | Simon Kelley <simon@thekelleys.org.uk> | 2014-02-13 16:56:30 +0000 |
|---|---|---|
| committer | Simon Kelley <simon@thekelleys.org.uk> | 2014-02-13 16:56:30 +0000 |
| commit | e3ec15af106eda302a537a3570d6527933fa1494 (patch) | |
| tree | 6592c3dfed6a2ce8b2cd22c1df1a9a8ba6a83e1c | |
| parent | dac74312da3341e620195b75bf2ab4d759948611 (diff) | |
| download | dnsmasq-e3ec15af106eda302a537a3570d6527933fa1494.tar.gz | |
Log BOGUS validation result when upstream sends SERVFAIL.
| -rw-r--r-- | src/dnssec.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/src/dnssec.c b/src/dnssec.c index 30d1a26..13e6787 100644 --- a/src/dnssec.c +++ b/src/dnssec.c @@ -1127,6 +1127,9 @@ int dnssec_validate_reply(time_t now, struct dns_header *header, size_t plen, ch int type1, class1, rdlen1, type2, class2, rdlen2; int i, j, rc, have_nsec, have_nsec_equal, cname_count = 5; + if (RCODE(header) == SERVFAIL) + return STAT_BOGUS; + if ((RCODE(header) != NXDOMAIN && RCODE(header) != NOERROR) || ntohs(header->qdcount) != 1) return STAT_INSECURE; |