diff options
author | Simon Kelley <simon@thekelleys.org.uk> | 2014-02-11 11:07:22 +0000 |
---|---|---|
committer | Simon Kelley <simon@thekelleys.org.uk> | 2014-02-11 11:07:22 +0000 |
commit | ee4158678a5c5281cbbf38cd8f36b98df6d1b159 (patch) | |
tree | ffc21a5ff89491983ab00efcc2a511744552b260 /src/rfc1035.c | |
parent | 83349b8aa4f8667f611918b9189446b0e93fc2bb (diff) | |
download | dnsmasq-ee4158678a5c5281cbbf38cd8f36b98df6d1b159.tar.gz |
Use DS records as trust anchors, not DNSKEYs.v2.69test8
This allows us to query for the root zone DNSKEY RRset and validate
it, thus automatically handling KSK rollover.
Diffstat (limited to 'src/rfc1035.c')
-rw-r--r-- | src/rfc1035.c | 25 |
1 files changed, 11 insertions, 14 deletions
diff --git a/src/rfc1035.c b/src/rfc1035.c index c58b9ff..b8e0f18 100644 --- a/src/rfc1035.c +++ b/src/rfc1035.c @@ -1599,20 +1599,17 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen, while ((crecp = cache_find_by_name(crecp, name, now, F_DNSKEY))) if (crecp->uid == qclass) { - if (!(crecp->flags & F_CONFIG)) /* Don't return configured keys - send upstream instead */ - { - gotone = 1; - if (!dryrun && (keydata = blockdata_retrieve(crecp->addr.key.keydata, crecp->addr.key.keylen, NULL))) - { - struct all_addr a; - a.addr.keytag = crecp->addr.key.keytag; - log_query(F_KEYTAG | (crecp->flags & F_CONFIG), name, &a, "DNSKEY keytag %u"); - if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, - crec_ttl(crecp, now), &nameoffset, - T_DNSKEY, qclass, "sbbt", - crecp->addr.key.flags, 3, crecp->addr.key.algo, crecp->addr.key.keylen, keydata)) - anscount++; - } + gotone = 1; + if (!dryrun && (keydata = blockdata_retrieve(crecp->addr.key.keydata, crecp->addr.key.keylen, NULL))) + { + struct all_addr a; + a.addr.keytag = crecp->addr.key.keytag; + log_query(F_KEYTAG | (crecp->flags & F_CONFIG), name, &a, "DNSKEY keytag %u"); + if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, + crec_ttl(crecp, now), &nameoffset, + T_DNSKEY, qclass, "sbbt", + crecp->addr.key.flags, 3, crecp->addr.key.algo, crecp->addr.key.keylen, keydata)) + anscount++; } } } |