From e3ec15af106eda302a537a3570d6527933fa1494 Mon Sep 17 00:00:00 2001
From: Simon Kelley <simon@thekelleys.org.uk>
Date: Thu, 13 Feb 2014 16:56:30 +0000
Subject: Log BOGUS validation result when upstream sends SERVFAIL.

---
 src/dnssec.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/dnssec.c b/src/dnssec.c
index 30d1a26..13e6787 100644
--- a/src/dnssec.c
+++ b/src/dnssec.c
@@ -1127,6 +1127,9 @@ int dnssec_validate_reply(time_t now, struct dns_header *header, size_t plen, ch
   int type1, class1, rdlen1, type2, class2, rdlen2;
   int i, j, rc, have_nsec, have_nsec_equal, cname_count = 5;
 
+  if (RCODE(header) == SERVFAIL)
+    return STAT_BOGUS;
+  
   if ((RCODE(header) != NXDOMAIN && RCODE(header) != NOERROR) || ntohs(header->qdcount) != 1)
     return STAT_INSECURE;
   
-- 
cgit v1.2.1