mirror of
https://github.com/isc-projects/bind9.git
synced 2026-07-05 15:37:08 -04:00
An unvalidated NXDOMAIN (e.g. from a CD=1 query) marked every RRset at the name ancient without checking trust, evicting DNSSEC-validated data. Keep the cache unchanged when any existing RRset is already secure. dns_ncache_add() now returns DNS_R_UNCHANGED for the rejected add; negcache() serves a matching cached negative or the queried type, else SERVFAIL (never the unrelated RRset the add bound), and rctx_ncache() forwards it so the fetch fails fast. |
||
|---|---|---|
| .. | ||
| dns | ||
| isc | ||
| isccc | ||
| isccfg | ||
| ns | ||
| .gitignore | ||
| meson.build | ||