From 7b03403efdff1691a56b2d1eb658afd6d427548f Mon Sep 17 00:00:00 2001
From: Wouter Wijngaards <wouter@nlnetlabs.nl>
Date: Mon, 13 Jul 2009 14:14:11 +0000
Subject: [PATCH] examine dnskey on child side retry.

git-svn-id: file:///svn/unbound/trunk@1716 be551aaa-1e26-0410-a405-d3ace91eadb9
---
 doc/TODO | 1 +
 1 file changed, 1 insertion(+)

diff --git a/doc/TODO b/doc/TODO
index 1cbdc89c0..cfea065ad 100644
--- a/doc/TODO
+++ b/doc/TODO
@@ -142,6 +142,7 @@ Triggered by a trust anchor or by a signed DS record for a zone.
     The dnssec retry scheme works without this cache entry.
   * If the key cache entry 'being-backed-off' is true and isdata then:
 	The parent is backedoff, it must be the childs fault. Retry to child.
+	if the child-dnskey is bogus, then retry is useless, stop.
 	Perform a child-retry - purge dataonly, childside, mark
 	data-IPaddress from child as to avoid-forquery. counterperquery,
 	max is 3, if reached, set this data element RRset&msg to the