upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2026-01-02 04:49:34 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

- Fix for zonemd, that domain-insecure zones work without dnssec.

Browse source
This commit is contained in:
W.C.A. Wijngaards 2021-02-23 17:03:23 +01:00
parent 7ec290255d
commit c802298fca
2 changed files with 11 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
doc/Changelog
View file

@ -1,3 +1,6 @@
23 February 2021: Wouter
- Fix for zonemd, that domain-insecure zones work without dnssec.
22 February 2021: Wouter
- Fix #431: Squelch permission denied errors for tcp connect
and udp connect from the logs, unless at high verbosity.

9
services/authzone.c
View file

@ -8243,7 +8243,14 @@ void auth_zone_verify_zonemd(struct auth_zone* z, struct module_env* env,
if(env->anchors)
anchor = anchors_lookup(env->anchors, z->name, z->namelen,
z->dclass);
if(anchor && query_dname_compare(z->name, anchor->name) == 0) {
if(anchor && anchor->numDS == 0 && anchor->numDNSKEY == 0) {
/* domain-insecure trust anchor for unsigned zones */
lock_basic_unlock(&anchor->lock);
if(only_online)
return;
dnskey = NULL;
is_insecure = 1;
} else if(anchor && query_dname_compare(z->name, anchor->name) == 0) {
if(only_online) {
lock_basic_unlock(&anchor->lock);
return;