upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2025-12-20 23:00:56 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

dnssec lameness detection looks in key cache if dnssec is expected.

Browse source 
git-svn-id: file:///svn/unbound/trunk@2104 be551aaa-1e26-0410-a405-d3ace91eadb9
This commit is contained in:
Wouter Wijngaards 2010-04-29 12:36:12 +00:00
parent 0a6ad89984
commit cccba6e2c7
2 changed files with 17 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
doc/Changelog
View file

@ -1,3 +1,6 @@
29 April 2010: Wouter
- Fix for dnssec lameness detection to use the key cache.
28 April 2010: Wouter 28 April 2010: Wouter
- ldns tarball updated and GOST support is detected and then enabled. - ldns tarball updated and GOST support is detected and then enabled.
- iana portlist updated. - iana portlist updated.

14
iterator/iter_utils.c
View file

@ -60,6 +60,8 @@
#include "util/random.h" #include "util/random.h"
#include "util/fptr_wlist.h" #include "util/fptr_wlist.h"
#include "validator/val_anchor.h" #include "validator/val_anchor.h"
#include "validator/val_kcache.h"
#include "validator/val_kentry.h"
/** time when nameserver glue is said to be 'recent' */ /** time when nameserver glue is said to be 'recent' */
#define SUSPICION_RECENT_EXPIRY 86400 #define SUSPICION_RECENT_EXPIRY 86400
@ -570,6 +572,18 @@ iter_indicates_dnssec(struct module_env* env, struct delegpt* dp,
reply_find_rrset_section_ns(msg->rep, dp->name, dp->namelen, reply_find_rrset_section_ns(msg->rep, dp->name, dp->namelen,
LDNS_RR_TYPE_DS, dclass)) LDNS_RR_TYPE_DS, dclass))
return 1; return 1;
/* look in key cache */
if(env->key_cache) {
struct key_entry_key* kk = key_cache_obtain(env->key_cache,
dp->name, dp->namelen, dclass, env->scratch, *env->now);
if(kk) {
if(key_entry_isgood(kk) || key_entry_isbad(kk)) {
regional_free_all(env->scratch);
return 1;
}
regional_free_all(env->scratch);
}
}
return 0; return 0;
} }