upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2025-12-20 23:00:56 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

- Fix validation of qtype DS queries that result in no data for

Browse source 
non-optout NSEC3 zones.


git-svn-id: file:///svn/unbound/trunk@2712 be551aaa-1e26-0410-a405-d3ace91eadb9
This commit is contained in:
Wouter Wijngaards 2012-07-06 13:56:44 +00:00
parent 6cab3a1dda
commit d4f49a7a40
2 changed files with 6 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
doc/Changelog
View file

@ -1,3 +1,7 @@
6 July 2012: Wouter
- Fix validation of qtype DS queries that result in no data for
non-optout NSEC3 zones.
4 July 2012: Wouter
- compile libunbound with libnss on Suse, passes regression tests.

4
validator/val_nsec3.c
View file

@ -1171,8 +1171,8 @@ nsec3_do_prove_nodata(struct module_env* env, struct nsec3_filter* flt,
* If not type DS: matching nsec3 must not be a delegation.
*/
if(qinfo->qtype == LDNS_RR_TYPE_DS && qinfo->qname_len != 1
&& nsec3_has_type(rrset, rr, LDNS_RR_TYPE_SOA &&
!dname_is_root(qinfo->qname))) {
&& nsec3_has_type(rrset, rr, LDNS_RR_TYPE_SOA) &&
!dname_is_root(qinfo->qname)) {
verbose(VERB_ALGO, "proveNodata: apex NSEC3 "
"abused for no DS proof, bogus");
return sec_status_bogus;