| commit | e3ec15af106eda302a537a3570d6527933fa1494 | [log] [tgz] |
|---|---|---|
| author | Simon Kelley <simon@thekelleys.org.uk> | Thu Feb 13 16:56:30 2014 +0000 |
| committer | Simon Kelley <simon@thekelleys.org.uk> | Thu Feb 13 16:56:30 2014 +0000 |
| tree | 6592c3dfed6a2ce8b2cd22c1df1a9a8ba6a83e1c | |
| parent | dac74312da3341e620195b75bf2ab4d759948611 [diff] |
Log BOGUS validation result when upstream sends SERVFAIL.
diff --git a/src/dnssec.c b/src/dnssec.c index 30d1a26..13e6787 100644 --- a/src/dnssec.c +++ b/src/dnssec.c
@@ -1127,6 +1127,9 @@ int type1, class1, rdlen1, type2, class2, rdlen2; int i, j, rc, have_nsec, have_nsec_equal, cname_count = 5; + if (RCODE(header) == SERVFAIL) + return STAT_BOGUS; + if ((RCODE(header) != NXDOMAIN && RCODE(header) != NOERROR) || ntohs(header->qdcount) != 1) return STAT_INSECURE;