]> granicus.if.org Git - pdns/commit
projects / pdns / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: e063342) | patch
NSEC3 optout and Bogus insecure forward fixes
authorPieter Lexis <pieter.lexis@powerdns.com>
Fri, 21 Oct 2016 10:33:41 +0000 (12:33 +0200)
committerPieter Lexis <pieter.lexis@powerdns.com>
Fri, 21 Oct 2016 10:51:20 +0000 (12:51 +0200)
commitff30823a0c40f9949034c669e61affe333061690
tree8003e0b2550ca315e88e9373ff9e400033a62dd6tree | snapshot
parente0633422a2db20ea17968723b1f895b1741d7a0fcommit | diff
NSEC3 optout and Bogus insecure forward fixes

After the change to zonecuts to find key material, the NSEC3 checking
returned an (incorrect) 'covering nxdomain' for a forwarded subzone with
no DS record in its parent. After fixing this, the NSEC3 optout test
failed as Bogus (instead of insecure). This was fixed by actually
checking the optout flag on a delegation NSEC3 record.
pdns/validate.cc diff | blob | history
pdns/validate.hh diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.