]> granicus.if.org Git - pdns/commitdiff
aj reported that we increase "dnssec-validations" counter even when running
authorbert hubert <bert.hubert@netherlabs.nl>
Wed, 11 Apr 2018 08:15:57 +0000 (10:15 +0200)
committerbert hubert <bert.hubert@netherlabs.nl>
Wed, 11 Apr 2018 08:15:57 +0000 (10:15 +0200)
with process-no-validate.  This can be caused by us receiving queries for
special names ('localhost', 'version.bind') which we explicitly mark as
Insecure. This led our statistics to conclude a validation attempt had taken place.
This commit puts the update check behind 'shouldValidate()'.

pdns/syncres.cc

index e4357201ad40691827ed12393f48d8f145e1958a..4415c59cf7d87b45808eb3cb55ee44730a090883 100644 (file)
@@ -140,10 +140,10 @@ int SyncRes::beginResolve(const DNSName &qname, const QType &qtype, uint16_t qcl
   int res=doResolve(qname, qtype, ret, 0, beenthere, state);
   d_queryValidationState = state;
 
-  if (d_queryValidationState != Indeterminate) {
-    g_stats.dnssecValidations++;
-  }
   if (shouldValidate()) {
+    if (d_queryValidationState != Indeterminate) {
+      g_stats.dnssecValidations++;
+    }
     increaseDNSSECStateCounter(d_queryValidationState);
   }