Pi-Hole/dnsmasq
1
0
Fork 0
mirror of https://github.com/pi-hole/dnsmasq.git synced 2025-12-19 18:28:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

More DNSSEC caching logic, and avoid repeated validation of DS/DNSKEY

Browse Source
This commit is contained in:
Simon Kelley
2014-01-25 16:40:15 +00:00
parent 2d33bda2e6
commit 0744ca66ad
4 changed files with 89 additions and 85 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
src/dnsmasq.c
View File

@@ -141,10 +141,18 @@ int main (int argc, char **argv)
}
#endif
if (option_bool(OPT_DNSSEC_VALID))
{
#ifdef HAVE_DNSSEC
if (daemon->cachesize <CACHESIZ && option_bool(OPT_DNSSEC_VALID))
die(_("Cannot reduce cache size from default when DNSSEC enabled"), NULL, EC_BADCONF);
if (!daemon->dnskeys)
die(_("No trust anchors provided for DNSSEC"), NULL, EC_BADCONF);
if (daemon->cachesize < CACHESIZ)
die(_("Cannot reduce cache size from default when DNSSEC enabled"), NULL, EC_BADCONF);
#else
die(_("DNSSEC not available: set HAVE_DNSSEC in src/config.h"), NULL, EC_BADCONF);
#endif
}
#ifndef HAVE_TFTP
if (option_bool(OPT_TFTP))