Pi-Hole/dnsmasq
1
0
Fork 0
mirror of https://github.com/pi-hole/dnsmasq.git synced 2025-12-19 18:28:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Treat DS and DNSKEY queries being forwarded the same as those locally originated.

Browse Source 
The queries will not be forwarded to a server for a domain, unless
there's a trust anchor provided for that domain. This allows, especially,
suitable proof of non-existance for DS records to come from
the parent domain for domains which are not signed.
This commit is contained in:
Simon Kelley
2018-12-16 18:21:58 +00:00
parent d46ee724fc
commit 07e25da5bf
1 changed files with 7 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
src/rfc1035.c
View File

@@ -916,6 +916,13 @@ unsigned int extract_request(struct dns_header *header, size_t qlen, char *name,
if (qtype == T_ANY) if (qtype == T_ANY)
return F_IPV4 | F_IPV6; return F_IPV4 | F_IPV6;
} }
/* F_DNSSECOK as agument to search_servers() inhibits forwarding
to servers for domains without a trust anchor. This make the
behaviour for DS and DNSKEY queries we forward the same
as for DS and DNSKEY queries we originate. */
if (qtype == T_DS || qtype == T_DNSKEY)
return F_DNSSECOK;
return F_QUERY; return F_QUERY;
} }