From 3ddacb86e9cc4fca9c315138edeb4d04103647bf Mon Sep 17 00:00:00 2001
From: Simon Kelley <simon@thekelleys.org.uk>
Date: Wed, 8 Jan 2014 14:32:03 +0000
Subject: [PATCH] Ensure cache is big enough to do DNSSEC.

---
 src/dnsmasq.c | 21 ++++++++++++---------
 1 file changed, 12 insertions(+), 9 deletions(-)

diff --git a/src/dnsmasq.c b/src/dnsmasq.c
index 27928fe..c77f355 100644
--- a/src/dnsmasq.c
+++ b/src/dnsmasq.c
@@ -82,13 +82,6 @@ int main (int argc, char **argv)
 
   read_opts(argc, argv, compile_opts);
  
-#ifdef HAVE_DNSSEC
-  if (option_bool(OPT_DNSSEC_VALID))
-    if (daemon->doctors) exit(1); /* TODO */
-  
-  daemon->keyname = safe_malloc(MAXDNAME);
-#endif
-
   if (daemon->edns_pktsz < PACKETSZ)
     daemon->edns_pktsz = PACKETSZ;
 #ifdef HAVE_DNSSEC
@@ -96,12 +89,17 @@ int main (int argc, char **argv)
   if (option_bool(OPT_DNSSEC_VALID) && daemon->edns_pktsz < EDNS_PKTSZ)
     daemon->edns_pktsz = EDNS_PKTSZ;
 #endif
+
   daemon->packet_buff_sz = daemon->edns_pktsz > DNSMASQ_PACKETSZ ? 
     daemon->edns_pktsz : DNSMASQ_PACKETSZ;
   daemon->packet = safe_malloc(daemon->packet_buff_sz);
-
+  
   daemon->addrbuff = safe_malloc(ADDRSTRLEN);
-
+  
+#ifdef HAVE_DNSSEC
+  if (option_bool(OPT_DNSSEC_VALID))
+    daemon->keyname = safe_malloc(MAXDNAME);
+#endif
 
 #ifdef HAVE_DHCP
   if (!daemon->lease_file)
@@ -143,6 +141,11 @@ int main (int argc, char **argv)
     }
 #endif
   
+#ifdef HAVE_DNSSEC
+  if (daemon->cachesize <CACHESIZ && option_bool(OPT_DNSSEC_VALID))
+    die(_("Cannot reduce cache size from default when DNSSEC enabled"), NULL, EC_BADCONF);
+#endif
+
 #ifndef HAVE_TFTP
   if (option_bool(OPT_TFTP))
     die(_("TFTP server not available: set HAVE_TFTP in src/config.h"), NULL, EC_BADCONF);