Update NSEC3 iterations handling to conform with RFC 9276.

2025-12-19 10:18:25 +00:00 · 2023-12-31 23:28:11 +00:00
parent be73efc020
commit 51471cafa5
2 changed files with 59 additions and 52 deletions
--- a/src/dnsmasq.h
+++ b/src/dnsmasq.h
@@ -757,6 +757,8 @@ struct dyndir {
 #define DNSSEC_FAIL_NONSEC      0x0040 /* No NSEC */
 #define DNSSEC_FAIL_NODSSUP     0x0080 /* no supported DS algo. */
 #define DNSSEC_FAIL_NOKEY       0x0100 /* no DNSKEY */
+#define DNSSEC_FAIL_NSEC3_ITERS 0x0200 /* too many iterations in NSEC3 */
+#define DNSSEC_FAIL_BADPACKET   0x0400 /* bad packet */

 #define STAT_ISEQUAL(a, b)  (((a) & 0xffff0000) == (b))