Pi-Hole/dnsmasq
1
0
Fork 0
mirror of https://github.com/pi-hole/dnsmasq.git synced 2025-12-19 10:18:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

DNSSEC: unsigned RRs in the auth section are not bogus.

Browse Source 
Even if they are in a signed zone.
This commit is contained in:
Simon Kelley
2019-09-03 16:49:02 +01:00
parent ae7a3b9d2e
commit 69a0477b74
2 changed files with 12 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
CHANGELOG
View File

@@ -46,10 +46,9 @@ version 2.81
Fix compilation against nettle version 3.5 and later.
Fix spurious DNSSEC validation failures when the auth section
of a reply proving that a DS record does not exist contains
unsigned RRs. Only the NSEC/NSEC3 records needed to prove
the non-existence of the DS record must be signed. Thanks
to Tore Anderson for spotting and diagnosing the bug.
of a reply contains unsigned RRs from a signed zone,
with the exception that NSEC and NSEC3 RRs must always be signed.
Thanks to Tore Anderson for spotting and diagnosing the bug.
version 2.80