Remove --dnssec-permissive, pointless if we don't set CD upstream.

2025-12-19 18:28:25 +00:00 · 2014-01-26 09:33:21 +00:00
parent 703c7ff429
commit 7d23a66ff0
3 changed files with 4 additions and 20 deletions
--- a/src/forward.c
+++ b/src/forward.c
@@ -608,20 +608,7 @@ static size_t process_reply(struct dns_header *header, time_t now, struct server
 #ifdef HAVE_DNSSEC
  if (no_cache && !(header->hb4 & HB4_CD)) 
    {
-      if (option_bool(OPT_DNSSEC_PERMISS))
-	{
-	  unsigned short type;
-	  char types[20];
-	  
-	  if (extract_request(header, (size_t)n, daemon->namebuff, &type))
-	    {
-	      querystr("", types, type);
-	      my_syslog(LOG_WARNING, _("DNSSEC validation failed: query %s%s"), daemon->namebuff, types);
-	    }
-	  else
-	    my_syslog(LOG_WARNING, _("DNSSEC validation failed for unknown query"));
-	}
-      else
+      if (!option_bool(OPT_DNSSEC_DEBUG))
 	{
 	  /* Bogus reply, turn into SERVFAIL */
 	  SET_RCODE(header, SERVFAIL);