Pi-Hole/dnsmasq
1
0
Fork 0
mirror of https://github.com/pi-hole/dnsmasq.git synced 2025-12-20 02:38:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix DNSSEC validation of ANY queries.

Browse Source
This commit is contained in:
Simon Kelley
2014-04-29 13:02:41 +01:00
parent 1fc02680af
commit 9d1b22aac2
2 changed files with 17 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
CHANGELOG
View File

@@ -1,3 +1,17 @@
version 2.71
Subtle change to error handling to help DNSSEC validation
when servers fail to provide NODATA answers for
non-existent DS records.
Tweak code which removes DNSSEC records from answers when
not required. Fixes broken answers when additional section
has real records in it. Thanks to Marco Davids for the bug
report.
Fix DNSSEC validation of ANY queries. Thanks to Marco Davids
for spotting that too.
version 2.70 version 2.70
Fix crash, introduced in 2.69, on TCP request when dnsmasq Fix crash, introduced in 2.69, on TCP request when dnsmasq
compiled with DNSSEC support, but running without DNSSEC compiled with DNSSEC support, but running without DNSSEC

3
src/dnssec.c
View File

@@ -1683,6 +1683,9 @@ int dnssec_validate_reply(time_t now, struct dns_header *header, size_t plen, ch
GETSHORT(qclass, p1); GETSHORT(qclass, p1);
ans_start = p1; ans_start = p1;
if (qtype == T_ANY)
have_answer = 1;
/* Can't validate an RRISG query */ /* Can't validate an RRISG query */
if (qtype == T_RRSIG) if (qtype == T_RRSIG)
return STAT_INSECURE; return STAT_INSECURE;