Pi-Hole/dnsmasq
1
0
Fork 0
mirror of https://github.com/pi-hole/dnsmasq.git synced 2025-12-19 10:18:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

DNSSEC: Handle non-root trust anchors, and check we have a root trust anchor.

Browse Source
This commit is contained in:
Simon Kelley
2016-01-12 11:28:58 +00:00
parent 5757371d43
commit a63b8b89e6
2 changed files with 28 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
src/dnsmasq.c
View File

@@ -169,8 +169,16 @@ int main (int argc, char **argv)
if (option_bool(OPT_DNSSEC_VALID))
{
#ifdef HAVE_DNSSEC
if (!daemon->ds)
die(_("no trust anchors provided for DNSSEC"), NULL, EC_BADCONF);
struct ds_config *ds;
/* Must have at least a root trust anchor, or the DNSSEC code
can loop forever. */
for (ds = daemon->ds; ds; ds = ds->next)
if (ds->name[0] == 0)
break;
if (!ds)
die(_("no root trust anchor provided for DNSSEC"), NULL, EC_BADCONF);
if (daemon->cachesize < CACHESIZ)
die(_("cannot reduce cache size from default when DNSSEC enabled"), NULL, EC_BADCONF);