From c4523639d54973d92978db4fd9b156530470fe96 Mon Sep 17 00:00:00 2001 From: Simon Kelley Date: Wed, 8 Sep 2021 21:19:15 +0100 Subject: [PATCH] Treat ANY queries the same as CNAME queries WRT to DNSSEC on CNAME targets. --- src/dnssec.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/dnssec.c b/src/dnssec.c index 94ebb6f..153cac4 100644 --- a/src/dnssec.c +++ b/src/dnssec.c @@ -1893,7 +1893,7 @@ int dnssec_validate_reply(time_t now, struct dns_header *header, size_t plen, ch /* Find all the targets we're looking for answers to. The zeroth array element is for the query, subsequent ones - for CNAME targets, unless the query is for a CNAME. */ + for CNAME targets, unless the query is for a CNAME or ANY. */ if (!expand_workspace(&targets, &target_sz, 0)) return STAT_BOGUS; @@ -1912,7 +1912,7 @@ int dnssec_validate_reply(time_t now, struct dns_header *header, size_t plen, ch if (qtype == T_RRSIG) return STAT_INSECURE; - if (qtype != T_CNAME) + if (qtype != T_CNAME && qtype != T_ANY) for (j = ntohs(header->ancount); j != 0; j--) { if (!(p1 = skip_name(p1, header, plen, 10)))