Pi-Hole/dnsmasq
1
0
Fork 0
mirror of https://github.com/pi-hole/dnsmasq.git synced 2025-12-19 10:18:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Treat ANY queries the same as CNAME queries WRT to DNSSEC on CNAME targets.

Browse Source
This commit is contained in:
Simon Kelley
2021-09-08 21:19:15 +01:00
parent 1ce1c6beae
commit c4523639d5
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/dnssec.c
View File

@@ -1893,7 +1893,7 @@ int dnssec_validate_reply(time_t now, struct dns_header *header, size_t plen, ch
/* Find all the targets we're looking for answers to. /* Find all the targets we're looking for answers to.
The zeroth array element is for the query, subsequent ones The zeroth array element is for the query, subsequent ones
for CNAME targets, unless the query is for a CNAME. */ for CNAME targets, unless the query is for a CNAME or ANY. */
if (!expand_workspace(&targets, &target_sz, 0)) if (!expand_workspace(&targets, &target_sz, 0))
return STAT_BOGUS; return STAT_BOGUS;
@@ -1912,7 +1912,7 @@ int dnssec_validate_reply(time_t now, struct dns_header *header, size_t plen, ch
if (qtype == T_RRSIG) if (qtype == T_RRSIG)
return STAT_INSECURE; return STAT_INSECURE;
if (qtype != T_CNAME) if (qtype != T_CNAME && qtype != T_ANY)
for (j = ntohs(header->ancount); j != 0; j--) for (j = ntohs(header->ancount); j != 0; j--)
{ {
if (!(p1 = skip_name(p1, header, plen, 10))) if (!(p1 = skip_name(p1, header, plen, 10)))