Pi-Hole/dnsmasq
1
0
Fork 0
mirror of https://github.com/pi-hole/dnsmasq.git synced 2025-12-19 18:28:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Don't cache secure replies which we've messsed with.

Browse Source
This commit is contained in:
Simon Kelley
2014-03-01 20:08:58 +00:00
parent 1fbe4d2f5f
commit d1fbb77e0f
1 changed files with 4 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
src/rfc1035.c
View File

@@ -917,8 +917,8 @@ int extract_addresses(struct dns_header *header, size_t qlen, char *name, time_t
searched_soa = 1; searched_soa = 1;
ttl = find_soa(header, qlen, name, doctored); ttl = find_soa(header, qlen, name, doctored);
#ifdef HAVE_DNSSEC #ifdef HAVE_DNSSEC
if (*doctored) if (*doctored && secure)
secure = 0; return 0;
#endif #endif
} }
@@ -988,9 +988,8 @@ int extract_addresses(struct dns_header *header, size_t qlen, char *name, time_t
if (aqtype == T_CNAME) if (aqtype == T_CNAME)
{ {
if (!cname_count--) if (!cname_count-- || secure)
return 0; /* looped CNAMES */ return 0; /* looped CNAMES, or DNSSEC, which we can't cache. */
secflag = 0; /* no longer DNSSEC */
goto cname_loop; goto cname_loop;
} }