Pi-Hole/dnsmasq
1
0
Fork 0
mirror of https://github.com/pi-hole/dnsmasq.git synced 2025-12-19 18:28:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Use DS records as trust anchors, not DNSKEYs.

Browse Source 
This allows us to query for the root zone DNSKEY RRset and validate
it, thus automatically handling KSK rollover.
This commit is contained in:
Simon Kelley
2014-02-11 11:07:22 +00:00
parent 83349b8aa4
commit ee4158678a
8 changed files with 85 additions and 120 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/dnsmasq.c
View File

@@ -144,7 +144,7 @@ int main (int argc, char **argv)
if (option_bool(OPT_DNSSEC_VALID))
{
#ifdef HAVE_DNSSEC
if (!daemon->dnskeys)
if (!daemon->ds)
die(_("No trust anchors provided for DNSSEC"), NULL, EC_BADCONF);
if (daemon->cachesize < CACHESIZ)