From f65d21001244416d073addcbcfdb722c385f930d Mon Sep 17 00:00:00 2001 From: Simon Kelley Date: Thu, 26 May 2022 14:49:10 +0100 Subject: [PATCH] Fix outdated comment. --- src/dnssec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/dnssec.c b/src/dnssec.c index 9965eea..daf679e 100644 --- a/src/dnssec.c +++ b/src/dnssec.c @@ -1851,7 +1851,7 @@ static int zone_status(char *name, int class, char *keyname, time_t now) STAT_NEED_DS need DS to complete validation (name is returned in keyname) daemon->rr_status points to a char array which corressponds to the RRs in the - answer and auth sections. This is set to 1 for each RR which is validated, and 0 for any which aren't. + answer and auth sections. This is set to >1 for each RR which is validated, and 0 for any which aren't. When validating replies to DS records, we're only interested in the NSEC{3} RRs in the auth section. Other RRs in that section missing sigs will not cause am INSECURE reply. We determine this mode