Treat ANY queries the same as CNAME queries WRT to DNSSEC on CNAME targets.v2.86

author: Simon Kelley <simon@thekelleys.org.uk> 2021-09-08 21:19:15 +0100
committer: Simon Kelley <simon@thekelleys.org.uk> 2021-09-08 21:21:22 +0100
commit: cac9ca38f62437c65464f58fc54342c7f294c40b (patch)
tree: ac7fdaf52f22d23eb5c886d6888db1b5d7dd7ff6
parent: 51d56df7a3a125e117b3278cab16281c85500287 (diff)
download: dnsmasq-cac9ca38f62437c65464f58fc54342c7f294c40b.tar.gz
1 files changed, 2 insertions, 2 deletions
diff --git a/src/dnssec.c b/src/dnssec.c
index 94ebb6f..153cac4 100644
--- a/src/dnssec.c
+++ b/src/dnssec.c
@@ -1893,7 +1893,7 @@ int dnssec_validate_reply(time_t now, struct dns_header *header, size_t plen, ch
   
    /* Find all the targets we're looking for answers to.
      The zeroth array element is for the query, subsequent ones
-     for CNAME targets, unless the query is for a CNAME. */
+     for CNAME targets, unless the query is for a CNAME or ANY. */
 
   if (!expand_workspace(&targets, &target_sz, 0))
     return STAT_BOGUS;
@@ -1912,7 +1912,7 @@ int dnssec_validate_reply(time_t now, struct dns_header *header, size_t plen, ch
   if (qtype == T_RRSIG)
     return STAT_INSECURE;
   
-  if (qtype != T_CNAME)
+  if (qtype != T_CNAME && qtype != T_ANY)
     for (j = ntohs(header->ancount); j != 0; j--) 
       {
 	if (!(p1 = skip_name(p1, header, plen, 10)))
author	Simon Kelley <simon@thekelleys.org.uk>	2021-09-08 21:19:15 +0100
committer	Simon Kelley <simon@thekelleys.org.uk>	2021-09-08 21:21:22 +0100
commit	cac9ca38f62437c65464f58fc54342c7f294c40b (patch)
tree	ac7fdaf52f22d23eb5c886d6888db1b5d7dd7ff6
parent	51d56df7a3a125e117b3278cab16281c85500287 (diff)
download	dnsmasq-cac9ca38f62437c65464f58fc54342c7f294c40b.tar.gz