diff options
author | Simon Kelley <simon@thekelleys.org.uk> | 2014-04-29 13:02:41 +0100 |
---|---|---|
committer | Simon Kelley <simon@thekelleys.org.uk> | 2014-04-29 13:02:41 +0100 |
commit | 9d1b22aac29cfe0d820e6f49fa089a5a67d1b2ec (patch) | |
tree | 3ad295337c97091e7f6e29adf58ccbbabd6c9de1 | |
parent | 1fc02680afbc5f263321cfa2c0101820246d79cb (diff) | |
download | dnsmasq-9d1b22aac29cfe0d820e6f49fa089a5a67d1b2ec.tar.gz |
Fix DNSSEC validation of ANY queries.
-rw-r--r-- | CHANGELOG | 14 | ||||
-rw-r--r-- | src/dnssec.c | 3 |
2 files changed, 17 insertions, 0 deletions
@@ -1,3 +1,17 @@ +version 2.71 + Subtle change to error handling to help DNSSEC validation + when servers fail to provide NODATA answers for + non-existent DS records. + + Tweak code which removes DNSSEC records from answers when + not required. Fixes broken answers when additional section + has real records in it. Thanks to Marco Davids for the bug + report. + + Fix DNSSEC validation of ANY queries. Thanks to Marco Davids + for spotting that too. + + version 2.70 Fix crash, introduced in 2.69, on TCP request when dnsmasq compiled with DNSSEC support, but running without DNSSEC diff --git a/src/dnssec.c b/src/dnssec.c index 1aea299..47ecc51 100644 --- a/src/dnssec.c +++ b/src/dnssec.c @@ -1682,6 +1682,9 @@ int dnssec_validate_reply(time_t now, struct dns_header *header, size_t plen, ch GETSHORT(qtype, p1); GETSHORT(qclass, p1); ans_start = p1; + + if (qtype == T_ANY) + have_answer = 1; /* Can't validate an RRISG query */ if (qtype == T_RRSIG) |