Explicitly set INSECURE status for replies received either from upstream (if they are not already validated as SECURE) or from cache. This is a direct consequence from the previous commit.
Signed-off-by: DL6ER <dl6er@dl6er.de>
This commit is contained in:
parent
b22524e54c
commit
f216cb0b78
|
@ -2105,6 +2105,10 @@ static void FTL_reply(const unsigned int flags, const char *name, const union al
|
|||
// Save reply type and update individual reply counters
|
||||
query_set_reply(flags, 0, addr, query, response);
|
||||
|
||||
// Set DNSSEC status to INSECURE if it is still unknown
|
||||
if(query->dnssec == DNSSEC_UNSPECIFIED)
|
||||
query_set_dnssec(query, DNSSEC_INSECURE);
|
||||
|
||||
// Hereby, this query is now fully determined
|
||||
query->flags.complete = true;
|
||||
}
|
||||
|
@ -2144,6 +2148,12 @@ static void FTL_reply(const unsigned int flags, const char *name, const union al
|
|||
reply_flags = F_NEG;
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
// Set DNSSEC status to INSECURE if it is still unknown
|
||||
if(query->dnssec == DNSSEC_UNSPECIFIED)
|
||||
query_set_dnssec(query, DNSSEC_INSECURE);
|
||||
}
|
||||
|
||||
// Save reply type and update individual reply counters
|
||||
query_set_reply(reply_flags, 0, addr, query, response);
|
||||
|
|
Loading…
Reference in New Issue