Commit 2bd31a48 authored by Committed by Petr Špaček
validate nitpick fix: unsupported algo edge case
kr_dnskeys_trusted() semantics is changed, but I do NOT consider that a part of public API. Go insecure due to algorithm support even if DNSKEY is NODATA. I can't see how that's relevant to practical usage, but I think this new behavior makes more sense. We still do try to fetch the DNSKEY even though we have information about its un-usability beforehand. I'd consider fixing that a premature optimization. We'll still be affected if the DNSKEY query SERVFAILs or something. Thanks to PowerDNS people for catching this!
Showing with 19 additions and 15 deletions