Commit 6fc991ae authored by Grigorii Demidov's avatar Grigorii Demidov Committed by Vladimír Čunát

layer/iterate: remove counter-productive validation

... functionality from iterator: don't fail immediately if actual number
of labels in owner name exceeds number in label field of RRSIG rrset
parent 7dbea20f
Knot Resolver 1.3.3 (2017-0_-__)
================================
Bugfixes
--------
- iterate: skip RRSIGs with bad label count instead of immediate SERVFAIL
Improvements
------------
- policy: implement remaining special-use domain names from RFC6761 (#205),
......
......@@ -465,7 +465,10 @@ static int unroll_cname(knot_pkt_t *pkt, struct kr_request *req, bool referral,
if (rr->type == KNOT_RRTYPE_RRSIG) {
int rrsig_labels = knot_rrsig_labels(&rr->rrs, 0);
if (rrsig_labels > cname_labels) {
return KR_STATE_FAIL;
/* clearly wrong RRSIG, don't pick it.
* don't fail immediately,
* let validator work. */
continue;
}
if (rrsig_labels < cname_labels) {
query->flags |= QUERY_DNSSEC_WEXPAND;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment