Commit 378672e4 authored by Marek Vavruša's avatar Marek Vavruša

layer/iterate: fail answers with NSs outside bailiwick immediately

parent 2e3032ec
......@@ -222,8 +222,8 @@ static int update_cut(knot_pkt_t *pkt, const knot_rrset_t *rr, struct kr_request
/* Authority MUST be at/below the authority of the nameserver, otherwise
* possible cache injection attempt. */
if (!knot_dname_in(cut->name, rr->owner)) {
DEBUG_MSG("<= authority: ns outside bailiwick, ignoring\n");
return state;
DEBUG_MSG("<= authority: ns outside bailiwick, failing\n");
return KNOT_STATE_FAIL;
}
/* Update zone cut name */
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment