Remove --dnssec-permissive, pointless if we don't set CD upstream.

7d23a66f · Simon Kelley · 703c7ff4 · 7d23a66f · 7d23a66f · 7d23a66f
Commit 7d23a66f authored Jan 26, 2014 by Simon Kelley
Hide whitespace changes
Inline Side-by-side

Showing with 4 additions and 20 deletions

src/dnssec.c src/dnssec.c +2 -2

src/forward.c src/forward.c +1 -14

src/option.c src/option.c +1 -4

No files found.
--- a/src/dnssec.c
+++ b/src/dnssec.c
@@ -1382,7 +1382,7 @@ unsigned char* hash_questions(struct dns_header *header, size_t plen, char *name
  for (q = ntohs(header->qdcount); q != 0; q--) 
    {
      if (!extract_name(header, plen, &p, name, 1, 4))
-	return digest; /* bad packet */
+	break; /* bad packet */
      
      len = to_wire(name);
      hash->update(ctx, len, (unsigned char *)name);
@@ -1391,7 +1391,7 @@ unsigned char* hash_questions(struct dns_header *header, size_t plen, char *name

      p += 4;
      if (!CHECK_LEN(header, p, plen, 0))
-	return digest; /* bad packet */
+	break; /* bad packet */
    }
  
  hash->digest(ctx, hash->digest_size, digest);

--- a/src/forward.c
+++ b/src/forward.c
@@ -608,20 +608,7 @@ static size_t process_reply(struct dns_header *header, time_t now, struct server
 #ifdef HAVE_DNSSEC
  if (no_cache && !(header->hb4 & HB4_CD)) 
    {
-      if (option_bool(OPT_DNSSEC_PERMISS))
-	{
-	  unsigned short type;
-	  char types[20];
-	  
-	  if (extract_request(header, (size_t)n, daemon->namebuff, &type))
-	    {
-	      querystr("", types, type);
-	      my_syslog(LOG_WARNING, _("DNSSEC validation failed: query %s%s"), daemon->namebuff, types);
-	    }
-	  else
-	    my_syslog(LOG_WARNING, _("DNSSEC validation failed for unknown query"));
-	}
-      else
+      if (!option_bool(OPT_DNSSEC_DEBUG))
 	{
 	  /* Bogus reply, turn into SERVFAIL */
 	  SET_RCODE(header, SERVFAIL);

--- a/src/option.c
+++ b/src/option.c
@@ -140,8 +140,7 @@ struct myoption {
 #define LOPT_QUIET_RA     328
 #define LOPT_SEC_VALID    329
 #define LOPT_DNSKEY       330
-#define LOPT_DNSSEC_PERM  331
-#define LOPT_DNSSEC_DEBUG 332
+#define LOPT_DNSSEC_DEBUG 331

 #ifdef HAVE_GETOPT_LONG
 static const struct option opts[] =  
@@ -279,7 +278,6 @@ static const struct myoption opts[] =
    { "synth-domain", 1, 0, LOPT_SYNTH },
    { "dnssec", 0, 0, LOPT_SEC_VALID },
    { "dnskey", 1, 0, LOPT_DNSKEY },
-    { "dnssec-permissive", 0, 0, LOPT_DNSSEC_PERM },
    { "dnssec-debug", 0, 0, LOPT_DNSSEC_DEBUG },
 #ifdef OPTION6_PREFIX_CLASS 
    { "dhcp-prefix-class", 1, 0, LOPT_PREF_CLSS },
@@ -433,7 +431,6 @@ static struct {
  { LOPT_SYNTH, ARG_DUP, "<domain>,<range>,[<prefix>]", gettext_noop("Specify a domain and address range for synthesised names"), NULL },
  { LOPT_SEC_VALID, OPT_DNSSEC_VALID, NULL, gettext_noop("Activate DNSSEC validation"), NULL },
  { LOPT_DNSKEY, ARG_DUP, "<domain>,<algo>,<key>", gettext_noop("Specify trust anchor DNSKEY"), NULL },
-  { LOPT_DNSSEC_PERM, OPT_DNSSEC_PERMISS, NULL, gettext_noop("Do NOT return SERVFAIL whne DNSSEC validation fails."), NULL },
  { LOPT_DNSSEC_DEBUG, OPT_DNSSEC_DEBUG, NULL, gettext_noop("Disable upstream checking for DNSSEC debugging."), NULL },
 #ifdef OPTION6_PREFIX_CLASS 
  { LOPT_PREF_CLSS, ARG_DUP, "set:tag,<class>", gettext_noop("Specify DHCPv6 prefix class"), NULL },