Skip to content

D
Dnsmasq
Commit d1fbb77e authored by Simon Kelley's avatar Simon Kelley
Browse files
Options

Don't cache secure replies which we've messsed with.

parent 1fbe4d2f
Hide whitespace changes
Inline Side-by-side
Showing with 4 additions and 5 deletions
src/rfc1035.c
View file @ d1fbb77e
...@@ -917,8 +917,8 @@ int extract_addresses(struct dns_header *header, size_t qlen, char *name, time_t ...@@ -917,8 +917,8 @@ int extract_addresses(struct dns_header *header, size_t qlen, char *name, time_t
searched_soa = 1; searched_soa = 1;
ttl = find_soa(header, qlen, name, doctored); ttl = find_soa(header, qlen, name, doctored);
#ifdef HAVE_DNSSEC #ifdef HAVE_DNSSEC
if (*doctored) if (*doctored && secure)
secure = 0; return 0;
#endif #endif
} }
...@@ -988,9 +988,8 @@ int extract_addresses(struct dns_header *header, size_t qlen, char *name, time_t ...@@ -988,9 +988,8 @@ int extract_addresses(struct dns_header *header, size_t qlen, char *name, time_t
if (aqtype == T_CNAME) if (aqtype == T_CNAME)
{ {
if (!cname_count--) if (!cname_count-- || secure)
return 0; /* looped CNAMES */ return 0; /* looped CNAMES, or DNSSEC, which we can't cache. */
secflag = 0; /* no longer DNSSEC */
goto cname_loop; goto cname_loop;
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment