Commit d94caa6c authored by Marek Vavruša's avatar Marek Vavruša

lib/dnssec: always check wildcard expansion proof

refs #33
parent b8cc6ccd
......@@ -316,11 +316,11 @@ int kr_nsec_existence_denial(const knot_pkt_t *pkt, knot_section_t section_id,
/* NSEC proves that name exists, but has no data (RFC4035 4.9, 1) */
if (knot_dname_is_equal(rrset->owner, sname)) {
no_data_response_check_rrtype(&flags, rrset, stype);
no_data_wildcard_existence_check(&flags, rrset, sec);
} else {
/* NSEC proves that name doesn't exist (RFC4035, 4.9, 2) */
name_error_response_check_rr(&flags, rrset, sname);
}
no_data_wildcard_existence_check(&flags, rrset, sec);
}
return kr_nsec_existence_denied(flags) ? kr_ok() : kr_error(ENOENT);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment