Skip to content
Blame Permalink
  • Vladimír Čunát's avatar
    1f8a92e8
    val_dname_bogus: give up on query-minimization · 1f8a92e8
    Vladimír Čunát authored 
    For now at least.  This basically reverts 68abde7f which tried
to make it work, but this negative trust anchor was a really bad idea.
The test (also) relies on names underneath getting validated
and used by aggressive cache later.
(They are also signed as belonging to the root zone, so it's ugly.)

With "previous" kresd versions the problematic NSEC inside
somehow validated as secure, but I don't want to be restricted here.
    1f8a92e8
    val_dname_bogus: give up on query-minimization
    Vladimír Čunát authored 
    For now at least.  This basically reverts 68abde7f which tried
to make it work, but this negative trust anchor was a really bad idea.
The test (also) relies on names underneath getting validated
and used by aggressive cache later.
(They are also signed as belonging to the root zone, so it's ugly.)

With "previous" kresd versions the problematic NSEC inside
somehow validated as secure, but I don't want to be restricted here.