prevent bogus RRsets from leaking into answers
- Apr 15, 2020
-
-
Petr Špaček authoredMISSING triggers re-query to auth in attempt to find missing RRSIGs. It causes reduntant queries and also puts some BOGUS RRsets in answers. (It sounds bad but we were correctly setting rcode=SERVFAIL and AD=0 even before this commit.) Formerly RRSIG ranks did not reflect results of validation. Now we mark them as BOGUS and upgrade them to SECURE if they validate. New validator phase answer_finalize prevents BOGUS RRsets from being put even into SERVFAIL answers. Closes: #396
-