summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJeremy Harris <jgh146exb@wizmail.org>2014-05-29 21:00:04 +0100
committerJeremy Harris <jgh146exb@wizmail.org>2014-05-29 21:00:04 +0100
commit91f40ccd9734db907dd7de25147995c50e564c77 (patch)
tree87bb1664a8cb6be149c237bf20dce0b6ff81eb59
parent6eb02f881ddd9af83d697244ec35704c8dfbe9a8 (diff)
Fix dnssec dnsdb lookup in defer_never mode
-rw-r--r--src/src/lookups/dnsdb.c9
1 files changed, 3 insertions, 6 deletions
diff --git a/src/src/lookups/dnsdb.c b/src/src/lookups/dnsdb.c
index 5c077fb31..02c597b16 100644
--- a/src/src/lookups/dnsdb.c
+++ b/src/src/lookups/dnsdb.c
@@ -358,7 +358,9 @@ while ((domain = string_nextinlist(&keystring, &sep, buffer, sizeof(buffer)))
: dns_is_secure(&dnsa) ? US"yes" : US"no";
if (rc == DNS_NOMATCH || rc == DNS_NODATA) continue;
- if (rc != DNS_SUCCEED)
+ if ( rc != DNS_SUCCEED
+ || dnssec_mode == DEFER && !dns_is_secure(&dnsa)
+ )
{
if (defer_mode == DEFER)
{
@@ -368,11 +370,6 @@ while ((domain = string_nextinlist(&keystring, &sep, buffer, sizeof(buffer)))
if (defer_mode == PASS) failrc = DEFER; /* defer only if all do */
continue; /* treat defer as fail */
}
- if (dnssec_mode == DEFER && !dns_is_secure(&dnsa))
- {
- failrc = DEFER;
- continue;
- }
/* Search the returned records */