summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/src/lookups/dnsdb.c9
1 files changed, 3 insertions, 6 deletions
diff --git a/src/src/lookups/dnsdb.c b/src/src/lookups/dnsdb.c
index 5c077fb31..02c597b16 100644
--- a/src/src/lookups/dnsdb.c
+++ b/src/src/lookups/dnsdb.c
@@ -358,7 +358,9 @@ while ((domain = string_nextinlist(&keystring, &sep, buffer, sizeof(buffer)))
: dns_is_secure(&dnsa) ? US"yes" : US"no";
if (rc == DNS_NOMATCH || rc == DNS_NODATA) continue;
- if (rc != DNS_SUCCEED)
+ if ( rc != DNS_SUCCEED
+ || dnssec_mode == DEFER && !dns_is_secure(&dnsa)
+ )
{
if (defer_mode == DEFER)
{
@@ -368,11 +370,6 @@ while ((domain = string_nextinlist(&keystring, &sep, buffer, sizeof(buffer)))
if (defer_mode == PASS) failrc = DEFER; /* defer only if all do */
continue; /* treat defer as fail */
}
- if (dnssec_mode == DEFER && !dns_is_secure(&dnsa))
- {
- failrc = DEFER;
- continue;
- }
/* Search the returned records */