diff options
-rw-r--r-- | src/src/lookups/dnsdb.c | 9 |
1 files changed, 3 insertions, 6 deletions
diff --git a/src/src/lookups/dnsdb.c b/src/src/lookups/dnsdb.c index 5c077fb31..02c597b16 100644 --- a/src/src/lookups/dnsdb.c +++ b/src/src/lookups/dnsdb.c @@ -358,7 +358,9 @@ while ((domain = string_nextinlist(&keystring, &sep, buffer, sizeof(buffer))) : dns_is_secure(&dnsa) ? US"yes" : US"no"; if (rc == DNS_NOMATCH || rc == DNS_NODATA) continue; - if (rc != DNS_SUCCEED) + if ( rc != DNS_SUCCEED + || dnssec_mode == DEFER && !dns_is_secure(&dnsa) + ) { if (defer_mode == DEFER) { @@ -368,11 +370,6 @@ while ((domain = string_nextinlist(&keystring, &sep, buffer, sizeof(buffer))) if (defer_mode == PASS) failrc = DEFER; /* defer only if all do */ continue; /* treat defer as fail */ } - if (dnssec_mode == DEFER && !dns_is_secure(&dnsa)) - { - failrc = DEFER; - continue; - } /* Search the returned records */ |