From 91f40ccd9734db907dd7de25147995c50e564c77 Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Thu, 29 May 2014 21:00:04 +0100 Subject: Fix dnssec dnsdb lookup in defer_never mode --- src/src/lookups/dnsdb.c | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/src/src/lookups/dnsdb.c b/src/src/lookups/dnsdb.c index 5c077fb31..02c597b16 100644 --- a/src/src/lookups/dnsdb.c +++ b/src/src/lookups/dnsdb.c @@ -358,7 +358,9 @@ while ((domain = string_nextinlist(&keystring, &sep, buffer, sizeof(buffer))) : dns_is_secure(&dnsa) ? US"yes" : US"no"; if (rc == DNS_NOMATCH || rc == DNS_NODATA) continue; - if (rc != DNS_SUCCEED) + if ( rc != DNS_SUCCEED + || dnssec_mode == DEFER && !dns_is_secure(&dnsa) + ) { if (defer_mode == DEFER) { @@ -368,11 +370,6 @@ while ((domain = string_nextinlist(&keystring, &sep, buffer, sizeof(buffer))) if (defer_mode == PASS) failrc = DEFER; /* defer only if all do */ continue; /* treat defer as fail */ } - if (dnssec_mode == DEFER && !dns_is_secure(&dnsa)) - { - failrc = DEFER; - continue; - } /* Search the returned records */ -- cgit v1.2.3