diff options
author | Lennart Poettering <lennart@poettering.net> | 2016-01-26 13:22:12 +0100 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2016-01-26 14:42:04 +0100 |
commit | eac7cda2114cb07031ac277c210896eb68bbd619 (patch) | |
tree | 2a142269455176aedf9b6e494174f39801bd2bab /src/nss-mymachines/nss-mymachines.sym | |
parent | 6294c80e06faef16a206a01d651cce1202389dee (diff) |
resolved: fix the rcode to SUCCESS if we find at least one matching RR in a DNS response
If we encounter NXDOMAIN, but find at least one matching RR in a response, then patch it to become SUCCESS. This should
clean up handling of CNAME/DNAMEs, and makes sure broken servers and those conforming to RFC 6604 are treated the same
way. The new behaviour opposes the logic suggested in RFC 6604, but given that some servers don't implement it
correctly, and given that in some ways the CNAME/DNAME chains will be incomplete anyway, and given that DNSSEC
generally only allows us to prove the first element of a CNAME/DNAME chain, this should simplify things for us.
Diffstat (limited to 'src/nss-mymachines/nss-mymachines.sym')
0 files changed, 0 insertions, 0 deletions