summaryrefslogtreecommitdiff
path: root/src/nss-mymachines/nss-mymachines.sym
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2016-01-26 13:22:12 +0100
committerLennart Poettering <lennart@poettering.net>2016-01-26 14:42:04 +0100
commiteac7cda2114cb07031ac277c210896eb68bbd619 (patch)
tree2a142269455176aedf9b6e494174f39801bd2bab /src/nss-mymachines/nss-mymachines.sym
parent6294c80e06faef16a206a01d651cce1202389dee (diff)
resolved: fix the rcode to SUCCESS if we find at least one matching RR in a DNS response
If we encounter NXDOMAIN, but find at least one matching RR in a response, then patch it to become SUCCESS. This should clean up handling of CNAME/DNAMEs, and makes sure broken servers and those conforming to RFC 6604 are treated the same way. The new behaviour opposes the logic suggested in RFC 6604, but given that some servers don't implement it correctly, and given that in some ways the CNAME/DNAME chains will be incomplete anyway, and given that DNSSEC generally only allows us to prove the first element of a CNAME/DNAME chain, this should simplify things for us.
Diffstat (limited to 'src/nss-mymachines/nss-mymachines.sym')
0 files changed, 0 insertions, 0 deletions