From a9dbea22add3b86221d5884ebb5075dc9278c42d Mon Sep 17 00:00:00 2001 From: Willem Toorop Date: Wed, 3 Sep 2014 20:53:26 +0200 Subject: [PATCH] Chase NSEC and NSEC3 with return_validation_chain --- ChangeLog | 1 + src/dnssec.c | 7 +++++++ 2 files changed, 8 insertions(+) diff --git a/ChangeLog b/ChangeLog index 3285c672..d4a92ea9 100644 --- a/ChangeLog +++ b/ChangeLog @@ -20,6 +20,7 @@ be able to parse the wire format (not released yet at time of writing) * Added OPENPGPKEY RR type, but no rdata fields implementation yet * Updated spec to version 0.508 (September 2014) + * Also chase NSEC and NSEC3 RRSIGs with dnssec_return_validation_chain * 2014-06-25: Version 0.1.3 * libtool chage, remove -release, added -version-info diff --git a/src/dnssec.c b/src/dnssec.c index f92238fc..5151f7eb 100644 --- a/src/dnssec.c +++ b/src/dnssec.c @@ -305,12 +305,19 @@ getdns_get_validation_chain(getdns_dns_req *dns_req, while (netreq) { size_t i; ldns_rr_list *answer = ldns_pkt_answer(netreq->result); + ldns_rr_list *authority = ldns_pkt_authority(netreq->result); for (i = 0; i < ldns_rr_list_rr_count(answer); i++) { ldns_rr *rr = ldns_rr_list_rr(answer, i); if (ldns_rr_get_type(rr) == LDNS_RR_TYPE_RRSIG) launch_chain_link_lookup(chain, ldns_rdf2str(ldns_rr_rdf(rr, 7))); } + for (i = 0; i < ldns_rr_list_rr_count(authority); i++) { + ldns_rr *rr = ldns_rr_list_rr(authority, i); + if (ldns_rr_get_type(rr) == LDNS_RR_TYPE_RRSIG) + launch_chain_link_lookup(chain, + ldns_rdf2str(ldns_rr_rdf(rr, 7))); + } netreq = netreq->next; } callback_on_complete_chain(chain);