net.resolvers: Report DNSSEC validation errors instead of NoError

Thanks Martin bringing this case to attention

2 files changed, 13 insertions, 3 deletions

diff --git a/net/resolvers/basic.lua b/net/resolvers/basic.lua
index 495a348e..305bce76 100644
--- a/net/resolvers/basic.lua
+++ b/net/resolvers/basic.lua
@@ -58,7 +58,9 @@ function methods:next(cb)
 				for _, record in ipairs(answer) do
 					table.insert(targets, { self.conn_type.."4", record.a, self.port, self.extra });
 				end
-				if answer.status then
+				if answer.bogus then
+					self.last_error = "Validation error in A lookup";
+				elseif answer.status then
 					self.last_error = answer.status .. " in A lookup";
 				end
 			else
@@ -77,7 +79,9 @@ function methods:next(cb)
 				for _, record in ipairs(answer) do
 					table.insert(targets, { self.conn_type.."6", record.aaaa, self.port, self.extra });
 				end
-				if answer.status then
+				if answer.bogus then
+					self.last_error = "Validation error in AAAA lookup";
+				elseif answer.status then
 					self.last_error = answer.status .. " in AAAA lookup";
 				end
 			else
@@ -96,7 +100,9 @@ function methods:next(cb)
 				for _, record in ipairs(answer) do
 					table.insert(tlsa, record.tlsa);
 				end
-				if answer.status then
+				if answer.bogus then
+					self.last_error = "Validation error in TLSA lookup";
+				elseif answer.status then
 					self.last_error = answer.status .. " in TLSA lookup";
 				end
 			else
diff --git a/net/resolvers/service.lua b/net/resolvers/service.lua
index b476cb2c..3810cac8 100644
--- a/net/resolvers/service.lua
+++ b/net/resolvers/service.lua
@@ -55,6 +55,10 @@ function methods:next(cb)
 		if answer then
 			if self.extra and not answer.secure then
 				self.extra.use_dane = false;
+			elseif answer.bogus then
+				self.last_error = "Validation error in SRV lookup";
+				ready();
+				return;
 			end
 
 			if #answer == 0 then