diff options
author | Kim Alvefur <zash@zash.se> | 2022-12-21 23:46:37 +0100 |
---|---|---|
committer | Kim Alvefur <zash@zash.se> | 2022-12-21 23:46:37 +0100 |
commit | 325464eb11a4b6c31430c6a1d40db74207802cd4 (patch) | |
tree | d3c1465c85da447545f7a5eedcfa43bf0c6716d7 /net/resolvers | |
parent | 62f32cd01d26e3d1bad0d63a9e418838eb9ea212 (diff) | |
download | prosody-325464eb11a4b6c31430c6a1d40db74207802cd4.tar.gz prosody-325464eb11a4b6c31430c6a1d40db74207802cd4.zip |
net.resolvers.service: Fix reporting of Bogus DNSSEC results
The order of checks led to Bogus results being reported with a generic
"unable to resolve service". This had no practical effects as such
results are simply empty and the process would stop there.
Tested by attempting to establish s2s with dnssec-bogus.sg and observing
the error reply.
Diffstat (limited to 'net/resolvers')
-rw-r--r-- | net/resolvers/service.lua | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/net/resolvers/service.lua b/net/resolvers/service.lua index a7ce76a3..1e2aaeec 100644 --- a/net/resolvers/service.lua +++ b/net/resolvers/service.lua @@ -111,12 +111,15 @@ function methods:next(cb) answer = {}; end if answer then - if self.extra and not answer.secure then - self.extra.use_dane = false; - elseif answer.bogus then + if answer.bogus then self.last_error = "Validation error in SRV lookup"; ready(); return; + elseif not answer.secure then + if self.extra then + -- Insecure results, so no DANE + self.extra.use_dane = false; + end end if #answer == 0 then |