diff options
author | Kim Alvefur <zash@zash.se> | 2021-12-28 14:58:09 +0100 |
---|---|---|
committer | Kim Alvefur <zash@zash.se> | 2021-12-28 14:58:09 +0100 |
commit | e469d015af5df65342d5ed6072719e40a0f969df (patch) | |
tree | 1fbd319be2c5a4ce710966c9d63bedb52a4aec85 /net/resolvers | |
parent | 4261dc1d80e3813e50763e7643faa0dbcf6626f9 (diff) | |
download | prosody-e469d015af5df65342d5ed6072719e40a0f969df.tar.gz prosody-e469d015af5df65342d5ed6072719e40a0f969df.zip |
net.resolvers: Report DNSSEC validation errors instead of NoError
Thanks Martin bringing this case to attention
Diffstat (limited to 'net/resolvers')
-rw-r--r-- | net/resolvers/basic.lua | 12 | ||||
-rw-r--r-- | net/resolvers/service.lua | 4 |
2 files changed, 13 insertions, 3 deletions
diff --git a/net/resolvers/basic.lua b/net/resolvers/basic.lua index 495a348e..305bce76 100644 --- a/net/resolvers/basic.lua +++ b/net/resolvers/basic.lua @@ -58,7 +58,9 @@ function methods:next(cb) for _, record in ipairs(answer) do table.insert(targets, { self.conn_type.."4", record.a, self.port, self.extra }); end - if answer.status then + if answer.bogus then + self.last_error = "Validation error in A lookup"; + elseif answer.status then self.last_error = answer.status .. " in A lookup"; end else @@ -77,7 +79,9 @@ function methods:next(cb) for _, record in ipairs(answer) do table.insert(targets, { self.conn_type.."6", record.aaaa, self.port, self.extra }); end - if answer.status then + if answer.bogus then + self.last_error = "Validation error in AAAA lookup"; + elseif answer.status then self.last_error = answer.status .. " in AAAA lookup"; end else @@ -96,7 +100,9 @@ function methods:next(cb) for _, record in ipairs(answer) do table.insert(tlsa, record.tlsa); end - if answer.status then + if answer.bogus then + self.last_error = "Validation error in TLSA lookup"; + elseif answer.status then self.last_error = answer.status .. " in TLSA lookup"; end else diff --git a/net/resolvers/service.lua b/net/resolvers/service.lua index b476cb2c..3810cac8 100644 --- a/net/resolvers/service.lua +++ b/net/resolvers/service.lua @@ -55,6 +55,10 @@ function methods:next(cb) if answer then if self.extra and not answer.secure then self.extra.use_dane = false; + elseif answer.bogus then + self.last_error = "Validation error in SRV lookup"; + ready(); + return; end if #answer == 0 then |