prosody
4be161c25e14
net/resolvers/service.lua
Software / code / prosody
Comparison
net/resolvers/service.lua @ 12813:4be161c25e14
net.resolvers.service: Fix reporting of Bogus DNSSEC results
The order of checks led to Bogus results being reported with a generic
"unable to resolve service". This had no practical effects as such
results are simply empty and the process would stop there.
Tested by attempting to establish s2s with dnssec-bogus.sg and observing
the error reply.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Wed, 21 Dec 2022 23:46:37 +0100 |
| parent | 12812:b2d422b88cd6 |
| child | 12814:3bfb2f9e13af |
comparison
equal
deleted
inserted
replaced
| 12812:b2d422b88cd6 | 12813:4be161c25e14 |
|---|---|
| 109 if not answer and not err then | 109 if not answer and not err then |
| 110 -- net.adns returns nil if there are zero records or nxdomain | 110 -- net.adns returns nil if there are zero records or nxdomain |
| 111 answer = {}; | 111 answer = {}; |
| 112 end | 112 end |
| 113 if answer then | 113 if answer then |
| 114 if self.extra and not answer.secure then | 114 if answer.bogus then |
| 115 self.extra.use_dane = false; | |
| 116 elseif answer.bogus then | |
| 117 self.last_error = "Validation error in SRV lookup"; | 115 self.last_error = "Validation error in SRV lookup"; |
| 118 ready(); | 116 ready(); |
| 119 return; | 117 return; |
| 118 elseif not answer.secure then | |
| 119 if self.extra then | |
| 120 -- Insecure results, so no DANE | |
| 121 self.extra.use_dane = false; | |
| 122 end | |
| 120 end | 123 end |
| 121 | 124 |
| 122 if #answer == 0 then | 125 if #answer == 0 then |
| 123 if self.extra and self.extra.default_port then | 126 if self.extra and self.extra.default_port then |
| 124 self.resolver = basic.new(self.hostname, self.extra.default_port, self.conn_type, self.extra); | 127 self.resolver = basic.new(self.hostname, self.extra.default_port, self.conn_type, self.extra); |
