net.resolvers.service: Fix reporting of Bogus DNSSEC results The order of checks led to Bogus results being reported with a generic "unable to resolve service". This had no practical effects as such results are simply empty and the process would stop there. Tested by attempting to establish s2s with dnssec-bogus.sg and observing the error reply.

author: Kim Alvefur <zash@zash.se>
date: Wed, 21 Dec 2022 23:46:37 +0100
parent: 12812:b2d422b88cd6
child: 12814:3bfb2f9e13af
--- a/net/resolvers/service.lua	Wed Dec 21 21:34:07 2022 +0100
+++ b/net/resolvers/service.lua	Wed Dec 21 23:46:37 2022 +0100
@@ -111,12 +111,15 @@
 			answer = {};
 		end
 		if answer then
-			if self.extra and not answer.secure then
-				self.extra.use_dane = false;
-			elseif answer.bogus then
+			if answer.bogus then
 				self.last_error = "Validation error in SRV lookup";
 				ready();
 				return;
+			elseif not answer.secure then
+				if self.extra then
+					-- Insecure results, so no DANE
+					self.extra.use_dane = false;
+				end
 			end
 
 			if #answer == 0 then