Fix dnssec dnsdb lookup in defer_never mode

author Jeremy Harris <jgh146exb@wizmail.org>

Thu, 29 May 2014 20:00:04 +0000 (21:00 +0100)

committer Jeremy Harris <jgh146exb@wizmail.org>

Thu, 29 May 2014 20:00:04 +0000 (21:00 +0100)
author Jeremy Harris <jgh146exb@wizmail.org>
Thu, 29 May 2014 20:00:04 +0000 (21:00 +0100)
committer Jeremy Harris <jgh146exb@wizmail.org>
Thu, 29 May 2014 20:00:04 +0000 (21:00 +0100)
diff --git a/src/src/lookups/dnsdb.c b/src/src/lookups/dnsdb.c

index 5c077fb3151c4e32287ca9a8d9f5edd6baf536f1..02c597b163c7f9f17f448b8cdbbace9c069b1f89 100644 (file)
--- a/src/src/lookups/dnsdb.c
+++ b/src/src/lookups/dnsdb.c
@@ -358,7 +358,9 @@ while ((domain = string_nextinlist(&keystring, &sep, buffer, sizeof(buffer)))
        : dns_is_secure(&dnsa) ? US"yes" : US"no";
  
      if (rc == DNS_NOMATCH || rc == DNS_NODATA) continue;
-    if (rc != DNS_SUCCEED)
+    if (  rc != DNS_SUCCEED
+       || dnssec_mode == DEFER && !dns_is_secure(&dnsa)
+       )
        {
        if (defer_mode == DEFER)
         {
@@ -368,11 +370,6 @@ while ((domain = string_nextinlist(&keystring, &sep, buffer, sizeof(buffer)))
        if (defer_mode == PASS) failrc = DEFER;         /* defer only if all do */
        continue;                                       /* treat defer as fail */
        }
-    if (dnssec_mode == DEFER && !dns_is_secure(&dnsa))
-      {
-      failrc = DEFER;
-      continue;
-      }
  
  
      /* Search the returned records */
author	Jeremy Harris <jgh146exb@wizmail.org>
	Thu, 29 May 2014 20:00:04 +0000 (21:00 +0100)
committer	Jeremy Harris <jgh146exb@wizmail.org>
	Thu, 29 May 2014 20:00:04 +0000 (21:00 +0100)