From: Jeremy Harris <jgh146exb@wizmail.org>
Date: Thu, 29 May 2014 20:00:04 +0000 (+0100)
Subject: Fix dnssec dnsdb lookup in defer_never mode
X-Git-Tag: exim-4_83_RC2~10
X-Git-Url: https://git.exim.org/exim.git/commitdiff_plain/91f40ccd9734db907dd7de25147995c50e564c77

Fix dnssec dnsdb lookup in defer_never mode
---

diff --git a/src/src/lookups/dnsdb.c b/src/src/lookups/dnsdb.c
index 5c077fb31..02c597b16 100644
--- a/src/src/lookups/dnsdb.c
+++ b/src/src/lookups/dnsdb.c
@@ -358,7 +358,9 @@ while ((domain = string_nextinlist(&keystring, &sep, buffer, sizeof(buffer)))
       : dns_is_secure(&dnsa) ? US"yes" : US"no";
 
     if (rc == DNS_NOMATCH || rc == DNS_NODATA) continue;
-    if (rc != DNS_SUCCEED)
+    if (  rc != DNS_SUCCEED
+       || dnssec_mode == DEFER && !dns_is_secure(&dnsa)
+       )
       {
       if (defer_mode == DEFER)
 	{
@@ -368,11 +370,6 @@ while ((domain = string_nextinlist(&keystring, &sep, buffer, sizeof(buffer)))
       if (defer_mode == PASS) failrc = DEFER;         /* defer only if all do */
       continue;                                       /* treat defer as fail */
       }
-    if (dnssec_mode == DEFER && !dns_is_secure(&dnsa))
-      {
-      failrc = DEFER;
-      continue;
-      }
 
 
     /* Search the returned records */