From 8acfbaefd7580ec675a702acfdf1f8f7edd6fd57 Mon Sep 17 00:00:00 2001 From: dougb Date: Thu, 20 May 2010 08:15:06 +0000 Subject: Upgrade to 9.6.2-P2, which addresses the following; Named could return SERVFAIL for negative responses from unsigned zones. --- contrib/bind9/lib/dns/api | 2 +- contrib/bind9/lib/dns/validator.c | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) (limited to 'contrib/bind9/lib/dns') diff --git a/contrib/bind9/lib/dns/api b/contrib/bind9/lib/dns/api index 4fc7eca..e9df7db 100644 --- a/contrib/bind9/lib/dns/api +++ b/contrib/bind9/lib/dns/api @@ -1,3 +1,3 @@ LIBINTERFACE = 56 -LIBREVISION = 0 +LIBREVISION = 1 LIBAGE = 1 diff --git a/contrib/bind9/lib/dns/validator.c b/contrib/bind9/lib/dns/validator.c index 0ccdc41..7144ae2 100644 --- a/contrib/bind9/lib/dns/validator.c +++ b/contrib/bind9/lib/dns/validator.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: validator.c,v 1.164.12.11.8.2 2010/02/25 10:57:12 tbox Exp $ */ +/* $Id: validator.c,v 1.164.12.11.8.3 2010/04/21 04:29:01 marka Exp $ */ #include @@ -2961,7 +2961,7 @@ nsecvalidate(dns_validator_t *val, isc_boolean_t resume) { } findnsec3proofs(val); - if (val->authcount == val->authfail) + if (val->authfail != 0 && val->authcount == val->authfail) return (DNS_R_BROKENCHAIN); validator_log(val, ISC_LOG_DEBUG(3), "nonexistence proof(s) not found"); -- cgit v1.1