summaryrefslogtreecommitdiff
path: root/sbin/unwind/resolver.c
diff options
context:
space:
mode:
authorFlorian Obser <florian@cvs.openbsd.org>2021-01-23 16:27:25 +0000
committerFlorian Obser <florian@cvs.openbsd.org>2021-01-23 16:27:25 +0000
commitb7f6ff1de7e272c112cd140f5bb9ba7e18d10265 (patch)
tree8f9a9b42f70592b1b312e682eb8f81fe0bba8bdc /sbin/unwind/resolver.c
parente615c7295f7344a5c9f15ac6e2e0c02def4be9ad (diff)
Don't just blindly upgrade to VALIDATING if we see a SECURE answer.
Let's go through the check_resolver() / new_resolver() code path which will also hook up the resovler to the shared cache. This means also one less special case for upcomming DNS64 support.
Diffstat (limited to 'sbin/unwind/resolver.c')
-rw-r--r--sbin/unwind/resolver.c6
1 files changed, 3 insertions, 3 deletions
diff --git a/sbin/unwind/resolver.c b/sbin/unwind/resolver.c
index f5a1f3e1f59..b4ae3fd0abf 100644
--- a/sbin/unwind/resolver.c
+++ b/sbin/unwind/resolver.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: resolver.c,v 1.131 2021/01/19 16:52:40 florian Exp $ */
+/* $OpenBSD: resolver.c,v 1.132 2021/01/23 16:27:24 florian Exp $ */
/*
* Copyright (c) 2018 Florian Obser <florian@openbsd.org>
@@ -1008,8 +1008,8 @@ resolve_done(struct uw_resolver *res, void *arg, int rcode,
if (result->rcode == LDNS_RCODE_SERVFAIL)
goto servfail;
- if (sec == SECURE)
- res->state = VALIDATING;
+ if (sec == SECURE && res->state != VALIDATING && res->stop != -1)
+ check_resolver(res);
if (res->state == VALIDATING && sec == BOGUS) {
answer_header->bogus = !force_acceptbogus;