summaryrefslogtreecommitdiff
path: root/validator/validator.c
diff options
context:
space:
mode:
authorCy Schubert <cy@FreeBSD.org>2023-11-13 19:44:16 +0000
committerCy Schubert <cy@FreeBSD.org>2023-11-13 19:44:16 +0000
commit16fd0b24910488e59ca1941387b9ac7fb646a837 (patch)
tree2cec66ecd6a6986811db8d82dc14d2c054e37e49 /validator/validator.c
parent292d51198aa319c58f534549851e9c28486abdf4 (diff)
vendor/unbound/1.19.0
Diffstat (limited to 'validator/validator.c')
-rw-r--r--validator/validator.c11
1 files changed, 11 insertions, 0 deletions
diff --git a/validator/validator.c b/validator/validator.c
index 9de9d54db27c..6cd15cfc1c7c 100644
--- a/validator/validator.c
+++ b/validator/validator.c
@@ -200,6 +200,17 @@ val_init(struct module_env* env, int id)
log_err("validator: could not apply configuration settings.");
return 0;
}
+ if(env->cfg->disable_edns_do) {
+ struct trust_anchor* anchor = anchors_find_any_noninsecure(
+ env->anchors);
+ if(anchor) {
+ char b[LDNS_MAX_DOMAINLEN+2];
+ dname_str(anchor->name, b);
+ log_warn("validator: disable-edns-do is enabled, but there is a trust anchor for '%s'. Since DNSSEC could not work, the disable-edns-do setting is turned off. Continuing without it.", b);
+ lock_basic_unlock(&anchor->lock);
+ env->cfg->disable_edns_do = 0;
+ }
+ }
return 1;
}
generated by cgit v1.3 (git 2.53.0) at 2026-04-21 01:38:42 +0000