Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
resolved: validate authentic insecure delegation to CNAME
If the parent zone uses a non-opt-out method that provides authenticated negative DS replies, we still can't expect signatures from the child zone. sd-resolved was using the authenticated status of the DS reply to require signatures for CNAMEs, even though it had already proved that no signature exists. Fixes: 4769063 ("resolved: don't request the SOA for every dns label")
- Loading branch information