diff options
author | Lennart Poettering <lennart@poettering.net> | 2016-01-05 14:19:05 +0100 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2016-01-05 14:19:05 +0100 |
commit | d76f90f1711e55d23ee6c8c0957fa3db17927327 (patch) | |
tree | fe80f3f56e8f7036a6cc6b0d59a2f1a8f6357f07 /src/resolve/resolved-dns-trust-anchor.c | |
parent | resolved: move trust anchor files to /etc/dnssec-trust-anchors.d/ (diff) | |
download | systemd-d76f90f1711e55d23ee6c8c0957fa3db17927327.tar.xz systemd-d76f90f1711e55d23ee6c8c0957fa3db17927327.zip |
resolved: also skip built-in trust anchor addition of there's a DNSKEY RR for the root domain defined
We already skip this when the trust anchor files define a DS RR for the
root domain, now also skip it if there's a DNSKEY RR.
Diffstat (limited to '')
-rw-r--r-- | src/resolve/resolved-dns-trust-anchor.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/src/resolve/resolved-dns-trust-anchor.c b/src/resolve/resolved-dns-trust-anchor.c index 432a8a6455..53b49b091a 100644 --- a/src/resolve/resolved-dns-trust-anchor.c +++ b/src/resolve/resolved-dns-trust-anchor.c @@ -56,6 +56,9 @@ static int dns_trust_anchor_add_builtin(DnsTrustAnchor *d) { if (hashmap_get(d->positive_by_key, &DNS_RESOURCE_KEY_CONST(DNS_CLASS_IN, DNS_TYPE_DS, "."))) return 0; + if (hashmap_get(d->positive_by_key, &DNS_RESOURCE_KEY_CONST(DNS_CLASS_IN, DNS_TYPE_DNSKEY, "."))) + return 0; + /* Add the RR from https://data.iana.org/root-anchors/root-anchors.xml */ rr = dns_resource_record_new_full(DNS_CLASS_IN, DNS_TYPE_DS, ""); if (!rr) |