summaryrefslogtreecommitdiffstats
path: root/src/resolve/resolved-dns-trust-anchor.c
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2016-01-05 14:19:05 +0100
committerLennart Poettering <lennart@poettering.net>2016-01-05 14:19:05 +0100
commitd76f90f1711e55d23ee6c8c0957fa3db17927327 (patch)
treefe80f3f56e8f7036a6cc6b0d59a2f1a8f6357f07 /src/resolve/resolved-dns-trust-anchor.c
parentresolved: move trust anchor files to /etc/dnssec-trust-anchors.d/ (diff)
downloadsystemd-d76f90f1711e55d23ee6c8c0957fa3db17927327.tar.xz
systemd-d76f90f1711e55d23ee6c8c0957fa3db17927327.zip
resolved: also skip built-in trust anchor addition of there's a DNSKEY RR for the root domain defined
We already skip this when the trust anchor files define a DS RR for the root domain, now also skip it if there's a DNSKEY RR.
Diffstat (limited to '')
-rw-r--r--src/resolve/resolved-dns-trust-anchor.c3
1 files changed, 3 insertions, 0 deletions
diff --git a/src/resolve/resolved-dns-trust-anchor.c b/src/resolve/resolved-dns-trust-anchor.c
index 432a8a6455..53b49b091a 100644
--- a/src/resolve/resolved-dns-trust-anchor.c
+++ b/src/resolve/resolved-dns-trust-anchor.c
@@ -56,6 +56,9 @@ static int dns_trust_anchor_add_builtin(DnsTrustAnchor *d) {
if (hashmap_get(d->positive_by_key, &DNS_RESOURCE_KEY_CONST(DNS_CLASS_IN, DNS_TYPE_DS, ".")))
return 0;
+ if (hashmap_get(d->positive_by_key, &DNS_RESOURCE_KEY_CONST(DNS_CLASS_IN, DNS_TYPE_DNSKEY, ".")))
+ return 0;
+
/* Add the RR from https://data.iana.org/root-anchors/root-anchors.xml */
rr = dns_resource_record_new_full(DNS_CLASS_IN, DNS_TYPE_DS, "");
if (!rr)