mirror of
https://github.com/mjl-/mox.git
synced 2024-12-26 16:33:47 +03:00
better check for dnssec-verifying resolver
check the authentic data bit for the NS records of "com.", not for ".": some dnssec-verifying resolvers return unauthentic data for ".". for issue #139 by triatic, thanks!
This commit is contained in:
parent
9e7d6b85b7
commit
4db1f5593c
2 changed files with 4 additions and 2 deletions
|
@ -162,8 +162,9 @@ logging in with IMAP.
|
|||
resolveCtx, resolveCancel := context.WithTimeout(context.Background(), 10*time.Second)
|
||||
defer resolveCancel()
|
||||
|
||||
// Some DNSSEC-verifying resolvers return unauthentic data for ".", so we check "com".
|
||||
fmt.Printf("Checking if DNS resolvers are DNSSEC-verifying...")
|
||||
_, resolverDNSSECResult, err := resolver.LookupNS(resolveCtx, ".")
|
||||
_, resolverDNSSECResult, err := resolver.LookupNS(resolveCtx, "com.")
|
||||
if err != nil {
|
||||
fmt.Println("")
|
||||
fatalf("checking dnssec support in resolver: %v", err)
|
||||
|
|
|
@ -529,7 +529,8 @@ func checkDomain(ctx context.Context, resolver dns.Resolver, dialer *net.Dialer,
|
|||
defer logPanic(ctx)
|
||||
defer wg.Done()
|
||||
|
||||
_, result, err := resolver.LookupNS(ctx, ".")
|
||||
// Some DNSSEC-verifying resolvers return unauthentic data for ".", so we check "com".
|
||||
_, result, err := resolver.LookupNS(ctx, "com.")
|
||||
if err != nil {
|
||||
addf(&r.DNSSEC.Errors, "Looking up NS for DNS root (.) to check support in resolver for DNSSEC-verification: %s", err)
|
||||
} else if !result.Authentic {
|
||||
|
|
Loading…
Reference in a new issue