Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Rec 4.0.x: be more resilient with broken auths #5726
This PR solves an issue where we would SERVFAIL while trying to validate zones for which the auths do either not understand EDNS0 or give NXDOMAIN/SERVFAIL answers for non-A/AAAA queries.
The first commit ensures we stop validating a name once we hit an Insecure zone cut, all the while cleaning up getZoneCuts (no more pointer magic).
The second commit makes EDNS0 not mandatory anymore for DNSSEC (to work around broken auths).