From bb22ed069bc6220b20c75f4a873419a24cae266d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabian=20M=C3=B6ller?= Date: Wed, 22 Jan 2025 13:33:12 +0100 Subject: [PATCH] resolved: fix DNSSEC `missing-key` error Skip unsupport/invalid `DS` and `DNSKEY` combinations during verification. Fixes: #12545 (cherry picked from commit cac3b43eee83829d68ebf7d4786ebc32e62fe813) --- src/resolve/resolved-dns-dnssec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/resolve/resolved-dns-dnssec.c b/src/resolve/resolved-dns-dnssec.c index 09cc2cb731..6d32b2d798 100644 --- a/src/resolve/resolved-dns-dnssec.c +++ b/src/resolve/resolved-dns-dnssec.c @@ -1473,7 +1473,7 @@ int dnssec_verify_dnskey_by_ds_search(DnsResourceRecord *dnskey, DnsAnswer *vali r = dnssec_verify_dnskey_by_ds(dnskey, ds, false); if (IN_SET(r, -EKEYREJECTED, -EOPNOTSUPP)) - return 0; /* The DNSKEY is revoked or otherwise invalid, or we don't support the digest algorithm */ + continue; /* The DNSKEY is revoked or otherwise invalid, or we don't support the digest algorithm */ if (r < 0) return r; if (r > 0)