resolved: if we detect a message with incomplete DNSSEC data, consider this an invali...

diff --git a/src/resolve/resolved-dns-transaction.c b/src/resolve/resolved-dns-transaction.c
index 6b465ab..018cfc7 100644 (file)
--- a/src/resolve/resolved-dns-transaction.c
+++ b/src/resolve/resolved-dns-transaction.c
@@ -675,6 +675,10 @@ static void dns_transaction_process_dnssec(DnsTransaction *t) {
         /* All our auxiliary DNSSEC transactions are complete now. Try
          * to validate our RRset now. */
         r = dns_transaction_validate_dnssec(t);
+        if (r == -EBADMSG) {
+                dns_transaction_complete(t, DNS_TRANSACTION_INVALID_REPLY);
+                return;
+        }
         if (r < 0) {
                 dns_transaction_complete(t, DNS_TRANSACTION_RESOURCES);
                 return;