From: Lennart Poettering Date: Tue, 5 Jan 2016 13:19:05 +0000 (+0100) Subject: resolved: also skip built-in trust anchor addition of there's a DNSKEY RR for the... X-Git-Tag: v231~811^2~1 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=d76f90f1711e55d23ee6c8c0957fa3db17927327;p=platform%2Fupstream%2Fsystemd.git resolved: also skip built-in trust anchor addition of there's a DNSKEY RR for the root domain defined We already skip this when the trust anchor files define a DS RR for the root domain, now also skip it if there's a DNSKEY RR. --- diff --git a/src/resolve/resolved-dns-trust-anchor.c b/src/resolve/resolved-dns-trust-anchor.c index 432a8a6..53b49b0 100644 --- a/src/resolve/resolved-dns-trust-anchor.c +++ b/src/resolve/resolved-dns-trust-anchor.c @@ -56,6 +56,9 @@ static int dns_trust_anchor_add_builtin(DnsTrustAnchor *d) { if (hashmap_get(d->positive_by_key, &DNS_RESOURCE_KEY_CONST(DNS_CLASS_IN, DNS_TYPE_DS, "."))) return 0; + if (hashmap_get(d->positive_by_key, &DNS_RESOURCE_KEY_CONST(DNS_CLASS_IN, DNS_TYPE_DNSKEY, "."))) + return 0; + /* Add the RR from https://data.iana.org/root-anchors/root-anchors.xml */ rr = dns_resource_record_new_full(DNS_CLASS_IN, DNS_TYPE_DS, ""); if (!rr)