From 15cb5e2ab7ebc41b9d2c23e57300fca16eafcd00 Mon Sep 17 00:00:00 2001 From: David Blacka Date: Tue, 22 Apr 2014 16:39:00 -0400 Subject: [PATCH] Fix issue in jdnssec-verifyzone (and ZoneVerifier) where junk in the zone wouldn't be handled correctly (that is, ignored.) --- src/com/verisignlabs/dnssec/security/ZoneVerifier.java | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/com/verisignlabs/dnssec/security/ZoneVerifier.java b/src/com/verisignlabs/dnssec/security/ZoneVerifier.java index 9a50253..81d9a94 100644 --- a/src/com/verisignlabs/dnssec/security/ZoneVerifier.java +++ b/src/com/verisignlabs/dnssec/security/ZoneVerifier.java @@ -276,6 +276,11 @@ public class ZoneVerifier // All RRs at the zone apex are normal if (n.equals(mZoneName)) return NodeType.NORMAL; + // If the node is not below the zone itself, we will treat it as glue (it is really junk). + if (!n.subdomain(mZoneName)) + { + return NodeType.GLUE; + } // If the node is below a zone cut (either a delegation or DNAME), it is // glue. if (last_cut != null && n.subdomain(last_cut) && !n.equals(last_cut))