davidb
/
jdnssec-tools
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 1 Wiki Activity

Validate the the RRset TTL is <= the OrigTTL.

This commit is contained in:
David Blacka 2017-01-06 12:54:16 -05:00
parent 444601fb2a
commit 8d3746fc22
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/com/verisignlabs/dnssec/security/DnsSecVerifier.java
View File

@ -211,6 +211,13 @@ public class DnsSecVerifier
}
}
if (rrset.getTTL() > sigrec.getOrigTTL())
{
log.fine("RRset's TTL is greater than the Signature's orignal TTL");
if (reasons != null) reasons.add("RRset TTL greater than RRSIG origTTL");
return false;
}
return true;
}