Validate the the RRset TTL is <= the OrigTTL.
This commit is contained in:
parent
444601fb2a
commit
8d3746fc22
@ -211,6 +211,13 @@ public class DnsSecVerifier
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (rrset.getTTL() > sigrec.getOrigTTL())
|
||||||
|
{
|
||||||
|
log.fine("RRset's TTL is greater than the Signature's orignal TTL");
|
||||||
|
if (reasons != null) reasons.add("RRset TTL greater than RRSIG origTTL");
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user