aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/common/dns_utils.cpp6
-rw-r--r--tests/unit_tests/address_from_url.cpp3
2 files changed, 5 insertions, 4 deletions
diff --git a/src/common/dns_utils.cpp b/src/common/dns_utils.cpp
index 9561f6b46..e442d3d81 100644
--- a/src/common/dns_utils.cpp
+++ b/src/common/dns_utils.cpp
@@ -232,7 +232,7 @@ std::vector<std::string> DNSResolver::get_ipv4(const std::string& url, bool& dns
if (!ub_resolve(m_data->m_ub_context, urlC, DNS_TYPE_A, DNS_CLASS_IN, &result))
{
dnssec_available = (result->secure || (!result->secure && result->bogus));
- dnssec_valid = !result->bogus;
+ dnssec_valid = result->secure && !result->bogus;
if (result->havedata)
{
for (size_t i=0; result->data[i] != NULL; i++)
@@ -263,7 +263,7 @@ std::vector<std::string> DNSResolver::get_ipv6(const std::string& url, bool& dns
if (!ub_resolve(m_data->m_ub_context, urlC, DNS_TYPE_AAAA, DNS_CLASS_IN, &result))
{
dnssec_available = (result->secure || (!result->secure && result->bogus));
- dnssec_valid = !result->bogus;
+ dnssec_valid = result->secure && !result->bogus;
if (result->havedata)
{
for (size_t i=0; result->data[i] != NULL; i++)
@@ -294,7 +294,7 @@ std::vector<std::string> DNSResolver::get_txt_record(const std::string& url, boo
if (!ub_resolve(m_data->m_ub_context, urlC, DNS_TYPE_TXT, DNS_CLASS_IN, &result))
{
dnssec_available = (result->secure || (!result->secure && result->bogus));
- dnssec_valid = !result->bogus;
+ dnssec_valid = result->secure && !result->bogus;
if (result->havedata)
{
for (size_t i=0; result->data[i] != NULL; i++)
diff --git a/tests/unit_tests/address_from_url.cpp b/tests/unit_tests/address_from_url.cpp
index 99df75d74..807b22008 100644
--- a/tests/unit_tests/address_from_url.cpp
+++ b/tests/unit_tests/address_from_url.cpp
@@ -109,7 +109,8 @@ TEST(AddressFromURL, Failure)
std::vector<std::string> addresses = tools::wallet2::addresses_from_url("example.invalid", dnssec_result);
- ASSERT_FALSE(dnssec_result);
+ // for a non-existing domain such as "example.invalid", the non-existence is proved with NSEC records
+ ASSERT_TRUE(dnssec_result);
ASSERT_EQ(0, addresses.size());
}