Do not doubt a secure (i.e. validated) NXDOMAIN response when we just
switched networks. We just validated it!
While here reorder the long list of conditions to make it easier to
understand when we doubt a response because we might be behind a
captive portal. First list all conditions when we do not doubt the
response and then the two conditions when we do doubt the response.
OK?
diff --git resolver.c resolver.c
index 06f09604f6e..7e18fc3449a 100644
--- resolver.c
+++ resolver.c
@@ -988,9 +988,9 @@ resolve_done(struct uw_resolver *res, void *arg, int rcode,
force_acceptbogus = 0;
timespecsub(&tp, &last_network_change, &elapsed);
- if ((result->rcode == LDNS_RCODE_NXDOMAIN || sec == BOGUS) &&
- !force_acceptbogus && res->type != UW_RES_ASR && elapsed.tv_sec <
- DOUBT_NXDOMAIN_SEC) {
+ if (sec != SECURE && elapsed.tv_sec < DOUBT_NXDOMAIN_SEC &&
+ !force_acceptbogus && res->type != UW_RES_ASR &&
+ (result->rcode == LDNS_RCODE_NXDOMAIN || sec == BOGUS)) {
/*
* Doubt NXDOMAIN or BOGUS if we just switched networks, we
* might be behind a captive portal.
--
I'm not entirely sure you are real.
