resolved: add a concept of "authenticated" responses

This adds a new SD_RESOLVED_AUTHENTICATED flag for responses we return on the bus. When set, then the data has been authenticated. For now this mostly reflects the DNSSEC AD bit, if DNSSEC=trust is set. As soon as the client-side validation is complete it will be hooked up to this flag too. We also set this bit whenver we generated the data ourselves, for example, because it originates in our local LLMNR zone, or from the built-in trust anchor database. The "systemd-resolve-host" tool has been updated to show the flag state for the data it shows.
author: Lennart Poettering <lennart@poettering.net> 2015-12-03 21:04:52 +0100
committer: Lennart Poettering <lennart@poettering.net> 2015-12-03 21:17:49 +0100
commit: 931851e8e492a4d2715e22dcde50a5e7ccef4b49 (patch)
tree: 01687919f0e6cc539baa17084c06c90326359040 /src/resolve-host
parent: 3ba27cd339d2de53fa34c1ec7242da50a1c047b7 (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/src/resolve-host/resolve-host.c b/src/resolve-host/resolve-host.c
index 36dfc70e00..0f154d9798 100644
--- a/src/resolve-host/resolve-host.c
+++ b/src/resolve-host/resolve-host.c
@@ -67,6 +67,8 @@ static void print_source(uint64_t flags, usec_t rtt) {
 
         fputc('.', stdout);
         fputc('\n', stdout);
+
+        printf("-- Data is authenticated: %s\n", yes_no(flags & SD_RESOLVED_AUTHENTICATED));
 }
 
 static int resolve_host(sd_bus *bus, const char *name) {
author	Lennart Poettering <lennart@poettering.net>	2015-12-03 21:04:52 +0100
committer	Lennart Poettering <lennart@poettering.net>	2015-12-03 21:17:49 +0100
commit	931851e8e492a4d2715e22dcde50a5e7ccef4b49 (patch)
tree	01687919f0e6cc539baa17084c06c90326359040 /src/resolve-host
parent	3ba27cd339d2de53fa34c1ec7242da50a1c047b7 (diff)