diff options
author | Lennart Poettering <lennart@poettering.net> | 2016-02-15 21:25:33 +0100 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2016-02-16 15:30:03 +0100 |
commit | 41815a4aa66c59070dc86aa99eebfa720e8a263e (patch) | |
tree | 5342fa63c694dcd1615415d58429101917028333 /src/resolve/dns-type.c | |
parent | 9dc907f9c93636cb63ca90300fa3b8c03812701f (diff) |
resolve: print a noisy warning if we show crypto keys that could not be authenticated
Doing DNS retrieval on non-authenticated crypt keys is useless, hence warn
loudly about it.
Diffstat (limited to 'src/resolve/dns-type.c')
-rw-r--r-- | src/resolve/dns-type.c | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/src/resolve/dns-type.c b/src/resolve/dns-type.c index b2f479cae5..78d9d5733f 100644 --- a/src/resolve/dns-type.c +++ b/src/resolve/dns-type.c @@ -193,6 +193,23 @@ bool dns_type_is_obsolete(uint16_t type) { DNS_TYPE_NULL); } +bool dns_type_needs_authentication(uint16_t type) { + + /* Returns true for all (non-obsolete) RR types where records are not useful if they aren't + * authenticated. I.e. everything that contains crypto keys. */ + + return IN_SET(type, + DNS_TYPE_CERT, + DNS_TYPE_SSHFP, + DNS_TYPE_IPSECKEY, + DNS_TYPE_DS, + DNS_TYPE_DNSKEY, + DNS_TYPE_TLSA, + DNS_TYPE_CDNSKEY, + DNS_TYPE_OPENPGPKEY, + DNS_TYPE_CAA); +} + int dns_type_to_af(uint16_t t) { switch (t) { |