resolved: don't attempt to send queries for DNSSEC RR types to servers not supporting them

If we already degraded the feature level below DO don't bother with sending requests for DS, DNSKEY, RRSIG, NSEC, NSEC3 or NSEC3PARAM RRs. After all, we cannot do DNSSEC validation then anyway, and we better not press a legacy server like this with such modern concepts. This also has the benefit that when we try to validate a response we received using DNSSEC, and we detect a limited server support level while doing so, all further auxiliary DNSSEC queries will fail right-away.
author: Lennart Poettering <lennart@poettering.net> 2016-01-08 17:10:49 +0100
committer: Lennart Poettering <lennart@poettering.net> 2016-01-11 19:40:00 +0100
commit: 91adc4db33f69606aabd332813a5d7d5751c859f (patch)
tree: ba1435ba438cb3148c1729c3aa20241db70eb6d2 /src/resolve/dns-type.h
parent: 29ab055292924329ab0512ddb83846a53dd8e0ab (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/src/resolve/dns-type.h b/src/resolve/dns-type.h
index c3bb26a5ee..6b3516a76b 100644
--- a/src/resolve/dns-type.h
+++ b/src/resolve/dns-type.h
@@ -129,6 +129,7 @@ bool dns_type_is_pseudo(uint16_t type);
 bool dns_type_is_valid_query(uint16_t type);
 bool dns_type_is_valid_rr(uint16_t type);
 bool dns_type_may_redirect(uint16_t type);
+bool dns_type_is_dnssec(uint16_t type);
 
 bool dns_class_is_pseudo(uint16_t class);
 bool dns_class_is_valid_rr(uint16_t class);
author	Lennart Poettering <lennart@poettering.net>	2016-01-08 17:10:49 +0100
committer	Lennart Poettering <lennart@poettering.net>	2016-01-11 19:40:00 +0100
commit	91adc4db33f69606aabd332813a5d7d5751c859f (patch)
tree	ba1435ba438cb3148c1729c3aa20241db70eb6d2 /src/resolve/dns-type.h
parent	29ab055292924329ab0512ddb83846a53dd8e0ab (diff)