summaryrefslogtreecommitdiff
path: root/src/resolve/resolved-conf.c
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2015-12-03 19:51:04 +0100
committerLennart Poettering <lennart@poettering.net>2015-12-03 21:17:49 +0100
commit24710c48ed16be5fa461fbb303a744a907541daf (patch)
tree3331d39fd5762c7d5fe9babf50dd463a0151b011 /src/resolve/resolved-conf.c
parent896c567247371cc14e49774c3b844a7038c37a60 (diff)
resolved: introduce a dnssec_mode setting per scope
The setting controls which kind of DNSSEC validation is done: none at all, trusting the AD bit, or client-side validation. For now, no validation is implemented, hence the setting doesn't do much yet, except of toggling the CD bit in the generated messages if full client-side validation is requested.
Diffstat (limited to 'src/resolve/resolved-conf.c')
-rw-r--r--src/resolve/resolved-conf.c35
1 files changed, 35 insertions, 0 deletions
diff --git a/src/resolve/resolved-conf.c b/src/resolve/resolved-conf.c
index 3fc7d9ae3d..1b2f3e336e 100644
--- a/src/resolve/resolved-conf.c
+++ b/src/resolve/resolved-conf.c
@@ -234,6 +234,41 @@ int config_parse_support(
return 0;
}
+int config_parse_dnssec(
+ const char *unit,
+ const char *filename,
+ unsigned line,
+ const char *section,
+ unsigned section_line,
+ const char *lvalue,
+ int ltype,
+ const char *rvalue,
+ void *data,
+ void *userdata) {
+
+ Manager *m = data;
+ DnssecMode mode;
+ int r;
+
+ assert(filename);
+ assert(lvalue);
+ assert(rvalue);
+
+ mode = dnssec_mode_from_string(rvalue);
+ if (mode < 0) {
+ r = parse_boolean(rvalue);
+ if (r < 0) {
+ log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse DNSSEC mode '%s'. Ignoring.", rvalue);
+ return 0;
+ }
+
+ mode = r ? DNSSEC_YES : DNSSEC_NO;
+ }
+
+ m->unicast_scope->dnssec_mode = mode;
+ return 0;
+}
+
int manager_parse_config_file(Manager *m) {
int r;
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-22 21:53:04 +0000