diff options
| author | Lennart Poettering <lennart@poettering.net> | 2015-12-03 19:51:04 +0100 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2015-12-03 21:17:49 +0100 |
| commit | 24710c48ed16be5fa461fbb303a744a907541daf (patch) | |
| tree | 3331d39fd5762c7d5fe9babf50dd463a0151b011 /src/resolve/resolved-dns-dnssec.c | |
| parent | 896c567247371cc14e49774c3b844a7038c37a60 (diff) | |
resolved: introduce a dnssec_mode setting per scope
The setting controls which kind of DNSSEC validation is done: none at
all, trusting the AD bit, or client-side validation.
For now, no validation is implemented, hence the setting doesn't do much
yet, except of toggling the CD bit in the generated messages if full
client-side validation is requested.
Diffstat (limited to 'src/resolve/resolved-dns-dnssec.c')
| -rw-r--r-- | src/resolve/resolved-dns-dnssec.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/src/resolve/resolved-dns-dnssec.c b/src/resolve/resolved-dns-dnssec.c index 608a8a2191..bd3d2f5c58 100644 --- a/src/resolve/resolved-dns-dnssec.c +++ b/src/resolve/resolved-dns-dnssec.c @@ -25,6 +25,7 @@ #include "dns-domain.h" #include "resolved-dns-dnssec.h" #include "resolved-dns-packet.h" +#include "string-table.h" /* Open question: * @@ -697,3 +698,10 @@ finish: gcry_md_close(md); return r; } + +static const char* const dnssec_mode_table[_DNSSEC_MODE_MAX] = { + [DNSSEC_NO] = "no", + [DNSSEC_TRUST] = "trust", + [DNSSEC_YES] = "yes", +}; +DEFINE_STRING_TABLE_LOOKUP(dnssec_mode, DnssecMode); |