summaryrefslogtreecommitdiff
path: root/src/resolve/resolved-dns-packet.c
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2015-12-03 19:51:04 +0100
committerLennart Poettering <lennart@poettering.net>2015-12-03 21:17:49 +0100
commit24710c48ed16be5fa461fbb303a744a907541daf (patch)
tree3331d39fd5762c7d5fe9babf50dd463a0151b011 /src/resolve/resolved-dns-packet.c
parent896c567247371cc14e49774c3b844a7038c37a60 (diff)
resolved: introduce a dnssec_mode setting per scope
The setting controls which kind of DNSSEC validation is done: none at all, trusting the AD bit, or client-side validation. For now, no validation is implemented, hence the setting doesn't do much yet, except of toggling the CD bit in the generated messages if full client-side validation is requested.
Diffstat (limited to 'src/resolve/resolved-dns-packet.c')
-rw-r--r--src/resolve/resolved-dns-packet.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/src/resolve/resolved-dns-packet.c b/src/resolve/resolved-dns-packet.c
index 2a010ef507..ea776f7916 100644
--- a/src/resolve/resolved-dns-packet.c
+++ b/src/resolve/resolved-dns-packet.c
@@ -65,7 +65,7 @@ int dns_packet_new(DnsPacket **ret, DnsProtocol protocol, size_t mtu) {
return 0;
}
-int dns_packet_new_query(DnsPacket **ret, DnsProtocol protocol, size_t mtu) {
+int dns_packet_new_query(DnsPacket **ret, DnsProtocol protocol, size_t mtu, bool dnssec_checking_disabled) {
DnsPacket *p;
DnsPacketHeader *h;
int r;
@@ -96,7 +96,7 @@ int dns_packet_new_query(DnsPacket **ret, DnsProtocol protocol, size_t mtu) {
1 /* rd (ask for recursion) */,
0 /* ra */,
0 /* ad */,
- 0 /* cd */,
+ dnssec_checking_disabled /* cd */,
0 /* rcode */));
*ret = p;
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-23 17:03:22 +0000