summaryrefslogtreecommitdiff
path: root/src/resolve/resolved-dns-scope.c
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2016-01-05 19:57:33 +0100
committerLennart Poettering <lennart@poettering.net>2016-01-05 20:10:31 +0100
commitad6c04756115809d615dede330213d73edf732a8 (patch)
tree832a20d697321d22b62cabc5b9695b231a6f04f1 /src/resolve/resolved-dns-scope.c
parent125ae29d1bc3a6362c9bb1acddbe09fe1b274cfc (diff)
resolved,networkd: add a per-interface DNSSEC setting
This adds a DNSSEC= setting to .network files, and makes resolved honour them.
Diffstat (limited to 'src/resolve/resolved-dns-scope.c')
-rw-r--r--src/resolve/resolved-dns-scope.c17
1 files changed, 17 insertions, 0 deletions
diff --git a/src/resolve/resolved-dns-scope.c b/src/resolve/resolved-dns-scope.c
index 13be2a3792..c96bed04b0 100644
--- a/src/resolve/resolved-dns-scope.c
+++ b/src/resolve/resolved-dns-scope.c
@@ -57,6 +57,23 @@ int dns_scope_new(Manager *m, DnsScope **ret, Link *l, DnsProtocol protocol, int
s->family = family;
s->resend_timeout = MULTICAST_RESEND_TIMEOUT_MIN_USEC;
+ s->dnssec_mode = _DNSSEC_MODE_INVALID;
+
+ if (protocol == DNS_PROTOCOL_DNS) {
+ /* Copy DNSSEC mode from the link if it is set there,
+ * otherwise take the manager's DNSSEC mode. Note that
+ * we copy this only at scope creation time, and do
+ * not update it from the on, even if the setting
+ * changes. */
+
+ if (l)
+ s->dnssec_mode = l->dnssec_mode;
+ if (s->dnssec_mode == _DNSSEC_MODE_INVALID)
+ s->dnssec_mode = m->dnssec_mode;
+ if (s->dnssec_mode == _DNSSEC_MODE_INVALID)
+ s->dnssec_mode = DNSSEC_NO;
+ }
+
LIST_PREPEND(scopes, m->dns_scopes, s);
dns_scope_llmnr_membership(s, true);
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-09 21:56:09 +0000