diff options
| author | Lennart Poettering <lennart@poettering.net> | 2016-01-10 22:58:58 +0100 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2016-01-11 19:40:00 +0100 |
| commit | 92ec902aad1ade7acbe50efd7b8ef87fbdc63af3 (patch) | |
| tree | c961d4c9bc61528785e660cf613df080ca5a6ac2 /src/resolve/resolved-dns-server.h | |
| parent | 6cb08a8930bdaca950b152b1e8b82466ed59511c (diff) | |
resolved: rework how and when we detect whether our chosen DNS server knows DNSSEC
Move detection into a set of new functions, that check whether one specific server can do DNSSEC, whether a server and
a specific transaction can do DNSSEC, or whether a transaction and all its auxiliary transactions could do so.
Also, do these checks both before we acquire additional RRs for the validation (so that we can skip them if the server
doesn't do DNSSEC anyway), and after we acquired them all (to see if any of the lookups changed our opinion about the
servers).
THis also tightens the checks a bit: a server that lacks TCP support is considered incompatible with DNSSEC too.
Diffstat (limited to 'src/resolve/resolved-dns-server.h')
| -rw-r--r-- | src/resolve/resolved-dns-server.h | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/src/resolve/resolved-dns-server.h b/src/resolve/resolved-dns-server.h index faa22babb5..323f702903 100644 --- a/src/resolve/resolved-dns-server.h +++ b/src/resolve/resolved-dns-server.h @@ -116,6 +116,8 @@ int dns_server_adjust_opt(DnsServer *server, DnsPacket *packet, DnsServerFeature const char *dns_server_string(DnsServer *server); +bool dns_server_dnssec_supported(DnsServer *server); + DnsServer *dns_server_find(DnsServer *first, int family, const union in_addr_union *in_addr); void dns_server_unlink_all(DnsServer *first); |