summaryrefslogtreecommitdiff
path: root/src/resolve/resolved-dns-transaction.h
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2016-01-08 17:10:49 +0100
committerLennart Poettering <lennart@poettering.net>2016-01-11 19:40:00 +0100
commit91adc4db33f69606aabd332813a5d7d5751c859f (patch)
treeba1435ba438cb3148c1729c3aa20241db70eb6d2 /src/resolve/resolved-dns-transaction.h
parent29ab055292924329ab0512ddb83846a53dd8e0ab (diff)
resolved: don't attempt to send queries for DNSSEC RR types to servers not supporting them
If we already degraded the feature level below DO don't bother with sending requests for DS, DNSKEY, RRSIG, NSEC, NSEC3 or NSEC3PARAM RRs. After all, we cannot do DNSSEC validation then anyway, and we better not press a legacy server like this with such modern concepts. This also has the benefit that when we try to validate a response we received using DNSSEC, and we detect a limited server support level while doing so, all further auxiliary DNSSEC queries will fail right-away.
Diffstat (limited to 'src/resolve/resolved-dns-transaction.h')
-rw-r--r--src/resolve/resolved-dns-transaction.h1
1 files changed, 1 insertions, 0 deletions
diff --git a/src/resolve/resolved-dns-transaction.h b/src/resolve/resolved-dns-transaction.h
index 0df7d01737..3d088bfb2b 100644
--- a/src/resolve/resolved-dns-transaction.h
+++ b/src/resolve/resolved-dns-transaction.h
@@ -39,6 +39,7 @@ enum DnsTransactionState {
DNS_TRANSACTION_ABORTED,
DNS_TRANSACTION_DNSSEC_FAILED,
DNS_TRANSACTION_NO_TRUST_ANCHOR,
+ DNS_TRANSACTION_RR_TYPE_UNSUPPORTED,
_DNS_TRANSACTION_STATE_MAX,
_DNS_TRANSACTION_STATE_INVALID = -1
};