resolved: rework DNSSECSupported property

Not only report whether the server actually supports DNSSEC, but also first check whether DNSSEC is actually enabled for it in our local configuration. Also, export a per-link DNSSECSupported property in addition to the existing manager-wide property.
author: Lennart Poettering <lennart@poettering.net> 2016-01-19 21:48:01 +0100
committer: Lennart Poettering <lennart@poettering.net> 2016-01-19 21:56:54 +0100
commit: c69fa7e3c44240bedc0ee1bd89fecf954783ac85 (patch)
tree: 42c7490e0639a76a2a56227ea56a928c2a3bca58 /src/resolve/resolved-link.c
parent: d2ec6608b93e3f74345c737637af24e9e75c209b (diff)
1 files changed, 24 insertions, 0 deletions
diff --git a/src/resolve/resolved-link.c b/src/resolve/resolved-link.c
index 6f37da46b0..b203f19dbb 100644
--- a/src/resolve/resolved-link.c
+++ b/src/resolve/resolved-link.c
@@ -580,6 +580,30 @@ void link_next_dns_server(Link *l) {
         link_set_dns_server(l, l->dns_servers);
 }
 
+DnssecMode link_get_dnssec_mode(Link *l) {
+        assert(l);
+
+        if (l->dnssec_mode != _DNSSEC_MODE_INVALID)
+                return l->dnssec_mode;
+
+        return manager_get_dnssec_mode(l->manager);
+}
+
+bool link_dnssec_supported(Link *l) {
+        DnsServer *server;
+
+        assert(l);
+
+        if (link_get_dnssec_mode(l) == DNSSEC_NO)
+                return false;
+
+        server = link_get_dns_server(l);
+        if (server)
+                return dns_server_dnssec_supported(server);
+
+        return true;
+}
+
 int link_address_new(Link *l, LinkAddress **ret, int family, const union in_addr_union *in_addr) {
         LinkAddress *a;
author	Lennart Poettering <lennart@poettering.net>	2016-01-19 21:48:01 +0100
committer	Lennart Poettering <lennart@poettering.net>	2016-01-19 21:56:54 +0100
commit	c69fa7e3c44240bedc0ee1bd89fecf954783ac85 (patch)
tree	42c7490e0639a76a2a56227ea56a928c2a3bca58 /src/resolve/resolved-link.c
parent	d2ec6608b93e3f74345c737637af24e9e75c209b (diff)