From 2b442ac87838be7c326c984d8751c96dee7258ab Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Wed, 2 Dec 2015 21:20:37 +0100 Subject: resolved: add basic DNSSEC support This adds most basic operation for doing DNSSEC validation on the client side. However, it does not actually add the verification logic to the resolver. Specifically, this patch only includes: - Verifying DNSKEY RRs against a DS RRs - Verifying RRSets against a combination of RRSIG and DNSKEY RRs - Matching up RRSIG RRs and DNSKEY RRs - Matching up RR keys and RRSIG RRs - Calculating the DNSSEC key tag from a DNSKEY RR All currently used DNSSEC combinations of SHA and RSA are implemented. Support for MD5 hashing and DSA or EC cyphers are not. MD5 and DSA are probably obsolete, and shouldn't be added. EC should probably be added eventually, if it actually is deployed on the Internet. --- src/resolve/resolved-dns-cache.h | 1 - 1 file changed, 1 deletion(-) (limited to 'src/resolve/resolved-dns-cache.h') diff --git a/src/resolve/resolved-dns-cache.h b/src/resolve/resolved-dns-cache.h index 164435b4fb..561d31ad99 100644 --- a/src/resolve/resolved-dns-cache.h +++ b/src/resolve/resolved-dns-cache.h @@ -21,7 +21,6 @@ along with systemd; If not, see . ***/ - #include "hashmap.h" #include "list.h" #include "prioq.h" -- cgit v1.2.3-54-g00ecf