From ab481675f98d3d3f12e7e48ba6d2159123b9c7bf Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Fri, 15 Jan 2016 02:21:22 +0100
Subject: resolved: complete NSEC non-existance proofs

This fills in the last few gaps:

- When checking if a domain is non-existing, also check that no wildcard for it exists
- Ensure we don't base "covering" tests on NSEC RRs from a parent zone
- Refuse to accept expanded wildcard NSEC RRs for absence proofs.
---
 src/resolve/resolved-dns-rr.h | 1 +
 1 file changed, 1 insertion(+)

(limited to 'src/resolve/resolved-dns-rr.h')

diff --git a/src/resolve/resolved-dns-rr.h b/src/resolve/resolved-dns-rr.h
index 8e7bfaa7c7..8ab53211a9 100644
--- a/src/resolve/resolved-dns-rr.h
+++ b/src/resolve/resolved-dns-rr.h
@@ -309,6 +309,7 @@ int dns_resource_record_to_wire_format(DnsResourceRecord *rr, bool canonical);
 int dns_resource_record_signer(DnsResourceRecord *rr, const char **ret);
 int dns_resource_record_source(DnsResourceRecord *rr, const char **ret);
 int dns_resource_record_is_signer(DnsResourceRecord *rr, const char *zone);
+int dns_resource_record_is_synthetic(DnsResourceRecord *rr);
 
 DnsTxtItem *dns_txt_item_free_all(DnsTxtItem *i);
 bool dns_txt_item_equal(DnsTxtItem *a, DnsTxtItem *b);
-- 
cgit v1.2.3-54-g00ecf