From ad6c04756115809d615dede330213d73edf732a8 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Tue, 5 Jan 2016 19:57:33 +0100
Subject: resolved,networkd: add a per-interface DNSSEC setting

This adds a DNSSEC= setting to .network files, and makes resolved honour
them.
---
 src/resolve/resolved-dns-scope.c | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

(limited to 'src/resolve/resolved-dns-scope.c')

diff --git a/src/resolve/resolved-dns-scope.c b/src/resolve/resolved-dns-scope.c
index 13be2a3792..c96bed04b0 100644
--- a/src/resolve/resolved-dns-scope.c
+++ b/src/resolve/resolved-dns-scope.c
@@ -57,6 +57,23 @@ int dns_scope_new(Manager *m, DnsScope **ret, Link *l, DnsProtocol protocol, int
         s->family = family;
         s->resend_timeout = MULTICAST_RESEND_TIMEOUT_MIN_USEC;
 
+        s->dnssec_mode = _DNSSEC_MODE_INVALID;
+
+        if (protocol == DNS_PROTOCOL_DNS) {
+                /* Copy DNSSEC mode from the link if it is set there,
+                 * otherwise take the manager's DNSSEC mode. Note that
+                 * we copy this only at scope creation time, and do
+                 * not update it from the on, even if the setting
+                 * changes. */
+
+                if (l)
+                        s->dnssec_mode = l->dnssec_mode;
+                if (s->dnssec_mode == _DNSSEC_MODE_INVALID)
+                        s->dnssec_mode = m->dnssec_mode;
+                if (s->dnssec_mode == _DNSSEC_MODE_INVALID)
+                        s->dnssec_mode = DNSSEC_NO;
+        }
+
         LIST_PREPEND(scopes, m->dns_scopes, s);
 
         dns_scope_llmnr_membership(s, true);
-- 
cgit v1.2.3-54-g00ecf