From 24710c48ed16be5fa461fbb303a744a907541daf Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Thu, 3 Dec 2015 19:51:04 +0100
Subject: resolved: introduce a dnssec_mode setting per scope

The setting controls which kind of DNSSEC validation is done: none at
all, trusting the AD bit, or client-side validation.

For now, no validation is implemented, hence the setting doesn't do much
yet, except of toggling the CD bit in the generated messages if full
client-side validation is requested.
---
 src/resolve/resolved-dns-server.h | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'src/resolve/resolved-dns-server.h')

diff --git a/src/resolve/resolved-dns-server.h b/src/resolve/resolved-dns-server.h
index 00366a48c9..b07fc3af3d 100644
--- a/src/resolve/resolved-dns-server.h
+++ b/src/resolve/resolved-dns-server.h
@@ -61,10 +61,11 @@ struct DnsServer {
         int family;
         union in_addr_union address;
 
+        bool marked:1;
+
         usec_t resend_timeout;
         usec_t max_rtt;
 
-        bool marked:1;
         DnsServerFeatureLevel verified_features;
         DnsServerFeatureLevel possible_features;
         size_t received_udp_packet_max;
-- 
cgit v1.2.3-54-g00ecf