diff options
| author | Florian Weimer <fweimer@redhat.com> | 2019-10-30 17:26:58 +0100 |
|---|---|---|
| committer | Florian Weimer <fweimer@redhat.com> | 2019-11-27 20:54:37 +0100 |
| commit | 446997ff1433d33452b81dfa9e626b8dccf101a4 (patch) | |
| tree | 9a0e13fb7ca042a6f05fa9310f862c494580da80 /resolv/res_debug.c | |
| parent | 4a2ab5843a5cc4a5db1b3b79916a520ea8b115dc (diff) | |
| download | glibc-446997ff1433d33452b81dfa9e626b8dccf101a4.tar.gz glibc-446997ff1433d33452b81dfa9e626b8dccf101a4.tar.xz glibc-446997ff1433d33452b81dfa9e626b8dccf101a4.zip | |
resolv: Implement trust-ad option for /etc/resolv.conf [BZ #20358]
This introduces a concept of trusted name servers, for which the AD bit is passed through to applications. For untrusted name servers (the default), the AD bit in responses are cleared, to provide a safe default. This approach is very similar to the one suggested by Pavel Šimerda in <https://bugzilla.redhat.com/show_bug.cgi?id=1164339#c15>. The DNS test framework in support/ is enhanced with support for setting the AD bit in responses. Tested on x86_64-linux-gnu. Change-Id: Ibfe0f7c73ea221c35979842c5c3b6ed486495ccc
Diffstat (limited to 'resolv/res_debug.c')
| -rw-r--r-- | resolv/res_debug.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/resolv/res_debug.c b/resolv/res_debug.c index 4dac71f3c9..844269cffa 100644 --- a/resolv/res_debug.c +++ b/resolv/res_debug.c @@ -612,6 +612,7 @@ p_option(u_long option) { case RES_USE_DNSSEC: return "dnssec"; case RES_NOTLDQUERY: return "no-tld-query"; case RES_NORELOAD: return "no-reload"; + case RES_TRUSTAD: return "trust-ad"; /* XXX nonreentrant */ default: sprintf(nbuf, "?0x%lx?", (u_long)option); return (nbuf); |