about summary refs log tree commit diff
path: root/resolv/resolv.h
diff options
context:
space:
mode:
authorFlorian Weimer <fweimer@redhat.com>2019-10-30 17:26:58 +0100
committerFlorian Weimer <fweimer@redhat.com>2019-11-27 20:54:37 +0100
commit446997ff1433d33452b81dfa9e626b8dccf101a4 (patch)
tree9a0e13fb7ca042a6f05fa9310f862c494580da80 /resolv/resolv.h
parent4a2ab5843a5cc4a5db1b3b79916a520ea8b115dc (diff)
downloadglibc-446997ff1433d33452b81dfa9e626b8dccf101a4.tar.gz
glibc-446997ff1433d33452b81dfa9e626b8dccf101a4.tar.xz
glibc-446997ff1433d33452b81dfa9e626b8dccf101a4.zip
resolv: Implement trust-ad option for /etc/resolv.conf [BZ #20358]
This introduces a concept of trusted name servers, for which the
AD bit is passed through to applications.  For untrusted name
servers (the default), the AD bit in responses are cleared, to
provide a safe default.

This approach is very similar to the one suggested by Pavel Šimerda
in <https://bugzilla.redhat.com/show_bug.cgi?id=1164339#c15>.

The DNS test framework in support/ is enhanced with support for
setting the AD bit in responses.

Tested on x86_64-linux-gnu.

Change-Id: Ibfe0f7c73ea221c35979842c5c3b6ed486495ccc
Diffstat (limited to 'resolv/resolv.h')
-rw-r--r--resolv/resolv.h1
1 files changed, 1 insertions, 0 deletions
diff --git a/resolv/resolv.h b/resolv/resolv.h
index 7a8023ae9d..a039a9e636 100644
--- a/resolv/resolv.h
+++ b/resolv/resolv.h
@@ -131,6 +131,7 @@ struct res_sym {
 #define RES_NOTLDQUERY	0x01000000	/* Do not look up unqualified name
 					   as a TLD.  */
 #define RES_NORELOAD    0x02000000 /* No automatic configuration reload.  */
+#define RES_TRUSTAD     0x04000000 /* Request AD bit, keep it in responses.  */
 
 #define RES_DEFAULT	(RES_RECURSE|RES_DEFNAMES|RES_DNSRCH)