diff options
| author | Florian Weimer <fweimer@redhat.com> | 2019-10-30 17:26:58 +0100 |
|---|---|---|
| committer | Florian Weimer <fweimer@redhat.com> | 2019-11-27 20:54:37 +0100 |
| commit | 446997ff1433d33452b81dfa9e626b8dccf101a4 (patch) | |
| tree | 9a0e13fb7ca042a6f05fa9310f862c494580da80 /resolv/resolv.h | |
| parent | 4a2ab5843a5cc4a5db1b3b79916a520ea8b115dc (diff) | |
| download | glibc-446997ff1433d33452b81dfa9e626b8dccf101a4.tar.gz glibc-446997ff1433d33452b81dfa9e626b8dccf101a4.tar.xz glibc-446997ff1433d33452b81dfa9e626b8dccf101a4.zip | |
resolv: Implement trust-ad option for /etc/resolv.conf [BZ #20358]
This introduces a concept of trusted name servers, for which the AD bit is passed through to applications. For untrusted name servers (the default), the AD bit in responses are cleared, to provide a safe default. This approach is very similar to the one suggested by Pavel Šimerda in <https://bugzilla.redhat.com/show_bug.cgi?id=1164339#c15>. The DNS test framework in support/ is enhanced with support for setting the AD bit in responses. Tested on x86_64-linux-gnu. Change-Id: Ibfe0f7c73ea221c35979842c5c3b6ed486495ccc
Diffstat (limited to 'resolv/resolv.h')
| -rw-r--r-- | resolv/resolv.h | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/resolv/resolv.h b/resolv/resolv.h index 7a8023ae9d..a039a9e636 100644 --- a/resolv/resolv.h +++ b/resolv/resolv.h @@ -131,6 +131,7 @@ struct res_sym { #define RES_NOTLDQUERY 0x01000000 /* Do not look up unqualified name as a TLD. */ #define RES_NORELOAD 0x02000000 /* No automatic configuration reload. */ +#define RES_TRUSTAD 0x04000000 /* Request AD bit, keep it in responses. */ #define RES_DEFAULT (RES_RECURSE|RES_DEFNAMES|RES_DNSRCH) |