resolv: Implement trust-ad option for /etc/resolv.conf [BZ #20358] - mirror/glibc - mirror of git://sourceware.org/git/glibc.git

diff options

author	Florian Weimer <fweimer@redhat.com>	2019-10-30 17:26:58 +0100
committer	Florian Weimer <fweimer@redhat.com>	2019-11-27 20:54:37 +0100
commit	446997ff1433d33452b81dfa9e626b8dccf101a4 (patch)
tree	9a0e13fb7ca042a6f05fa9310f862c494580da80 /support/check_netent.c
parent	4a2ab5843a5cc4a5db1b3b79916a520ea8b115dc (diff)
download	glibc-446997ff1433d33452b81dfa9e626b8dccf101a4.tar.gz glibc-446997ff1433d33452b81dfa9e626b8dccf101a4.tar.xz glibc-446997ff1433d33452b81dfa9e626b8dccf101a4.zip

resolv: Implement trust-ad option for /etc/resolv.conf [BZ #20358]

This introduces a concept of trusted name servers, for which the
AD bit is passed through to applications.  For untrusted name
servers (the default), the AD bit in responses are cleared, to
provide a safe default.

This approach is very similar to the one suggested by Pavel Šimerda
in <https://bugzilla.redhat.com/show_bug.cgi?id=1164339#c15>.

The DNS test framework in support/ is enhanced with support for
setting the AD bit in responses.

Tested on x86_64-linux-gnu.

Change-Id: Ibfe0f7c73ea221c35979842c5c3b6ed486495ccc

Diffstat (limited to 'support/check_netent.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: