about summary refs log tree commit diff
path: root/resolv
diff options
context:
space:
mode:
Diffstat (limited to 'resolv')
-rw-r--r--resolv/res_debug.c2
-rw-r--r--resolv/res_mkquery.c10
-rw-r--r--resolv/res_query.c8
-rw-r--r--resolv/resolv.h1
4 files changed, 16 insertions, 5 deletions
diff --git a/resolv/res_debug.c b/resolv/res_debug.c
index c38de640a5..f7996a71da 100644
--- a/resolv/res_debug.c
+++ b/resolv/res_debug.c
@@ -586,6 +586,8 @@ p_option(u_long option) {
 	case RES_ROTATE:	return "rotate";
 	case RES_NOCHECKNAME:	return "no-check-names";
 	case RES_USEBSTRING:	return "ip6-bytstring";
+	case RES_USE_EDNS0:	return "edns0";
+	case RES_USE_DNSSEC:	return "dnssec";
 				/* XXX nonreentrant */
 	default:		sprintf(nbuf, "?0x%lx?", (u_long)option);
 				return (nbuf);
diff --git a/resolv/res_mkquery.c b/resolv/res_mkquery.c
index 2dda4c0f45..2bc2d2497f 100644
--- a/resolv/res_mkquery.c
+++ b/resolv/res_mkquery.c
@@ -247,7 +247,15 @@ __res_nopt(res_state statp,
 	NS_PUT16(MIN(anslen, 0xffff), cp);	/* CLASS = UDP payload size */
 	*cp++ = NOERROR;	/* extended RCODE */
 	*cp++ = 0;		/* EDNS version */
-	/* XXX Once we support DNSSEC we change the flag value here.  */
+
+	if (statp->options & RES_USE_DNSSEC) {
+#ifdef DEBUG
+		if (statp->options & RES_DEBUG)
+			printf(";; res_opt()... ENDS0 DNSSEC\n");
+#endif
+		flags |= NS_OPT_DNSSEC_OK;
+	}
+
 	NS_PUT16(flags, cp);
 	NS_PUT16(0, cp);	/* RDLEN */
 	hp->arcount = htons(ntohs(hp->arcount) + 1);
diff --git a/resolv/res_query.c b/resolv/res_query.c
index 9ffb3e3685..5ff352e2fc 100644
--- a/resolv/res_query.c
+++ b/resolv/res_query.c
@@ -147,7 +147,7 @@ __libc_res_nquery(res_state statp,
 	    if (n > 0)
 	      {
 		if ((oflags & RES_F_EDNS0ERR) == 0
-		    && (statp->options & RES_USE_EDNS0) != 0)
+		    && (statp->options & (RES_USE_EDNS0|RES_USE_DNSSEC)) != 0)
 		  {
 		    n = __res_nopt(statp, n, query1, bufsize, anslen / 2);
 		    if (n < 0)
@@ -169,7 +169,7 @@ __libc_res_nquery(res_state statp,
 				 NULL, query2, bufsize - nused);
 		if (n > 0
 		    && (oflags & RES_F_EDNS0ERR) == 0
-		    && (statp->options & RES_USE_EDNS0) != 0)
+		    && (statp->options & (RES_USE_EDNS0|RES_USE_DNSSEC)) != 0)
 		  n = __res_nopt(statp, n, query2, bufsize - nused - n,
 				 anslen / 2);
 		nquery2 = n;
@@ -184,7 +184,7 @@ __libc_res_nquery(res_state statp,
 
 	    if (n > 0
 		&& (oflags & RES_F_EDNS0ERR) == 0
-		&& (statp->options & RES_USE_EDNS0) != 0)
+		&& (statp->options & (RES_USE_EDNS0|RES_USE_DNSSEC)) != 0)
 	      n = __res_nopt(statp, n, query1, bufsize, anslen);
 
 	    nquery1 = n;
@@ -203,7 +203,7 @@ __libc_res_nquery(res_state statp,
 	}
 	if (__builtin_expect (n <= 0, 0)) {
 		/* If the query choked with EDNS0, retry without EDNS0.  */
-		if ((statp->options & RES_USE_EDNS0) != 0
+		if ((statp->options & (RES_USE_EDNS0|RES_USE_DNSSEC)) != 0
 		    && ((oflags ^ statp->_flags) & RES_F_EDNS0ERR) != 0) {
 			statp->_flags |= RES_F_EDNS0ERR;
 #ifdef DEBUG
diff --git a/resolv/resolv.h b/resolv/resolv.h
index 3ef714f458..e49c29d2fe 100644
--- a/resolv/resolv.h
+++ b/resolv/resolv.h
@@ -218,6 +218,7 @@ struct res_sym {
 #define RES_SNGLKUP	0x00200000	/* one outstanding request at a time */
 #define RES_SNGLKUPREOP	0x00400000	/* -"-, but open new socket for each
 					   request */
+#define RES_USE_DNSSEC	0x00800000	/* use DNSSEC using OK bit in OPT */
 
 #define RES_DEFAULT	(RES_RECURSE|RES_DEFNAMES|RES_DNSRCH|RES_NOIP6DOTINT)