From 2d0671cbbdade9013d6fd5153d01bd5e1d3f60cb Mon Sep 17 00:00:00 2001 From: Adam Tkac Date: Mon, 27 Jul 2009 07:33:48 -0700 Subject: Define and implement RES_USE_DNSSEC option in resolver. --- ChangeLog | 10 ++++++++++ resolv/res_debug.c | 2 ++ resolv/res_mkquery.c | 10 +++++++++- resolv/res_query.c | 8 ++++---- resolv/resolv.h | 1 + 5 files changed, 26 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index 8cc2e675c9..e31b72ff65 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,13 @@ +2009-07-27 Ulrich Drepper + + * resolv/resolv.h (RES_USE_DNSSEC): Define. + * resolv/res_debug.c (p_option): Handle RES_USE_EDNS0 and + RES_USE_DNSSEC. + * resolv/res_mkquery.c (__res_nopt): Set flags for RES_USE_DNSSEC. + * resolv/res_query.c (__libc_res_nquery): Handle RES_USE_DNSSEC in + all the places we handled RES_USE_EDNS0 only before. + Patch by Adam Tkac . + 2009-07-27 Jakub Jelinek * elf/dl-lookup.c (do_lookup_x): Fix check for table more than diff --git a/resolv/res_debug.c b/resolv/res_debug.c index c38de640a5..f7996a71da 100644 --- a/resolv/res_debug.c +++ b/resolv/res_debug.c @@ -586,6 +586,8 @@ p_option(u_long option) { case RES_ROTATE: return "rotate"; case RES_NOCHECKNAME: return "no-check-names"; case RES_USEBSTRING: return "ip6-bytstring"; + case RES_USE_EDNS0: return "edns0"; + case RES_USE_DNSSEC: return "dnssec"; /* XXX nonreentrant */ default: sprintf(nbuf, "?0x%lx?", (u_long)option); return (nbuf); diff --git a/resolv/res_mkquery.c b/resolv/res_mkquery.c index 2dda4c0f45..2bc2d2497f 100644 --- a/resolv/res_mkquery.c +++ b/resolv/res_mkquery.c @@ -247,7 +247,15 @@ __res_nopt(res_state statp, NS_PUT16(MIN(anslen, 0xffff), cp); /* CLASS = UDP payload size */ *cp++ = NOERROR; /* extended RCODE */ *cp++ = 0; /* EDNS version */ - /* XXX Once we support DNSSEC we change the flag value here. */ + + if (statp->options & RES_USE_DNSSEC) { +#ifdef DEBUG + if (statp->options & RES_DEBUG) + printf(";; res_opt()... ENDS0 DNSSEC\n"); +#endif + flags |= NS_OPT_DNSSEC_OK; + } + NS_PUT16(flags, cp); NS_PUT16(0, cp); /* RDLEN */ hp->arcount = htons(ntohs(hp->arcount) + 1); diff --git a/resolv/res_query.c b/resolv/res_query.c index 9ffb3e3685..5ff352e2fc 100644 --- a/resolv/res_query.c +++ b/resolv/res_query.c @@ -147,7 +147,7 @@ __libc_res_nquery(res_state statp, if (n > 0) { if ((oflags & RES_F_EDNS0ERR) == 0 - && (statp->options & RES_USE_EDNS0) != 0) + && (statp->options & (RES_USE_EDNS0|RES_USE_DNSSEC)) != 0) { n = __res_nopt(statp, n, query1, bufsize, anslen / 2); if (n < 0) @@ -169,7 +169,7 @@ __libc_res_nquery(res_state statp, NULL, query2, bufsize - nused); if (n > 0 && (oflags & RES_F_EDNS0ERR) == 0 - && (statp->options & RES_USE_EDNS0) != 0) + && (statp->options & (RES_USE_EDNS0|RES_USE_DNSSEC)) != 0) n = __res_nopt(statp, n, query2, bufsize - nused - n, anslen / 2); nquery2 = n; @@ -184,7 +184,7 @@ __libc_res_nquery(res_state statp, if (n > 0 && (oflags & RES_F_EDNS0ERR) == 0 - && (statp->options & RES_USE_EDNS0) != 0) + && (statp->options & (RES_USE_EDNS0|RES_USE_DNSSEC)) != 0) n = __res_nopt(statp, n, query1, bufsize, anslen); nquery1 = n; @@ -203,7 +203,7 @@ __libc_res_nquery(res_state statp, } if (__builtin_expect (n <= 0, 0)) { /* If the query choked with EDNS0, retry without EDNS0. */ - if ((statp->options & RES_USE_EDNS0) != 0 + if ((statp->options & (RES_USE_EDNS0|RES_USE_DNSSEC)) != 0 && ((oflags ^ statp->_flags) & RES_F_EDNS0ERR) != 0) { statp->_flags |= RES_F_EDNS0ERR; #ifdef DEBUG diff --git a/resolv/resolv.h b/resolv/resolv.h index 3ef714f458..e49c29d2fe 100644 --- a/resolv/resolv.h +++ b/resolv/resolv.h @@ -218,6 +218,7 @@ struct res_sym { #define RES_SNGLKUP 0x00200000 /* one outstanding request at a time */ #define RES_SNGLKUPREOP 0x00400000 /* -"-, but open new socket for each request */ +#define RES_USE_DNSSEC 0x00800000 /* use DNSSEC using OK bit in OPT */ #define RES_DEFAULT (RES_RECURSE|RES_DEFNAMES|RES_DNSRCH|RES_NOIP6DOTINT) -- cgit v1.2.3