diff options
| author | Florian Weimer <fweimer@redhat.com> | 2019-10-30 17:26:58 +0100 |
|---|---|---|
| committer | Florian Weimer <fweimer@redhat.com> | 2019-11-27 20:54:37 +0100 |
| commit | 446997ff1433d33452b81dfa9e626b8dccf101a4 (patch) | |
| tree | 9a0e13fb7ca042a6f05fa9310f862c494580da80 /resolv/res_init.c | |
| parent | 4a2ab5843a5cc4a5db1b3b79916a520ea8b115dc (diff) | |
| download | glibc-446997ff1433d33452b81dfa9e626b8dccf101a4.tar.gz | |
resolv: Implement trust-ad option for /etc/resolv.conf [BZ #20358]
This introduces a concept of trusted name servers, for which the
AD bit is passed through to applications. For untrusted name
servers (the default), the AD bit in responses are cleared, to
provide a safe default.
This approach is very similar to the one suggested by Pavel Šimerda
in <https://bugzilla.redhat.com/show_bug.cgi?id=1164339#c15>.
The DNS test framework in support/ is enhanced with support for
setting the AD bit in responses.
Tested on x86_64-linux-gnu.
Change-Id: Ibfe0f7c73ea221c35979842c5c3b6ed486495ccc
Diffstat (limited to 'resolv/res_init.c')
| -rw-r--r-- | resolv/res_init.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/resolv/res_init.c b/resolv/res_init.c index 1b8e062732..c2f2c7b7e7 100644 --- a/resolv/res_init.c +++ b/resolv/res_init.c @@ -679,7 +679,8 @@ res_setoptions (struct resolv_conf_parser *parser, const char *options) { STRnLEN ("no_tld_query"), 0, RES_NOTLDQUERY }, { STRnLEN ("no-tld-query"), 0, RES_NOTLDQUERY }, { STRnLEN ("no-reload"), 0, RES_NORELOAD }, - { STRnLEN ("use-vc"), 0, RES_USEVC } + { STRnLEN ("use-vc"), 0, RES_USEVC }, + { STRnLEN ("trust-ad"), 0, RES_TRUSTAD }, }; #define noptions (sizeof (options) / sizeof (options[0])) for (int i = 0; i < noptions; ++i) |