aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorFlorian Weimer <fweimer@redhat.com>2019-10-30 17:26:58 +0100
committerFlorian Weimer <fweimer@redhat.com>2019-11-27 20:54:37 +0100
commit446997ff1433d33452b81dfa9e626b8dccf101a4 (patch)
tree9a0e13fb7ca042a6f05fa9310f862c494580da80 /resolv/res_mkquery.c
parentdlsym: Do not determine caller link map if not needed (diff)
downloadglibc-446997ff1433d33452b81dfa9e626b8dccf101a4.tar.gz
glibc-446997ff1433d33452b81dfa9e626b8dccf101a4.tar.bz2
glibc-446997ff1433d33452b81dfa9e626b8dccf101a4.zip
resolv: Implement trust-ad option for /etc/resolv.conf [BZ #20358]
This introduces a concept of trusted name servers, for which the AD bit is passed through to applications. For untrusted name servers (the default), the AD bit in responses are cleared, to provide a safe default. This approach is very similar to the one suggested by Pavel Šimerda in <https://bugzilla.redhat.com/show_bug.cgi?id=1164339#c15>. The DNS test framework in support/ is enhanced with support for setting the AD bit in responses. Tested on x86_64-linux-gnu. Change-Id: Ibfe0f7c73ea221c35979842c5c3b6ed486495ccc
Diffstat (limited to 'resolv/res_mkquery.c')
-rw-r--r--resolv/res_mkquery.c2
1 files changed, 2 insertions, 0 deletions
diff --git a/resolv/res_mkquery.c b/resolv/res_mkquery.c
index cf0c9e229c..0d39353b41 100644
--- a/resolv/res_mkquery.c
+++ b/resolv/res_mkquery.c
@@ -118,6 +118,8 @@ __res_context_mkquery (struct resolv_context *ctx, int op, const char *dname,
the application does multiple requests. */
hp->id = random_bits ();
hp->opcode = op;
+ if (ctx->resp->options & RES_TRUSTAD)
+ hp->ad = 1;
hp->rd = (ctx->resp->options & RES_RECURSE) != 0;
hp->rcode = NOERROR;
cp = buf + HFIXEDSZ;