git.ipfire.org Git - thirdparty/systemd.git/commit - src/resolve/resolved-dns-transaction.c

]> git.ipfire.org Git - thirdparty/systemd.git/commit - src/resolve/resolved-dns-transaction.c

projects / thirdparty / systemd.git / commit

author	Lennart Poettering <lennart@poettering.net>
	Thu, 12 Nov 2020 16:33:08 +0000 (17:33 +0100)
committer	Lennart Poettering <lennart@poettering.net>
	Wed, 17 Feb 2021 18:25:13 +0000 (19:25 +0100)
commit	d96275d8eb627fa0bcaa1023d6d6610426311ace
tree	9eb9ac52e14f5be79a7795a686c17281fe786c58	tree \| snapshot
parent	0761da386a6cb0ced3721f2dee123fd983c71178	commit \| diff

resolved: in DNSSEC permissive mode, check if DO bit wasn't copied from request to response

If the server doesn't copy the DO bit from request to response, this is
a very early and easy indication that it doesn#t support DNSSEC
properly. Hence, let's immediately downgrade to non-DNSSEC mode if we
see this – if permissive mode is on and this is allowed.

src/resolve/resolved-dns-server.c		diff \| blob \| blame \| history
src/resolve/resolved-dns-server.h		diff \| blob \| blame \| history
src/resolve/resolved-dns-transaction.c		diff \| blob \| blame \| history

Unnamed repository; edit this file 'description' to name the repository.

RSS Atom