1 /* SPDX-License-Identifier: LGPL-2.1+ */
4 #include "conf-parser.h"
7 typedef enum ResolveSupport ResolveSupport
;
8 typedef enum DnssecMode DnssecMode
;
9 typedef enum DnsOverTlsMode DnsOverTlsMode
;
14 RESOLVE_SUPPORT_RESOLVE
,
16 _RESOLVE_SUPPORT_INVALID
= -1
20 /* No DNSSEC validation is done */
23 /* Validate locally, if the server knows DO, but if not,
24 * don't. Don't trust the AD bit. If the server doesn't do
25 * DNSSEC properly, downgrade to non-DNSSEC operation. Of
26 * course, we then are vulnerable to a downgrade attack, but
27 * that's life and what is configured. */
28 DNSSEC_ALLOW_DOWNGRADE
,
30 /* Insist on DNSSEC server support, and rather fail than downgrading. */
34 _DNSSEC_MODE_INVALID
= -1
38 /* No connection is made for DNS-over-TLS */
41 /* Try to connect using DNS-over-TLS, but if connection fails,
42 * fallback to using an unencrypted connection */
43 DNS_OVER_TLS_OPPORTUNISTIC
,
45 _DNS_OVER_TLS_MODE_MAX
,
46 _DNS_OVER_TLS_MODE_INVALID
= -1
49 CONFIG_PARSER_PROTOTYPE(config_parse_resolve_support
);
50 CONFIG_PARSER_PROTOTYPE(config_parse_dnssec_mode
);
51 CONFIG_PARSER_PROTOTYPE(config_parse_dns_over_tls_mode
);
53 const char* resolve_support_to_string(ResolveSupport p
) _const_
;
54 ResolveSupport
resolve_support_from_string(const char *s
) _pure_
;
56 const char* dnssec_mode_to_string(DnssecMode p
) _const_
;
57 DnssecMode
dnssec_mode_from_string(const char *s
) _pure_
;
59 const char* dns_over_tls_mode_to_string(DnsOverTlsMode p
) _const_
;
60 DnsOverTlsMode
dns_over_tls_mode_from_string(const char *s
) _pure_
;
projects / thirdparty / systemd.git / blob