Define and implement RES_USE_DNSSEC option in resolver.

diff --git a/ChangeLog b/ChangeLog
index 8cc2e675c93ff6e2cd7a89b68fc2c3837c1255a5..e31b72ff65a7e3f74ccc27599e6fa4d19809981a 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,13 @@
+2009-07-27  Ulrich Drepper  <drepper@redhat.com>
+
+       * resolv/resolv.h (RES_USE_DNSSEC): Define.
+       * resolv/res_debug.c (p_option): Handle RES_USE_EDNS0 and
+       RES_USE_DNSSEC.
+       * resolv/res_mkquery.c (__res_nopt): Set flags for RES_USE_DNSSEC.
+       * resolv/res_query.c (__libc_res_nquery): Handle RES_USE_DNSSEC in
+       all the places we handled RES_USE_EDNS0 only before.
+       Patch by Adam Tkac <atkac@redhat.com>.
+
 2009-07-27  Jakub Jelinek  <jakub@redhat.com>
 
        * elf/dl-lookup.c (do_lookup_x): Fix check for table more than

diff --git a/resolv/res_debug.c b/resolv/res_debug.c
index c38de640a5a6aa5a5d99b75b360259bd1b940f41..f7996a71da2d3594c53c8476ec516f286a5e35e7 100644 (file)
--- a/resolv/res_debug.c
+++ b/resolv/res_debug.c
@@ -586,6 +586,8 @@ p_option(u_long option) {
        case RES_ROTATE:        return "rotate";
        case RES_NOCHECKNAME:   return "no-check-names";
        case RES_USEBSTRING:    return "ip6-bytstring";
+       case RES_USE_EDNS0:     return "edns0";
+       case RES_USE_DNSSEC:    return "dnssec";
                                /* XXX nonreentrant */
        default:                sprintf(nbuf, "?0x%lx?", (u_long)option);
                                return (nbuf);

diff --git a/resolv/res_mkquery.c b/resolv/res_mkquery.c
index 2dda4c0f45ce7054517fdd0cfaffb6282dd1b3e8..2bc2d2497fdf5dfaa7d0b2d011fc0591d9b4557b 100644 (file)
--- a/resolv/res_mkquery.c
+++ b/resolv/res_mkquery.c
@@ -247,7 +247,15 @@ __res_nopt(res_state statp,
        NS_PUT16(MIN(anslen, 0xffff), cp);      /* CLASS = UDP payload size */
        *cp++ = NOERROR;        /* extended RCODE */
        *cp++ = 0;              /* EDNS version */
-       /* XXX Once we support DNSSEC we change the flag value here.  */
+
+       if (statp->options & RES_USE_DNSSEC) {
+#ifdef DEBUG
+               if (statp->options & RES_DEBUG)
+                       printf(";; res_opt()... ENDS0 DNSSEC\n");
+#endif
+               flags |= NS_OPT_DNSSEC_OK;
+       }
+
        NS_PUT16(flags, cp);
        NS_PUT16(0, cp);        /* RDLEN */
        hp->arcount = htons(ntohs(hp->arcount) + 1);

diff --git a/resolv/res_query.c b/resolv/res_query.c
index 9ffb3e3685309d364ab7c94533400cc9fffb49b9..5ff352e2fc6056bad92238df1fb0c826f48a2f51 100644 (file)
--- a/resolv/res_query.c
+++ b/resolv/res_query.c
@@ -147,7 +147,7 @@ __libc_res_nquery(res_state statp,
            if (n > 0)
              {
                if ((oflags & RES_F_EDNS0ERR) == 0
-                   && (statp->options & RES_USE_EDNS0) != 0)
+                   && (statp->options & (RES_USE_EDNS0|RES_USE_DNSSEC)) != 0)
                  {
                    n = __res_nopt(statp, n, query1, bufsize, anslen / 2);
                    if (n < 0)
@@ -169,7 +169,7 @@ __libc_res_nquery(res_state statp,
                                 NULL, query2, bufsize - nused);
                if (n > 0
                    && (oflags & RES_F_EDNS0ERR) == 0
-                   && (statp->options & RES_USE_EDNS0) != 0)
+                   && (statp->options & (RES_USE_EDNS0|RES_USE_DNSSEC)) != 0)
                  n = __res_nopt(statp, n, query2, bufsize - nused - n,
                                 anslen / 2);
                nquery2 = n;
@@ -184,7 +184,7 @@ __libc_res_nquery(res_state statp,
 
            if (n > 0
                && (oflags & RES_F_EDNS0ERR) == 0
-               && (statp->options & RES_USE_EDNS0) != 0)
+               && (statp->options & (RES_USE_EDNS0|RES_USE_DNSSEC)) != 0)
              n = __res_nopt(statp, n, query1, bufsize, anslen);
 
            nquery1 = n;
@@ -203,7 +203,7 @@ __libc_res_nquery(res_state statp,
        }
        if (__builtin_expect (n <= 0, 0)) {
                /* If the query choked with EDNS0, retry without EDNS0.  */
-               if ((statp->options & RES_USE_EDNS0) != 0
+               if ((statp->options & (RES_USE_EDNS0|RES_USE_DNSSEC)) != 0
                    && ((oflags ^ statp->_flags) & RES_F_EDNS0ERR) != 0) {
                        statp->_flags |= RES_F_EDNS0ERR;
 #ifdef DEBUG

diff --git a/resolv/resolv.h b/resolv/resolv.h
index 3ef714f458ce6bcb3f9446d0046acdd2deffc65f..e49c29d2fe61f3faf8cbe66078d987708b2a7099 100644 (file)
--- a/resolv/resolv.h
+++ b/resolv/resolv.h
@@ -218,6 +218,7 @@ struct res_sym {
 #define RES_SNGLKUP    0x00200000      /* one outstanding request at a time */
 #define RES_SNGLKUPREOP        0x00400000      /* -"-, but open new socket for each
                                           request */
+#define RES_USE_DNSSEC 0x00800000      /* use DNSSEC using OK bit in OPT */
 
 #define RES_DEFAULT    (RES_RECURSE|RES_DEFNAMES|RES_DNSRCH|RES_NOIP6DOTINT)