* - AUTH must be > than NONAUTH
* - AUTH INSECURE must be > than AUTH (because it attempted validation)
* - NONAUTH SECURE must be > than AUTH (because it's valid)
+ *
+ * Ref: https://tools.ietf.org/html/rfc2181#section-5.4.1
*/
enum kr_cache_rank {
- KR_RANK_BAD = 0, /* BAD cache, do not use. */
+ KR_RANK_BAD = 0, /* BAD cache, do not use. */
KR_RANK_INSECURE = 1, /* Entry is DNSSEC insecure (e.g. RRSIG not exists). */
KR_RANK_EXTRA = 4, /* Entry from additional section. */
KR_RANK_NONAUTH = 8, /* Entry from authority section (i.e. parent-side). */
X(NO_CACHE, 1 << 11) /**< Do not use expiring cache for lookup. */ \
X(EXPIRING, 1 << 12) /**< Query response is cached, but expiring. */ \
X(ALLOW_LOCAL, 1 << 13) /**< Allow queries to local or private address ranges. */ \
- X(DNSSEC_WANT, 1 << 14) /**< Want DNSSEC secured answer. */ \
+ X(DNSSEC_WANT, 1 << 14) /**< Want DNSSEC secured answer; exception: +cd, \
+ * i.e. knot_wire_set_cd(request->answer->wire). */ \
X(DNSSEC_BOGUS, 1 << 15) /**< Query response is DNSSEC bogus. */ \
X(DNSSEC_INSECURE, 1 << 16) /**< Query response is DNSSEC insecure. */ \
X(STUB, 1 << 17) /**< Stub resolution, accept received answer as solved. */ \
X(PERMISSIVE, 1 << 20) /**< Permissive resolver mode. */ \
X(STRICT, 1 << 21) /**< Strict resolver mode. */ \
X(BADCOOKIE_AGAIN, 1 << 22) /**< Query again because bad cookie returned. */ \
- X(CNAME, 1 << 23) /**< Query response contains CNAME in answer section. */ \
+ X(CNAME, 1 << 23) /**< Query response contains CNAME in answer section. */ \
X(REORDER_RR, 1 << 24) /**< Reorder cached RRs. */
/** Query flags */
projects / thirdparty / knot-resolver.git / commitdiff
