From: Nick Rosbrook Date: Fri, 30 Jan 2026 19:34:03 +0000 (-0500) Subject: resolve: add DNSConfiguration field to indicate DNSSEC support X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9b2f263f30ea0eb3706f87ed2027ef5d5cc6313f;p=thirdparty%2Fsystemd.git resolve: add DNSConfiguration field to indicate DNSSEC support The varlink API is currently missing the "DNSSEC supported" field, which is required for to re-implement the existing resolvectl status output with varlink instead of dbus. Add this field to DNSConfiguration. --- diff --git a/src/resolve/resolved-manager.c b/src/resolve/resolved-manager.c index 95e635d8527..cc63152e0b0 100644 --- a/src/resolve/resolved-manager.c +++ b/src/resolve/resolved-manager.c @@ -2055,6 +2055,7 @@ static int dns_configuration_json_append( Set *negative_trust_anchors, Set *dns_scopes, DnssecMode dnssec_mode, + bool dnssec_supported, DnsOverTlsMode dns_over_tls_mode, ResolveSupport llmnr_support, ResolveSupport mdns_support, @@ -2138,6 +2139,7 @@ static int dns_configuration_json_append( SD_JSON_BUILD_PAIR_CONDITION(!set_isempty(negative_trust_anchors), "negativeTrustAnchors", JSON_BUILD_STRING_SET(negative_trust_anchors)), + JSON_BUILD_PAIR_CONDITION_BOOLEAN(dnssec_mode >= 0, "dnssecSupported", dnssec_supported), JSON_BUILD_PAIR_STRING_NON_EMPTY("dnssec", dnssec_mode_to_string(dnssec_mode)), JSON_BUILD_PAIR_STRING_NON_EMPTY("dnsOverTLS", dns_over_tls_mode_to_string(dns_over_tls_mode)), JSON_BUILD_PAIR_STRING_NON_EMPTY("llmnr", resolve_support_to_string(llmnr_support)), @@ -2169,6 +2171,7 @@ static int global_dns_configuration_json_append(Manager *m, sd_json_variant **co m->trust_anchor.negative_by_name, scopes, manager_get_dnssec_mode(m), + manager_dnssec_supported(m), manager_get_dns_over_tls_mode(m), m->llmnr_support, m->mdns_support, @@ -2225,6 +2228,7 @@ static int link_dns_configuration_json_append(Link *l, sd_json_variant **configu l->dnssec_negative_trust_anchors, scopes, link_get_dnssec_mode(l), + link_dnssec_supported(l), link_get_dns_over_tls_mode(l), link_get_llmnr_support(l), link_get_mdns_support(l), @@ -2255,6 +2259,7 @@ static int delegate_dns_configuration_json_append(DnsDelegate *d, sd_json_varian /* negative_trust_anchors= */ NULL, scopes, /* dnssec_mode= */ _DNSSEC_MODE_INVALID, + /* dnssec_supported= */ false, /* dns_over_tls_mode= */ _DNS_OVER_TLS_MODE_INVALID, /* llmnr_support= */ _RESOLVE_SUPPORT_INVALID, /* mdns_support= */ _RESOLVE_SUPPORT_INVALID, diff --git a/src/shared/varlink-io.systemd.Resolve.c b/src/shared/varlink-io.systemd.Resolve.c index 3f20c9f6ccc..c84453851bb 100644 --- a/src/shared/varlink-io.systemd.Resolve.c +++ b/src/shared/varlink-io.systemd.Resolve.c @@ -274,6 +274,8 @@ SD_VARLINK_DEFINE_STRUCT_TYPE( SD_VARLINK_DEFINE_FIELD(negativeTrustAnchors, SD_VARLINK_STRING, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE), SD_VARLINK_FIELD_COMMENT("DNSSEC mode."), SD_VARLINK_DEFINE_FIELD(dnssec, SD_VARLINK_STRING, SD_VARLINK_NULLABLE), + SD_VARLINK_FIELD_COMMENT("Indicates if the current DNS server supports DNSSEC. Always false if DNSSEC mode is \"no\"."), + SD_VARLINK_DEFINE_FIELD(dnssecSupported, SD_VARLINK_BOOL, SD_VARLINK_NULLABLE), SD_VARLINK_FIELD_COMMENT("DNSOverTLS mode."), SD_VARLINK_DEFINE_FIELD_BY_TYPE(dnsOverTLS, DNSOverTLSMode, SD_VARLINK_NULLABLE), SD_VARLINK_FIELD_COMMENT("LLMNR support."),