From 2d0671cbbdade9013d6fd5153d01bd5e1d3f60cb Mon Sep 17 00:00:00 2001
From: Adam Tkac <atkac@redhat.com>
Date: Mon, 27 Jul 2009 07:33:48 -0700
Subject: Define and implement RES_USE_DNSSEC option in resolver.

---
 resolv/res_debug.c   |  2 ++
 resolv/res_mkquery.c | 10 +++++++++-
 resolv/res_query.c   |  8 ++++----
 resolv/resolv.h      |  1 +
 4 files changed, 16 insertions(+), 5 deletions(-)

(limited to 'resolv')

diff --git a/resolv/res_debug.c b/resolv/res_debug.c
index c38de64..f7996a7 100644
--- a/resolv/res_debug.c
+++ b/resolv/res_debug.c
@@ -586,6 +586,8 @@ p_option(u_long option) {
 	case RES_ROTATE:	return "rotate";
 	case RES_NOCHECKNAME:	return "no-check-names";
 	case RES_USEBSTRING:	return "ip6-bytstring";
+	case RES_USE_EDNS0:	return "edns0";
+	case RES_USE_DNSSEC:	return "dnssec";
 				/* XXX nonreentrant */
 	default:		sprintf(nbuf, "?0x%lx?", (u_long)option);
 				return (nbuf);
diff --git a/resolv/res_mkquery.c b/resolv/res_mkquery.c
index 2dda4c0..2bc2d24 100644
--- a/resolv/res_mkquery.c
+++ b/resolv/res_mkquery.c
@@ -247,7 +247,15 @@ __res_nopt(res_state statp,
 	NS_PUT16(MIN(anslen, 0xffff), cp);	/* CLASS = UDP payload size */
 	*cp++ = NOERROR;	/* extended RCODE */
 	*cp++ = 0;		/* EDNS version */
-	/* XXX Once we support DNSSEC we change the flag value here.  */
+
+	if (statp->options & RES_USE_DNSSEC) {
+#ifdef DEBUG
+		if (statp->options & RES_DEBUG)
+			printf(";; res_opt()... ENDS0 DNSSEC\n");
+#endif
+		flags |= NS_OPT_DNSSEC_OK;
+	}
+
 	NS_PUT16(flags, cp);
 	NS_PUT16(0, cp);	/* RDLEN */
 	hp->arcount = htons(ntohs(hp->arcount) + 1);
diff --git a/resolv/res_query.c b/resolv/res_query.c
index 9ffb3e3..5ff352e 100644
--- a/resolv/res_query.c
+++ b/resolv/res_query.c
@@ -147,7 +147,7 @@ __libc_res_nquery(res_state statp,
 	    if (n > 0)
 	      {
 		if ((oflags & RES_F_EDNS0ERR) == 0
-		    && (statp->options & RES_USE_EDNS0) != 0)
+		    && (statp->options & (RES_USE_EDNS0|RES_USE_DNSSEC)) != 0)
 		  {
 		    n = __res_nopt(statp, n, query1, bufsize, anslen / 2);
 		    if (n < 0)
@@ -169,7 +169,7 @@ __libc_res_nquery(res_state statp,
 				 NULL, query2, bufsize - nused);
 		if (n > 0
 		    && (oflags & RES_F_EDNS0ERR) == 0
-		    && (statp->options & RES_USE_EDNS0) != 0)
+		    && (statp->options & (RES_USE_EDNS0|RES_USE_DNSSEC)) != 0)
 		  n = __res_nopt(statp, n, query2, bufsize - nused - n,
 				 anslen / 2);
 		nquery2 = n;
@@ -184,7 +184,7 @@ __libc_res_nquery(res_state statp,
 
 	    if (n > 0
 		&& (oflags & RES_F_EDNS0ERR) == 0
-		&& (statp->options & RES_USE_EDNS0) != 0)
+		&& (statp->options & (RES_USE_EDNS0|RES_USE_DNSSEC)) != 0)
 	      n = __res_nopt(statp, n, query1, bufsize, anslen);
 
 	    nquery1 = n;
@@ -203,7 +203,7 @@ __libc_res_nquery(res_state statp,
 	}
 	if (__builtin_expect (n <= 0, 0)) {
 		/* If the query choked with EDNS0, retry without EDNS0.  */
-		if ((statp->options & RES_USE_EDNS0) != 0
+		if ((statp->options & (RES_USE_EDNS0|RES_USE_DNSSEC)) != 0
 		    && ((oflags ^ statp->_flags) & RES_F_EDNS0ERR) != 0) {
 			statp->_flags |= RES_F_EDNS0ERR;
 #ifdef DEBUG
diff --git a/resolv/resolv.h b/resolv/resolv.h
index 3ef714f..e49c29d 100644
--- a/resolv/resolv.h
+++ b/resolv/resolv.h
@@ -218,6 +218,7 @@ struct res_sym {
 #define RES_SNGLKUP	0x00200000	/* one outstanding request at a time */
 #define RES_SNGLKUPREOP	0x00400000	/* -"-, but open new socket for each
 					   request */
+#define RES_USE_DNSSEC	0x00800000	/* use DNSSEC using OK bit in OPT */
 
 #define RES_DEFAULT	(RES_RECURSE|RES_DEFNAMES|RES_DNSRCH|RES_NOIP6DOTINT)
 
-- 
cgit v1.1