projects / systemd / .git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 718324c) | patch
resolved: enable DNS proxy mode if client wants DNSSEC
authorLennart Poettering <lennart@poettering.net>
Mon, 4 Mar 2024 17:49:49 +0000 (18:49 +0100)
committerLennart Poettering <lennart@poettering.net>
Tue, 5 Mar 2024 14:29:15 +0000 (15:29 +0100)
commit9c47b334445a2560a56def4f77e2c1fe1f7c965d
tree051da4749caeef2fe2f50f7cf46fbf55684b31b3tree | snapshot
parent718324c5e03f9892b5b416dc99b84f4131953129commit | diff
resolved: enable DNS proxy mode if client wants DNSSEC

So far we disabled DNSSEC if local clients asked for it via DO flag if
DNSSEC=no is set. Let's instead switch to proxy mode in this case, and
thus treat client requested DO mode as a way to force proxy mode.

This means DNSSEC=no just controls whether resolved will do validation
for regular looups, but it has no effect anymore on lookups from clients
that indicated they want to do their own DNSSEC anyway.

Fixes: #19227 #23737 #25105
src/resolve/resolved-dns-stub.c diff | blob | history
https://github.com/systemd/systemd.git