CVSROOT: /cvs
Module name: src
Changes by: j...@cvs.openbsd.org 2017/02/27 04:38:08
Modified files:
lib/libc/asr : asr_private.h asr_utils.c res_mkquery.c
res_send_async.c
lib/libc/net : resolver.3
Log message:
Add support for RES_USE_DNSSEC
RES_USE_DNSSEC is implemented by setting the DNSSEC DO bit in outgoing
queries. The resolver is then supposed to set the AD bit in the reply
if it managed to validate the answer through DNSSEC. Useful when the
application doesn't implement validation internally. This scheme
assumes that the validating resolver is trusted and that the
communication channel between the validating resolver and and the client
is secure.
ok eric@ gilles@
