From c8bedec446212b07511ded85ba04a9a3d5965ba8 Mon Sep 17 00:00:00 2001 From: Mark Andrews Date: Thu, 1 Nov 2001 04:59:18 +0000 Subject: [PATCH] 1096. [func] libbind: "DNSSEC OK" (DO) support. --- CHANGES | 2 ++ lib/bind/include/arpa/nameser.h | 7 ++++++- lib/bind/include/resolv.h | 3 ++- lib/bind/resolv/res_debug.c | 12 ++++++++++-- lib/bind/resolv/res_mkquery.c | 12 ++++++++++-- lib/bind/resolv/res_query.c | 8 ++++---- 6 files changed, 34 insertions(+), 10 deletions(-) diff --git a/CHANGES b/CHANGES index be6a22fb1c..2d86556128 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,5 @@ +1096. [func] libbind: "DNSSEC OK" (DO) support. + 1095. [func] libbind: resolver option: no-tld-query. disables trying unqualified as a tld. no_tld_query is also supported for FreeBSD compatability. diff --git a/lib/bind/include/arpa/nameser.h b/lib/bind/include/arpa/nameser.h index ed485eba03..9263d06917 100644 --- a/lib/bind/include/arpa/nameser.h +++ b/lib/bind/include/arpa/nameser.h @@ -49,7 +49,7 @@ */ /* - * $Id: nameser.h,v 1.2 2001/06/21 08:26:03 marka Exp $ + * $Id: nameser.h,v 1.3 2001/11/01 04:59:15 marka Exp $ */ #ifndef _ARPA_NAMESER_H_ @@ -425,6 +425,11 @@ typedef enum __ns_cert_types { #define NS_NXT_BIT_ISSET(n,p) (p[(n)/NS_NXT_BITS] & (0x80>>((n)%NS_NXT_BITS))) #define NS_NXT_MAX 127 +/* + * EDNS0 extended flags, host order. + */ +#define NS_OPT_DNSSEC_OK 0x8000U + /* * Inline versions of get/put short/long. Pointer is advanced. */ diff --git a/lib/bind/include/resolv.h b/lib/bind/include/resolv.h index 544cf02a1e..2b5121a5cf 100644 --- a/lib/bind/include/resolv.h +++ b/lib/bind/include/resolv.h @@ -50,7 +50,7 @@ /* * @(#)resolv.h 8.1 (Berkeley) 6/2/93 - * $Id: resolv.h,v 1.9 2001/11/01 04:50:56 marka Exp $ + * $Id: resolv.h,v 1.10 2001/11/01 04:59:14 marka Exp $ */ #ifndef _RESOLV_H_ @@ -238,6 +238,7 @@ union res_sockaddr_union { #define RES_NO_NIBBLE 0x00040000 /* disable IPv6 nibble mode reverse */ #define RES_NO_BITSTRING 0x00080000 /* disable IPv6 bits tring mode reverse */ #define RES_NOTLDQUERY 0x00100000 /* don't unqualified name as a tld */ +#define RES_USE_DNSSEC 0x00200000 /* use DNSSEC using OK bit in OPT */ /* KAME extensions: use higher bit to avoid conflict with ISC use */ #define RES_USE_EDNS0 0x40000000 /* use EDNS0 if configured */ #define RES_USE_A6 0x20000000 /* use A6 */ diff --git a/lib/bind/resolv/res_debug.c b/lib/bind/resolv/res_debug.c index bc1e3d3681..d0cd07636e 100644 --- a/lib/bind/resolv/res_debug.c +++ b/lib/bind/resolv/res_debug.c @@ -95,7 +95,7 @@ #if defined(LIBC_SCCS) && !defined(lint) static const char sccsid[] = "@(#)res_debug.c 8.1 (Berkeley) 6/4/93"; -static const char rcsid[] = "$Id: res_debug.c,v 1.4 2001/11/01 04:50:58 marka Exp $"; +static const char rcsid[] = "$Id: res_debug.c,v 1.5 2001/11/01 04:59:16 marka Exp $"; #endif /* LIBC_SCCS and not lint */ #include "port_before.h" @@ -187,7 +187,12 @@ do_section(const res_state statp, ns_rr_name(rr), p_type(ns_rr_type(rr)), p_class(ns_rr_class(rr))); - else { + else if (section == ns_s_ar && ns_rr_type(rr) == ns_t_opt) { + u_int32_t ttl = ns_rr_ttl(rr); + fprintf(file, + "; EDNS: version: %u, udp=%u, flags=%04x\n", + (ttl>>16)&0xff, ns_rr_class(rr), ttl&0xffff); + } else { n = ns_sprintrr(handle, &rr, NULL, NULL, buf, buflen); if (n < 0) { @@ -616,6 +621,9 @@ p_option(u_long option) { #ifdef RES_USE_DNAME case RES_USE_DNAME: return "dname"; #endif +#ifdef RES_USE_DNSSEC + case RES_USE_DNSSEC: return "dnssec"; +#endif #ifdef RES_NOTLDQUERY case RES_NOTLDQUERY: return "no-tld-query"; #endif diff --git a/lib/bind/resolv/res_mkquery.c b/lib/bind/resolv/res_mkquery.c index f0bc42708a..474128fd09 100644 --- a/lib/bind/resolv/res_mkquery.c +++ b/lib/bind/resolv/res_mkquery.c @@ -70,7 +70,7 @@ #if defined(LIBC_SCCS) && !defined(lint) static const char sccsid[] = "@(#)res_mkquery.c 8.1 (Berkeley) 6/4/93"; -static const char rcsid[] = "$Id: res_mkquery.c,v 1.1 2001/03/29 06:31:59 marka Exp $"; +static const char rcsid[] = "$Id: res_mkquery.c,v 1.2 2001/11/01 04:59:17 marka Exp $"; #endif /* LIBC_SCCS and not lint */ #include "port_before.h" @@ -216,6 +216,7 @@ res_nopt(statp, n0, buf, buflen, anslen) { register HEADER *hp; register u_char *cp; + u_int16_t flags = 0; #ifdef DEBUG if ((statp->options & RES_DEBUG) != 0) @@ -238,7 +239,14 @@ res_nopt(statp, n0, buf, buflen, anslen) cp += INT16SZ; *cp++ = NOERROR; /* extended RCODE */ *cp++ = 0; /* EDNS version */ - __putshort(0, cp); /* MBZ */ + if (statp->options & RES_USE_DNSSEC) { +#ifdef DEBUG + if (statp->options & RES_DEBUG) + printf(";; res_opt()... ENDS0 DNSSEC\n"); +#endif + flags |= NS_OPT_DNSSEC_OK; + } + __putshort(flags, cp); cp += INT16SZ; __putshort(0, cp); /* RDLEN */ cp += INT16SZ; diff --git a/lib/bind/resolv/res_query.c b/lib/bind/resolv/res_query.c index 539c2eabfb..ee928cfe27 100644 --- a/lib/bind/resolv/res_query.c +++ b/lib/bind/resolv/res_query.c @@ -70,7 +70,7 @@ #if defined(LIBC_SCCS) && !defined(lint) static const char sccsid[] = "@(#)res_query.c 8.1 (Berkeley) 6/4/93"; -static const char rcsid[] = "$Id: res_query.c,v 1.3 2001/11/01 04:51:00 marka Exp $"; +static const char rcsid[] = "$Id: res_query.c,v 1.4 2001/11/01 04:59:18 marka Exp $"; #endif /* LIBC_SCCS and not lint */ #include "port_before.h" @@ -132,8 +132,8 @@ again: n = res_nmkquery(statp, QUERY, name, class, type, NULL, 0, NULL, buf, sizeof(buf)); #ifdef RES_USE_EDNS0 - if (n > 0 && (statp->options & RES_USE_EDNS0) != 0 && - (statp->_flags & RES_F_EDNS0ERR) == 0) + if (n > 0 && (statp->_flags & RES_F_EDNS0ERR) == 0 && + (statp->options & (RES_USE_EDNS0|RES_USE_DNSSEC)) != 0) n = res_nopt(statp, n, buf, sizeof(buf), anslen); #endif if (n <= 0) { @@ -148,7 +148,7 @@ again: if (n < 0) { #ifdef RES_USE_EDNS0 /* if the query choked with EDNS0, retry without EDNS0 */ - if ((statp->options & RES_USE_EDNS0) != 0 && + if ((statp->options & (RES_USE_EDNS0|RES_USE_DNSSEC)) != 0 && ((oflags ^ statp->_flags) & RES_F_EDNS0ERR) != 0) { statp->_flags |= RES_F_EDNS0ERR; if (statp->options & RES_DEBUG)