Add support for RES_USE_DNSSEC

RES_USE_DNSSEC is implemented by setting the DNSSEC DO bit in outgoing queries. The resolver is then supposed to set the AD bit in the reply if it managed to validate the answer through DNSSEC. Useful when the application doesn't implement validation internally. This scheme assumes that the validating resolver is trusted and that the communication channel between the validating resolver and and the client is secure. ok eric@ gilles@
author: jca <> 2017-02-27 11:38:08 +0000
committer: jca <> 2017-02-27 11:38:08 +0000
commit: c2b74811611cc1f5ffe9e6543476548a8a9bba0a (patch)
tree: 8faebb1b8e9380c2c764ce51a087231218898937 /src
parent: 6ff5d1a93fe857fca562901ab9019b7a5bae4768 (diff)
download: openbsd-c2b74811611cc1f5ffe9e6543476548a8a9bba0a.tar.gz
openbsd-c2b74811611cc1f5ffe9e6543476548a8a9bba0a.tar.bz2
openbsd-c2b74811611cc1f5ffe9e6543476548a8a9bba0a.zip
1 files changed, 2 insertions, 5 deletions
diff --git a/src/lib/libc/net/resolver.3 b/src/lib/libc/net/resolver.3
index 68e509f4f0..e371f7851c 100644
--- a/src/lib/libc/net/resolver.3
+++ b/src/lib/libc/net/resolver.3
@@ -1,4 +1,4 @@
-.\"     $OpenBSD: resolver.3,v 1.36 2017/02/18 19:23:05 jca Exp $
+.\"     $OpenBSD: resolver.3,v 1.37 2017/02/27 11:38:08 jca Exp $
 .\"
 .\" Copyright (c) 1985, 1991, 1993
 .\"     The Regents of the University of California.  All rights reserved.
@@ -27,7 +27,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: February 18 2017 $
+.Dd $Mdocdate: February 27 2017 $
 .Dt RES_INIT 3
 .Os
 .Sh NAME
@@ -199,9 +199,6 @@ uses 4096 bytes as input buffer size.
 Request that the resolver uses
 Domain Name System Security Extensions (DNSSEC),
 as defined in RFCs 4033, 4034, and 4035.
-On
-.Ox
-this option does nothing.
 .El
 .Pp
 The
author	jca <>	2017-02-27 11:38:08 +0000
committer	jca <>	2017-02-27 11:38:08 +0000
commit	c2b74811611cc1f5ffe9e6543476548a8a9bba0a (patch)
tree	8faebb1b8e9380c2c764ce51a087231218898937 /src
parent	6ff5d1a93fe857fca562901ab9019b7a5bae4768 (diff)
download	openbsd-c2b74811611cc1f5ffe9e6543476548a8a9bba0a.tar.gz openbsd-c2b74811611cc1f5ffe9e6543476548a8a9bba0a.tar.bz2 openbsd-c2b74811611cc1f5ffe9e6543476548a8a9bba0a.zip

diff --git a/src/lib/libc/net/resolver.3 b/src/lib/libc/net/resolver.3 index 68e509f4f0..e371f7851c 100644 --- a/src/lib/libc/net/resolver.3 +++ b/src/lib/libc/net/resolver.3
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: resolver.3,v 1.36 2017/02/18 19:23:05 jca Exp $	1	.\" $OpenBSD: resolver.3,v 1.37 2017/02/27 11:38:08 jca Exp $
2	.\"	2	.\"
3	.\" Copyright (c) 1985, 1991, 1993	3	.\" Copyright (c) 1985, 1991, 1993
4	.\" The Regents of the University of California. All rights reserved.	4	.\" The Regents of the University of California. All rights reserved.
@@ -27,7 +27,7 @@
27	.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF	27	.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
28	.\" SUCH DAMAGE.	28	.\" SUCH DAMAGE.
29	.\"	29	.\"
30	.Dd $Mdocdate: February 18 2017 $	30	.Dd $Mdocdate: February 27 2017 $
31	.Dt RES_INIT 3	31	.Dt RES_INIT 3
32	.Os	32	.Os
33	.Sh NAME	33	.Sh NAME
@@ -199,9 +199,6 @@ uses 4096 bytes as input buffer size.
199	Request that the resolver uses	199	Request that the resolver uses
200	Domain Name System Security Extensions (DNSSEC),	200	Domain Name System Security Extensions (DNSSEC),
201	as defined in RFCs 4033, 4034, and 4035.	201	as defined in RFCs 4033, 4034, and 4035.
202	On
203	.Ox
204	this option does nothing.
205	.El	202	.El
206	.Pp	203	.Pp
207	The	204	The