From f342c8b34221802ef356eb6400adc82ca528d0ad Mon Sep 17 00:00:00 2001
From: jca <>
Date: Mon, 27 Feb 2017 11:38:08 +0000
Subject: Add support for RES_USE_DNSSEC

RES_USE_DNSSEC is implemented by setting the DNSSEC DO bit in outgoing
queries.  The resolver is then supposed to set the AD bit in the reply
if it managed to validate the answer through DNSSEC.  Useful when the
application doesn't implement validation internally.  This scheme
assumes that the validating resolver is trusted and that the
communication channel between the validating resolver and and the client
is secure.

ok eric@ gilles@
---
 src/lib/libc/net/resolver.3 | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

(limited to 'src/lib')

diff --git a/src/lib/libc/net/resolver.3 b/src/lib/libc/net/resolver.3
index 68e509f4f0..e371f7851c 100644
--- a/src/lib/libc/net/resolver.3
+++ b/src/lib/libc/net/resolver.3
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: resolver.3,v 1.36 2017/02/18 19:23:05 jca Exp $
+.\"	$OpenBSD: resolver.3,v 1.37 2017/02/27 11:38:08 jca Exp $
 .\"
 .\" Copyright (c) 1985, 1991, 1993
 .\"	The Regents of the University of California.  All rights reserved.
@@ -27,7 +27,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: February 18 2017 $
+.Dd $Mdocdate: February 27 2017 $
 .Dt RES_INIT 3
 .Os
 .Sh NAME
@@ -199,9 +199,6 @@ uses 4096 bytes as input buffer size.
 Request that the resolver uses
 Domain Name System Security Extensions (DNSSEC),
 as defined in RFCs 4033, 4034, and 4035.
-On
-.Ox
-this option does nothing.
 .El
 .Pp
 The
-- 
cgit v1.2.3-55-g6feb