reviewed: bwelling

1096. [func] libbind: "DNSSEC OK" (DO) support.
2002-07-14 04:26:59 +00:00
parent a2537d9b00
commit 2099644f0d
6 changed files with 34 additions and 10 deletions
--- a/2
+++ b/2
@@ -140,6 +140,8 @@
 1209.	[bug]		Dig, host, nslookup were not checking the message ids
 			on the responses. [RT #2454]

+1096.	[func]		libbind: "DNSSEC OK" (DO) support.
+
 1095.	[func]		libbind: resolver option: no-tld-query.  disables
 			trying unqualified as a tld.  no_tld_query is also
 			supported for FreeBSD compatability.
--- a/lib/bind/include/arpa/nameser.h
+++ b/lib/bind/include/arpa/nameser.h
@@ -49,7 +49,7 @@
 */

 /*
- *	$Id: nameser.h,v 1.2.2.2 2002/07/11 04:10:34 marka Exp $
+ *	$Id: nameser.h,v 1.2.2.3 2002/07/14 04:26:55 marka Exp $
 */

 #ifndef _ARPA_NAMESER_H_
@@ -427,6 +427,11 @@ typedef enum __ns_cert_types {
 #define	NS_NXT_BIT_ISSET(n,p) (p[(n)/NS_NXT_BITS] &   (0x80>>((n)%NS_NXT_BITS)))
 #define NS_NXT_MAX 127

+/*
+ * EDNS0 extended flags, host order.
+ */
+#define NS_OPT_DNSSEC_OK	0x8000U
+
 /*
 * Inline versions of get/put short/long.  Pointer is advanced.
 */
--- a/lib/bind/include/resolv.h
+++ b/lib/bind/include/resolv.h
@@ -50,7 +50,7 @@

 /*
 *	@(#)resolv.h	8.1 (Berkeley) 6/2/93
- *	$Id: resolv.h,v 1.7.2.6 2002/07/14 02:27:07 marka Exp $
+ *	$Id: resolv.h,v 1.7.2.7 2002/07/14 04:26:54 marka Exp $
 */

 #ifndef _RESOLV_H_
@@ -249,6 +249,7 @@ union res_sockaddr_union {
 #define RES_NO_NIBBLE	0x00040000	/* disable IPv6 nibble mode reverse */
 #define RES_NO_BITSTRING 0x00080000	/* disable IPv6 bit string mode reverse */
 #define RES_NOTLDQUERY	0x00100000	/* don't unqualified name as a tld */
+#define RES_USE_DNSSEC	0x00200000	/* use DNSSEC using OK bit in OPT */
 /* KAME extensions: use higher bit to avoid conflict with ISC use */
 #define RES_USE_DNAME	0x10000000	/* use DNAME */
 #define RES_USE_A6	0x20000000	/* use A6 */
--- a/lib/bind/resolv/res_debug.c
+++ b/lib/bind/resolv/res_debug.c
@@ -95,7 +95,7 @@

 #if defined(LIBC_SCCS) && !defined(lint)
 static const char sccsid[] = "@(#)res_debug.c	8.1 (Berkeley) 6/4/93";
-static const char rcsid[] = "$Id: res_debug.c,v 1.3.2.3 2002/07/14 02:27:08 marka Exp $";
+static const char rcsid[] = "$Id: res_debug.c,v 1.3.2.4 2002/07/14 04:26:56 marka Exp $";
 #endif /* LIBC_SCCS and not lint */

 #include "port_before.h"
@@ -187,7 +187,12 @@ do_section(const res_state statp,
 				ns_rr_name(rr),
 				p_type(ns_rr_type(rr)),
 				p_class(ns_rr_class(rr)));
-		else {
+		else if (section == ns_s_ar && ns_rr_type(rr) == ns_t_opt) {
+			u_int32_t ttl = ns_rr_ttl(rr);
+			fprintf(file,
+				"; EDNS: version: %u, udp=%u, flags=%04x\n",
+				(ttl>>16)&0xff, ns_rr_class(rr), ttl&0xffff);
+		} else {
 			n = ns_sprintrr(handle, &rr, NULL, NULL,
 					buf, buflen);
 			if (n < 0) {
@@ -616,6 +621,9 @@ p_option(u_long option) {
 #ifdef RES_USE_DNAME
 	case RES_USE_DNAME:	return "dname";
 #endif
+#ifdef RES_USE_DNSSEC
+	case RES_USE_DNSSEC:	return "dnssec";
+#endif
 #ifdef RES_NOTLDQUERY
 	case RES_NOTLDQUERY:	return "no-tld-query";
 #endif
--- a/lib/bind/resolv/res_mkquery.c
+++ b/lib/bind/resolv/res_mkquery.c
@@ -70,7 +70,7 @@

 #if defined(LIBC_SCCS) && !defined(lint)
 static const char sccsid[] = "@(#)res_mkquery.c	8.1 (Berkeley) 6/4/93";
-static const char rcsid[] = "$Id: res_mkquery.c,v 1.1 2001/03/29 06:31:59 marka Exp $";
+static const char rcsid[] = "$Id: res_mkquery.c,v 1.1.2.1 2002/07/14 04:26:57 marka Exp $";
 #endif /* LIBC_SCCS and not lint */

 #include "port_before.h"
@@ -216,6 +216,7 @@ res_nopt(statp, n0, buf, buflen, anslen)
 {
 	register HEADER *hp;
 	register u_char *cp;
+	u_int16_t flags = 0;

 #ifdef DEBUG
 	if ((statp->options & RES_DEBUG) != 0)
@@ -238,7 +239,14 @@ res_nopt(statp, n0, buf, buflen, anslen)
 	cp += INT16SZ;
 	*cp++ = NOERROR;	/* extended RCODE */
 	*cp++ = 0;		/* EDNS version */
-	__putshort(0, cp);	/* MBZ */
+	if (statp->options & RES_USE_DNSSEC) {
+#ifdef DEBUG
+		if (statp->options & RES_DEBUG)
+			printf(";; res_opt()... ENDS0 DNSSEC\n");
+#endif
+		flags |= NS_OPT_DNSSEC_OK;
+	}
+	__putshort(flags, cp);
 	cp += INT16SZ;
 	__putshort(0, cp);	/* RDLEN */
 	cp += INT16SZ;
--- a/lib/bind/resolv/res_query.c
+++ b/lib/bind/resolv/res_query.c
@@ -70,7 +70,7 @@

 #if defined(LIBC_SCCS) && !defined(lint)
 static const char sccsid[] = "@(#)res_query.c	8.1 (Berkeley) 6/4/93";
-static const char rcsid[] = "$Id: res_query.c,v 1.2.2.1 2002/07/14 02:27:10 marka Exp $";
+static const char rcsid[] = "$Id: res_query.c,v 1.2.2.2 2002/07/14 04:26:59 marka Exp $";
 #endif /* LIBC_SCCS and not lint */

 #include "port_before.h"
@@ -132,8 +132,8 @@ again:
 	n = res_nmkquery(statp, QUERY, name, class, type, NULL, 0, NULL,
 			 buf, sizeof(buf));
 #ifdef RES_USE_EDNS0
-	if (n > 0 && (statp->options & RES_USE_EDNS0) != 0 &&
-	    (statp->_flags & RES_F_EDNS0ERR) == 0)
+	if (n > 0 && (statp->_flags & RES_F_EDNS0ERR) == 0 &&
+	    (statp->options & (RES_USE_EDNS0|RES_USE_DNSSEC)) != 0)
 		n = res_nopt(statp, n, buf, sizeof(buf), anslen);
 #endif
 	if (n <= 0) {
@@ -148,7 +148,7 @@ again:
 	if (n < 0) {
 #ifdef RES_USE_EDNS0
 		/* if the query choked with EDNS0, retry without EDNS0 */
-		if ((statp->options & RES_USE_EDNS0) != 0 &&
+		if ((statp->options & (RES_USE_EDNS0|RES_USE_DNSSEC)) != 0 &&
 		    ((oflags ^ statp->_flags) & RES_F_EDNS0ERR) != 0) {
 			statp->_flags |= RES_F_EDNS0ERR;
 			if (statp->options & RES_DEBUG)