This is the mail archive of the
mailing list for the glibc project.
[Bug network/20358] RES_USE_DNSSEC sets DO; should also have a way to set AD
- From: "cvs-commit at gcc dot gnu.org" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sourceware dot org
- Date: Wed, 27 Nov 2019 20:20:56 +0000
- Subject: [Bug network/20358] RES_USE_DNSSEC sets DO; should also have a way to set AD
- Auto-submitted: auto-generated
- References: <firstname.lastname@example.org/bugzilla/>
--- Comment #3 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by Florian Weimer <email@example.com>:
Author: Florian Weimer <firstname.lastname@example.org>
Date: Wed Oct 30 17:26:58 2019 +0100
resolv: Implement trust-ad option for /etc/resolv.conf [BZ #20358]
This introduces a concept of trusted name servers, for which the
AD bit is passed through to applications. For untrusted name
servers (the default), the AD bit in responses are cleared, to
provide a safe default.
This approach is very similar to the one suggested by Pavel Šimerda
The DNS test framework in support/ is enhanced with support for
setting the AD bit in responses.
Tested on x86_64-linux-gnu.
You are receiving this mail because:
You are on the CC list for the bug.