bool async_binded;
bool initialized;
+ bool enable_dnssec;
ref_entry_t ref;
};
*p16++ = 0;
/* Z 10000000 00000000 to allow dnssec */
p8 = (uint8_t *)p16;
- *p8++ = 0x80;
+ if (req->resolver->enable_dnssec) {
+ *p8++ = 0x80;
+ }
+ else {
+ *p8++ = 0x00;
+ }
*p8++ = 0;
p16 = (uint16_t *)p8;
/* Length */
void rdns_resolver_async_bind (struct rdns_resolver *resolver,
struct rdns_async_context *ctx);
+/**
+ * Enable stub dnssec resolver
+ * @param resolver
+ */
+void rdns_resolver_set_dnssec (struct rdns_resolver *resolver, bool enabled);
+
/**
* Add new DNS server definition to the resolver
* @param resolver resolver object
resolver->async_binded = true;
}
}
+
+void
+rdns_resolver_set_dnssec (struct rdns_resolver *resolver, bool enabled)
+{
+ if (resolver) {
+ resolver->enable_dnssec = enabled;
+ }
+}
guint32 dns_io_per_server; /**< number of sockets per DNS server */
const ucl_object_t *nameservers; /**< list of nameservers or NULL to parse resolv.conf */
guint32 dns_max_requests; /**< limit of DNS requests per task */
+ gboolean enable_dnssec; /**< enable dnssec stub resolver */
guint upstream_max_errors; /**< upstream max errors before shutting off */
gdouble upstream_error_time; /**< rate of upstream errors */
G_STRUCT_OFFSET (struct rspamd_config, dns_io_per_server),
RSPAMD_CL_FLAG_INT_32,
"Number of sockets per DNS server");
+ rspamd_rcl_add_default_handler (ssub,
+ "enable_dnssec",
+ rspamd_rcl_parse_struct_boolean,
+ G_STRUCT_OFFSET (struct rspamd_config, enable_dnssec),
+ 0,
+ "Enable DNSSEC support in Rspamd");
/* New upstreams configuration */
if (cfg != NULL) {
rdns_resolver_set_log_level (dns_resolver->r, cfg->log_level);
dns_resolver->cfg = cfg;
+ rdns_resolver_set_dnssec (dns_resolver->r, cfg->enable_dnssec);
}
rdns_resolver_set_logger (dns_resolver->r, rspamd_rnds_log_bridge, logger);
projects / rspamd.git / commitdiff