@@ -125,6 +125,7 @@ struct rdns_resolver { | |||
bool async_binded; | |||
bool initialized; | |||
bool enable_dnssec; | |||
ref_entry_t ref; | |||
}; | |||
@@ -268,7 +268,12 @@ rdns_add_edns0 (struct rdns_request *req) | |||
*p16++ = 0; | |||
/* Z 10000000 00000000 to allow dnssec */ | |||
p8 = (uint8_t *)p16; | |||
*p8++ = 0x80; | |||
if (req->resolver->enable_dnssec) { | |||
*p8++ = 0x80; | |||
} | |||
else { | |||
*p8++ = 0x00; | |||
} | |||
*p8++ = 0; | |||
p16 = (uint16_t *)p8; | |||
/* Length */ |
@@ -236,6 +236,12 @@ struct rdns_resolver *rdns_resolver_new (void); | |||
void rdns_resolver_async_bind (struct rdns_resolver *resolver, | |||
struct rdns_async_context *ctx); | |||
/** | |||
* Enable stub dnssec resolver | |||
* @param resolver | |||
*/ | |||
void rdns_resolver_set_dnssec (struct rdns_resolver *resolver, bool enabled); | |||
/** | |||
* Add new DNS server definition to the resolver | |||
* @param resolver resolver object |
@@ -853,3 +853,11 @@ rdns_resolver_async_bind (struct rdns_resolver *resolver, | |||
resolver->async_binded = true; | |||
} | |||
} | |||
void | |||
rdns_resolver_set_dnssec (struct rdns_resolver *resolver, bool enabled) | |||
{ | |||
if (resolver) { | |||
resolver->enable_dnssec = enabled; | |||
} | |||
} |
@@ -383,6 +383,7 @@ struct rspamd_config { | |||
guint32 dns_io_per_server; /**< number of sockets per DNS server */ | |||
const ucl_object_t *nameservers; /**< list of nameservers or NULL to parse resolv.conf */ | |||
guint32 dns_max_requests; /**< limit of DNS requests per task */ | |||
gboolean enable_dnssec; /**< enable dnssec stub resolver */ | |||
guint upstream_max_errors; /**< upstream max errors before shutting off */ | |||
gdouble upstream_error_time; /**< rate of upstream errors */ |
@@ -2015,6 +2015,12 @@ rspamd_rcl_config_init (struct rspamd_config *cfg) | |||
G_STRUCT_OFFSET (struct rspamd_config, dns_io_per_server), | |||
RSPAMD_CL_FLAG_INT_32, | |||
"Number of sockets per DNS server"); | |||
rspamd_rcl_add_default_handler (ssub, | |||
"enable_dnssec", | |||
rspamd_rcl_parse_struct_boolean, | |||
G_STRUCT_OFFSET (struct rspamd_config, enable_dnssec), | |||
0, | |||
"Enable DNSSEC support in Rspamd"); | |||
/* New upstreams configuration */ |
@@ -244,6 +244,7 @@ dns_resolver_init (rspamd_logger_t *logger, | |||
if (cfg != NULL) { | |||
rdns_resolver_set_log_level (dns_resolver->r, cfg->log_level); | |||
dns_resolver->cfg = cfg; | |||
rdns_resolver_set_dnssec (dns_resolver->r, cfg->enable_dnssec); | |||
} | |||
rdns_resolver_set_logger (dns_resolver->r, rspamd_rnds_log_bridge, logger); |