[Fix] Make dnssec configurable option disabled by default for now

4 files changed, 21 insertions, 1 deletions

diff --git a/contrib/librdns/dns_private.h b/contrib/librdns/dns_private.h
index 4e3f7c9a8..a198dc46d 100644
--- a/contrib/librdns/dns_private.h
+++ b/contrib/librdns/dns_private.h
@@ -125,6 +125,7 @@ struct rdns_resolver {
 
 	bool async_binded;
 	bool initialized;
+	bool enable_dnssec;
 	ref_entry_t ref;
 };
 
diff --git a/contrib/librdns/packet.c b/contrib/librdns/packet.c
index 25f3d8979..e3020d7e8 100644
--- a/contrib/librdns/packet.c
+++ b/contrib/librdns/packet.c
@@ -268,7 +268,12 @@ rdns_add_edns0 (struct rdns_request *req)
 	*p16++ = 0;
 	/* Z 10000000 00000000 to allow dnssec */
 	p8 = (uint8_t *)p16;
-	*p8++ = 0x80;
+	if (req->resolver->enable_dnssec) {
+		*p8++ = 0x80;
+	}
+	else {
+		*p8++ = 0x00;
+	}
 	*p8++ = 0;
 	p16 = (uint16_t *)p8;
 	/* Length */
diff --git a/contrib/librdns/rdns.h b/contrib/librdns/rdns.h
index d7615667e..82506d36a 100644
--- a/contrib/librdns/rdns.h
+++ b/contrib/librdns/rdns.h
@@ -237,6 +237,12 @@ void rdns_resolver_async_bind (struct rdns_resolver *resolver,
 		struct rdns_async_context *ctx);
 
 /**
+ * Enable stub dnssec resolver
+ * @param resolver
+ */
+void rdns_resolver_set_dnssec (struct rdns_resolver *resolver, bool enabled);
+
+/**
  * Add new DNS server definition to the resolver
  * @param resolver resolver object
  * @param name name of DNS server (should be ipv4 or ipv6 address)
diff --git a/contrib/librdns/resolver.c b/contrib/librdns/resolver.c
index 20700ee3b..70e226804 100644
--- a/contrib/librdns/resolver.c
+++ b/contrib/librdns/resolver.c
@@ -853,3 +853,11 @@ rdns_resolver_async_bind (struct rdns_resolver *resolver,
 		resolver->async_binded = true;
 	}
 }
+
+void
+rdns_resolver_set_dnssec (struct rdns_resolver *resolver, bool enabled)
+{
+	if (resolver) {
+		resolver->enable_dnssec = enabled;
+	}
+}