add support for EDNS0 extended flag DNSSEC OK (aka DO). ok deraadt@

4 files changed, 28 insertions, 9 deletions

diff --git a/include/arpa/nameser.h b/include/arpa/nameser.h
index ad647947a52..7fd5ee320b1 100644
--- a/include/arpa/nameser.h
+++ b/include/arpa/nameser.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: nameser.h,v 1.5 2001/07/25 17:05:46 jakob Exp $	*/
+/*	$OpenBSD: nameser.h,v 1.6 2001/07/31 22:02:18 jakob Exp $	*/
 
 /*
  * ++Copyright++ 1983, 1989, 1993
@@ -249,6 +249,11 @@
 #define	MAX_KEY_BASE64			(((MAX_MD5RSA_KEY_BYTES+2)/3)*4)
 
 /*
+ * EDNS0 Z-field extended flags
+ */
+#define DNS_MESSAGEEXTFLAG_DO	0x8000U
+
+/*
  * Status return codes for T_UNSPEC conversion routines
  */
 #define CONV_SUCCESS	0
diff --git a/include/resolv.h b/include/resolv.h
index ea7bf495f2f..70f250128df 100644
--- a/include/resolv.h
+++ b/include/resolv.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: resolv.h,v 1.6 2001/06/11 10:06:02 itojun Exp $	*/
+/*	$OpenBSD: resolv.h,v 1.7 2001/07/31 22:02:18 jakob Exp $	*/
 
 /*
  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -194,6 +194,8 @@ struct __res_state_ext {
 #define	RES_USE_INET6	0x00002000	/* use/map IPv6 in gethostbyname() */
 /* KAME extensions: use higher bit to avoid conflict with ISC use */
 #define	RES_USE_EDNS0	0x40000000	/* use EDNS0 */
+/* DNSSEC extensions: use higher bit to avoid conflict with ISC use */
+#define	RES_USE_DNSSEC	0x20000000	/* use DNSSEC using OK bit in OPT */
 
 #define RES_DEFAULT	(RES_RECURSE | RES_DEFNAMES | RES_DNSRCH)
 
diff --git a/lib/libc/net/res_mkquery.c b/lib/libc/net/res_mkquery.c
index 61595a6e8c5..e414b5060d9 100644
--- a/lib/libc/net/res_mkquery.c
+++ b/lib/libc/net/res_mkquery.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: res_mkquery.c,v 1.9 2001/06/11 10:06:00 itojun Exp $	*/
+/*	$OpenBSD: res_mkquery.c,v 1.10 2001/07/31 22:02:18 jakob Exp $	*/
 
 /*
  * ++Copyright++ 1985, 1993
@@ -60,7 +60,7 @@
 static char sccsid[] = "@(#)res_mkquery.c	8.1 (Berkeley) 6/4/93";
 static char rcsid[] = "$From: res_mkquery.c,v 8.5 1996/08/27 08:33:28 vixie Exp $";
 #else
-static char rcsid[] = "$OpenBSD: res_mkquery.c,v 1.9 2001/06/11 10:06:00 itojun Exp $";
+static char rcsid[] = "$OpenBSD: res_mkquery.c,v 1.10 2001/07/31 22:02:18 jakob Exp $";
 #endif
 #endif /* LIBC_SCCS and not lint */
 
@@ -221,8 +221,17 @@ res_opt(n0, buf, buflen, anslen)
 	cp += INT16SZ;
 	*cp++ = NOERROR;	/* extended RCODE */
 	*cp++ = 0;		/* EDNS version */
-	__putshort(0, cp);	/* MBZ */
-	cp += INT16SZ;
+	if (_res.options & RES_USE_DNSSEC) {
+#ifdef DEBUG
+		if (_res.options & RES_DEBUG)
+			printf(";; res_opt()... ENDS0 DNSSEC OK\n");
+#endif /* DEBUG */
+		__putshort(DNS_MESSAGEEXTFLAG_DO, cp);	/* EDNS Z field */
+		cp += INT16SZ;
+	} else {
+		__putshort(0, cp);	/* EDNS Z field */
+		cp += INT16SZ;
+	}
 	__putshort(0, cp);	/* RDLEN */
 	cp += INT16SZ;
 	hp->arcount = htons(ntohs(hp->arcount) + 1);
diff --git a/lib/libc/net/res_query.c b/lib/libc/net/res_query.c
index db76821fc69..3cf79283027 100644
--- a/lib/libc/net/res_query.c
+++ b/lib/libc/net/res_query.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: res_query.c,v 1.15 2001/06/27 00:58:55 lebel Exp $	*/
+/*	$OpenBSD: res_query.c,v 1.16 2001/07/31 22:02:18 jakob Exp $	*/
 
 /*
  * ++Copyright++ 1988, 1993
@@ -60,7 +60,7 @@
 static char sccsid[] = "@(#)res_query.c	8.1 (Berkeley) 6/4/93";
 static char rcsid[] = "$From: res_query.c,v 8.9 1996/09/22 00:13:28 vixie Exp $";
 #else
-static char rcsid[] = "$OpenBSD: res_query.c,v 1.15 2001/06/27 00:58:55 lebel Exp $";
+static char rcsid[] = "$OpenBSD: res_query.c,v 1.16 2001/07/31 22:02:18 jakob Exp $";
 #endif
 #endif /* LIBC_SCCS and not lint */
 
@@ -123,8 +123,11 @@ res_query(name, class, type, answer, anslen)
 
 	n = res_mkquery(QUERY, name, class, type, NULL, 0, NULL,
 			buf, sizeof(buf));
-	if (n > 0 && (_res.options & RES_USE_EDNS0) != 0)
+	if (n > 0 && ((_res.options & RES_USE_EDNS0) ||
+	    (_res.options & RES_USE_DNSSEC))) {
 		n = res_opt(n, buf, sizeof(buf), anslen);
+	}
+
 	if (n <= 0) {
 #ifdef DEBUG
 		if (_res.options & RES_DEBUG)