add "options insecure[12]" support for /etc/resolv.conf.

insecure1 is necessary for IPv6 dynamic DNS server discovery,
draft-ietf-ipngwg-dns-discovery-02.txt.  sync with kame.
ok'ed by angelos

3 files changed, 19 insertions, 7 deletions

diff --git a/lib/libc/net/res_init.c b/lib/libc/net/res_init.c
index d21eed4a878..c74e0339bad 100644
--- a/lib/libc/net/res_init.c
+++ b/lib/libc/net/res_init.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: res_init.c,v 1.23 2001/06/30 00:50:21 itojun Exp $	*/
+/*	$OpenBSD: res_init.c,v 1.24 2001/09/14 23:49:29 itojun Exp $	*/
 
 /*
  * ++Copyright++ 1985, 1989, 1993
@@ -64,7 +64,7 @@
 static char sccsid[] = "@(#)res_init.c	8.1 (Berkeley) 6/7/93";
 static char rcsid[] = "$From: res_init.c,v 8.7 1996/09/28 06:51:07 vixie Exp $";
 #else
-static char rcsid[] = "$OpenBSD: res_init.c,v 1.23 2001/06/30 00:50:21 itojun Exp $";
+static char rcsid[] = "$OpenBSD: res_init.c,v 1.24 2001/09/14 23:49:29 itojun Exp $";
 #endif
 #endif /* LIBC_SCCS and not lint */
 
@@ -607,6 +607,10 @@ res_setoptions(options, source)
 #endif
 		} else if (!strncmp(cp, "inet6", sizeof("inet6") - 1)) {
 			_res.options |= RES_USE_INET6;
+		} else if (!strncmp(cp, "insecure1", sizeof("insecure1") - 1)) {
+			_res.options |= RES_INSECURE1;
+		} else if (!strncmp(cp, "insecure2", sizeof("insecure2") - 1)) {
+			_res.options |= RES_INSECURE2;
 		} else if (!strncmp(cp, "edns0", sizeof("edns0") - 1)) {
 			_res.options |= RES_USE_EDNS0;
 		} else {
diff --git a/lib/libc/net/res_send.c b/lib/libc/net/res_send.c
index d0f17af8ed9..ab50559de6e 100644
--- a/lib/libc/net/res_send.c
+++ b/lib/libc/net/res_send.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: res_send.c,v 1.9 2000/06/22 07:31:18 itojun Exp $	*/
+/*	$OpenBSD: res_send.c,v 1.10 2001/09/14 23:49:29 itojun Exp $	*/
 
 /*
  * ++Copyright++ 1985, 1989, 1993
@@ -64,7 +64,7 @@
 static char sccsid[] = "@(#)res_send.c	8.1 (Berkeley) 6/4/93";
 static char rcsid[] = "$From: res_send.c,v 8.12 1996/10/08 04:51:06 vixie Exp $";
 #else
-static char rcsid[] = "$OpenBSD: res_send.c,v 1.9 2000/06/22 07:31:18 itojun Exp $";
+static char rcsid[] = "$OpenBSD: res_send.c,v 1.10 2001/09/14 23:49:29 itojun Exp $";
 #endif
 #endif /* LIBC_SCCS and not lint */
 
@@ -625,7 +625,8 @@ read_len:
 			 * as we wish to receive answers from the first
 			 * server to respond.
 			 */
-			if (_res.nscount == 1 || (try == 0 && ns == 0)) {
+			if (!(_res.options & RES_INSECURE1) &&
+			    (_res.nscount == 1 || (try == 0 && ns == 0))) {
 				/*
 				 * Connect only if we are sure we won't
 				 * receive a response from another server.
diff --git a/share/man/man5/resolv.conf.5 b/share/man/man5/resolv.conf.5
index f9920c4bbff..41e5c4019fb 100644
--- a/share/man/man5/resolv.conf.5
+++ b/share/man/man5/resolv.conf.5
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: resolv.conf.5,v 1.16 2001/08/20 05:57:55 mpech Exp $
+.\"	$OpenBSD: resolv.conf.5,v 1.17 2001/09/14 23:49:29 itojun Exp $
 .\"	$NetBSD: resolv.conf.5,v 1.7 1996/03/06 18:22:16 scottr Exp $
 .\"
 .\" Copyright (c) 1986, 1991 The Regents of the University of California.
@@ -159,7 +159,7 @@ The syntax is:
 .Sy options option ...
 .Pp
 where option is one of the following:
-.Bl -tag -width ndots:n
+.Bl -tag -width insecure1
 .It Sy debug
 Sets RES_DEBUG in _res.options.
 .It Sy edns0
@@ -184,6 +184,13 @@ _res.options (see
 .Xr resolver 3 ) .
 Use of this option is discouraged, and meaningless on
 .Ox .
+.It Sy insecure1
+Do not require IP source address on the reply packet to be equal to the
+servers' address.
+.It Sy insecure2
+Do not check if the query section of the reply packet is equal
+to that of the query packet.
+For testing purposes only.
 .It Sy ndots:n
 Sets a threshold for the number of dots which
 must appear in a name given to res_query (see