Add support for RES_USE_DNSSEC

RES_USE_DNSSEC is implemented by setting the DNSSEC DO bit in outgoing
queries.  The resolver is then supposed to set the AD bit in the reply
if it managed to validate the answer through DNSSEC.  Useful when the
application doesn't implement validation internally.  This scheme
assumes that the validating resolver is trusted and that the
communication channel between the validating resolver and and the client
is secure.

ok eric@ gilles@

1 files changed, 2 insertions, 5 deletions

diff --git a/lib/libc/net/resolver.3 b/lib/libc/net/resolver.3
index 68e509f4f0d..e371f7851c3 100644
--- a/lib/libc/net/resolver.3
+++ b/lib/libc/net/resolver.3
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: resolver.3,v 1.36 2017/02/18 19:23:05 jca Exp $
+.\"	$OpenBSD: resolver.3,v 1.37 2017/02/27 11:38:08 jca Exp $
 .\"
 .\" Copyright (c) 1985, 1991, 1993
 .\"	The Regents of the University of California.  All rights reserved.
@@ -27,7 +27,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: February 18 2017 $
+.Dd $Mdocdate: February 27 2017 $
 .Dt RES_INIT 3
 .Os
 .Sh NAME
@@ -199,9 +199,6 @@ uses 4096 bytes as input buffer size.
 Request that the resolver uses
 Domain Name System Security Extensions (DNSSEC),
 as defined in RFCs 4033, 4034, and 4035.
-On
-.Ox
-this option does nothing.
 .El
 .Pp
 The