diff options
| author | Jakob Schlyter <jakob@cvs.openbsd.org> | 2001-08-08 16:28:44 +0000 |
|---|---|---|
| committer | Jakob Schlyter <jakob@cvs.openbsd.org> | 2001-08-08 16:28:44 +0000 |
| commit | 6c40984911941a612adf11cedf4b7dbadd513ac9 (patch) | |
| tree | 13b986c2e2319214dda7aa498d950b89bd2c469f /lib | |
| parent | 45e8f3d13cdad8e41387d908a65776c5e19960a5 (diff) | |
add CAVEATS section that talks about trust and the AD-bit
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/libc/net/getrrsetbyname.3 | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/lib/libc/net/getrrsetbyname.3 b/lib/libc/net/getrrsetbyname.3 index 19a89d985e7..1cec0c726ba 100644 --- a/lib/libc/net/getrrsetbyname.3 +++ b/lib/libc/net/getrrsetbyname.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: getrrsetbyname.3,v 1.3 2001/08/06 15:10:23 jakob Exp $ +.\" $OpenBSD: getrrsetbyname.3,v 1.4 2001/08/08 16:28:43 jakob Exp $ .\" .\" Copyright (C) 2000, 2001 Internet Software Consortium. .\" @@ -151,3 +151,13 @@ The data in should be returned in uncompressed wire format. Currently, the data is in compressed format and the caller can't uncompress since it doesn't have the full message. +.Sh CAVEATS +The +.Dv RRSET_VALIDATED +flag in +.Li rri_flags +is set if the AD (autenticated data) bit in the DNS answer is +set. This flag +.Em should not +be trusted unless the transport between the nameserver and the resolver +is secure (e.g. IPsec, trusted network, loopback communication). |