Make dnssec_request_domains/dnssec_require_domains generic

Not only the dnslookup router should use DNSSEC for lookups. The
manualroute and even queryprogram router may just generate a host list.
The names then need to be resolved, optionally via DNSSEC.

6 files changed, 15 insertions, 13 deletions

diff --git a/src/src/globals.c b/src/src/globals.c
index a71c80ed9..868b27e83 100644
--- a/src/src/globals.c
+++ b/src/src/globals.c
@@ -1168,7 +1168,10 @@ router_instance  router_defaults = {
     NULL,                      /* fallback_hostlist */
     NULL,                      /* transport instance */
     NULL,                      /* pass_router */
-    NULL                       /* redirect_router */
+    NULL,                      /* redirect_router */
+
+    NULL,                      /* dnssec_request_domains */
+    NULL                       /* dnssec_require_domains */
 };
 
 uschar *router_name            = NULL;
diff --git a/src/src/route.c b/src/src/route.c
index ec188801c..2f534b7bf 100644
--- a/src/src/route.c
+++ b/src/src/route.c
@@ -54,6 +54,10 @@ optionlist optionlist_routers[] = {
                  (void *)offsetof(router_instance, debug_string) },
   { "disable_logging",    opt_bool | opt_public,
                  (void *)offsetof(router_instance, disable_logging) },
+  { "dnssec_request_domains",            opt_stringptr|opt_public,
+                 (void *)offsetof(router_instance, dnssec_request_domains) },
+  { "dnssec_require_domains",            opt_stringptr|opt_public,
+                 (void *)offsetof(router_instance, dnssec_require_domains) },
   { "domains",            opt_stringptr|opt_public,
                  (void *)offsetof(router_instance, domains) },
   { "driver",             opt_stringptr|opt_public,
diff --git a/src/src/routers/dnslookup.c b/src/src/routers/dnslookup.c
index 650e56d33..69b240428 100644
--- a/src/src/routers/dnslookup.c
+++ b/src/src/routers/dnslookup.c
@@ -18,10 +18,6 @@ optionlist dnslookup_router_options[] = {
       (void *)(offsetof(dnslookup_router_options_block, check_secondary_mx)) },
   { "check_srv",          opt_stringptr,
       (void *)(offsetof(dnslookup_router_options_block, check_srv)) },
-  { "dnssec_request_domains",         opt_stringptr,
-      (void *)(offsetof(dnslookup_router_options_block, dnssec_request_domains)) },
-  { "dnssec_require_domains",         opt_stringptr,
-      (void *)(offsetof(dnslookup_router_options_block, dnssec_require_domains)) },
   { "fail_defer_domains", opt_stringptr,
       (void *)(offsetof(dnslookup_router_options_block, fail_defer_domains)) },
   { "mx_domains",         opt_stringptr,
@@ -60,8 +56,6 @@ dnslookup_router_options_block dnslookup_router_option_defaults = {
   NULL,            /* mx_fail_domains */
   NULL,            /* srv_fail_domains */
   NULL,            /* check_srv */
-  NULL,            /* dnssec_request_domains */
-  NULL,            /* dnssec_require_domains */
   NULL             /* fail_defer_domains */
 };
 
@@ -271,7 +265,7 @@ for (;;)
 
   rc = host_find_bydns(&h, CUS rblock->ignore_target_hosts, flags, srv_service,
     ob->srv_fail_domains, ob->mx_fail_domains,
-    ob->dnssec_request_domains, ob->dnssec_require_domains,
+    rblock->dnssec_request_domains, rblock->dnssec_require_domains,
     &fully_qualified_name, &removed);
   if (removed) setflag(addr, af_local_host_removed);
 
diff --git a/src/src/routers/dnslookup.h b/src/src/routers/dnslookup.h
index 907ff0ce3..af01d5611 100644
--- a/src/src/routers/dnslookup.h
+++ b/src/src/routers/dnslookup.h
@@ -17,8 +17,6 @@ typedef struct {
   uschar *mx_fail_domains;
   uschar *srv_fail_domains;
   uschar *check_srv;
-  uschar *dnssec_request_domains;
-  uschar *dnssec_require_domains;
   uschar *fail_defer_domains;
 } dnslookup_router_options_block;
 
diff --git a/src/src/routers/rf_lookup_hostlist.c b/src/src/routers/rf_lookup_hostlist.c
index ab2e4ec2c..7ff7f45e1 100644
--- a/src/src/routers/rf_lookup_hostlist.c
+++ b/src/src/routers/rf_lookup_hostlist.c
@@ -94,8 +94,8 @@ for (h = addr->host_list; h != NULL; h = next_h)
         NULL,                           /* SRV service not relevant */
         NULL,                           /* failing srv domains not relevant */
         NULL,                           /* no special mx failing domains */
-	NULL,                           /* no dnssec request XXX ? */
-	NULL,                           /* no dnssec require XXX ? */
+	rblock->dnssec_request_domains,         /* no dnssec request XXX ? */
+	rblock->dnssec_require_domains,         /* no dnssec require XXX ? */
         NULL,                           /* fully_qualified_name */
         NULL);                          /* indicate local host removed */
     }
@@ -120,7 +120,8 @@ for (h = addr->host_list; h != NULL; h = next_h)
     DEBUG(D_route|D_host_lookup) debug_printf("doing DNS lookup\n");
     rc = host_find_bydns(h, ignore_target_hosts, HOST_FIND_BY_A, NULL, NULL,
       NULL,
-      NULL, NULL,	/*XXX dnssec? */
+      rblock->dnssec_request_domains,         /* no dnssec request XXX ? */
+      rblock->dnssec_require_domains,         /* no dnssec require XXX ? */
       &canonical_name, &removed);
     if (rc == HOST_FOUND)
       {
diff --git a/src/src/structs.h b/src/src/structs.h
index c181f3f6e..3f9fb6050 100644
--- a/src/src/structs.h
+++ b/src/src/structs.h
@@ -296,6 +296,8 @@ typedef struct router_instance {
   transport_instance *transport;  /* Transport block (when found) */
   struct router_instance *pass_router; /* Actual router for passed address */
   struct router_instance *redirect_router; /* Actual router for generated address */
+  uschar  *dnssec_request_domains;	/* ask for DNSSEC XXX */
+  uschar  *dnssec_require_domains;	/* require DNSSEC XXX */
 } router_instance;