Change the default of dnssec_request_domains to '*'

author: Heiko Schlittermann (HS12-RIPE) <hs@schlittermann.de> 2019-09-27 03:42:46 +0200
committer: Heiko Schlittermann (HS12-RIPE) <hs@schlittermann.de> 2019-10-18 10:43:55 +0200
commit: ab0e957b09b73546a58b27fbce42569d56c1382b (patch)
tree: 5df25ad5715a8e0e4e439406a93a6c663020bd19 /src
parent: 86ede124f0ce622b4f73e05504abc11fece021e3 (diff)
4 files changed, 4 insertions, 7 deletions
diff --git a/src/src/configure.default b/src/src/configure.default
index 245cc3925..8681499d8 100644
--- a/src/src/configure.default
+++ b/src/src/configure.default
@@ -690,9 +690,6 @@ dnslookup:
   ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
 # if ipv6-enabled then instead use:
 # ignore_target_hosts = <; 0.0.0.0 ; 127.0.0.0/8 ; ::1
-.ifdef _HAVE_DNSSEC
-  dnssec_request_domains = *
-.endif
   no_more
 
 # This closes the ROUTER_SMARTHOST ifdef around the choice of routing for
diff --git a/src/src/globals.c b/src/src/globals.c
index 24281f239..677c03e77 100644
--- a/src/src/globals.c
+++ b/src/src/globals.c
@@ -1362,7 +1362,7 @@ router_instance  router_defaults = {
     .pass_router =		NULL,
     .redirect_router =		NULL,
 
-    .dnssec =			{ NULL, NULL },            /* dnssec_domains {require,request} */
+    .dnssec =                   { .request= US"*", .require=NULL },
 };
 
 uschar *router_name            = NULL;
diff --git a/src/src/lookups/dnsdb.c b/src/src/lookups/dnsdb.c
index 272734456..1cf8df739 100644
--- a/src/src/lookups/dnsdb.c
+++ b/src/src/lookups/dnsdb.c
@@ -112,7 +112,7 @@ terminates option processing.  Recognised options are:
 causes the whole lookup to defer only if none of the DNS queries succeeds; and
 'never', where all defers are as if the lookup failed. The default is 'lax'.
 
-- 'dnssec_FOO', with 'strict', 'lax' and 'never' (default).  The meanings are
+- 'dnssec_FOO', with 'strict', 'lax' (default), and 'never'.  The meanings are
 require, try and don't-try dnssec respectively.
 
 - 'retrans_VAL', set the timeout value.  VAL is an Exim time specification
@@ -136,7 +136,7 @@ dnsdb_find(void *handle, uschar *filename, const uschar *keystring, int length,
 int rc;
 int sep = 0;
 int defer_mode = PASS;
-int dnssec_mode = OK;
+int dnssec_mode = PASS;
 int save_retrans = dns_retrans;
 int save_retry =   dns_retry;
 int type;
diff --git a/src/src/transports/smtp.c b/src/src/transports/smtp.c
index c547c87fa..fe28d8606 100644
--- a/src/src/transports/smtp.c
+++ b/src/src/transports/smtp.c
@@ -281,7 +281,7 @@ smtp_transport_options_block smtp_transport_option_defaults = {
   .gethostbyname =		FALSE,
   .dns_qualify_single =		TRUE,
   .dns_search_parents =		FALSE,
-  .dnssec = { .request=NULL, .require=NULL },
+  .dnssec = { .request= US"*", .require=NULL },
   .delay_after_cutoff =		TRUE,
   .hosts_override =		FALSE,
   .hosts_randomize =		FALSE,
author	Heiko Schlittermann (HS12-RIPE) <hs@schlittermann.de>	2019-09-27 03:42:46 +0200
committer	Heiko Schlittermann (HS12-RIPE) <hs@schlittermann.de>	2019-10-18 10:43:55 +0200
commit	ab0e957b09b73546a58b27fbce42569d56c1382b (patch)
tree	5df25ad5715a8e0e4e439406a93a6c663020bd19 /src
parent	86ede124f0ce622b4f73e05504abc11fece021e3 (diff)