From 0fbd9bff71b47e3a32e54629c3f67e7eda1812fe Mon Sep 17 00:00:00 2001 From: Phil Pennock Date: Sat, 23 Mar 2013 19:46:22 -0400 Subject: Rename dns_use_dnssec to dns_dnssec_ok. This per Tony's suggestion; this makes it clearer that we are merely setting resolver flags, not performing validation ourselves. Well, clearer to those who understand DNSSEC. For everyone else, they'll still be dependent upon a forthcoming new chapter to the Specification. --- src/src/dns.c | 14 +++++++------- src/src/globals.c | 2 +- src/src/globals.h | 2 +- src/src/readconf.c | 2 +- 4 files changed, 10 insertions(+), 10 deletions(-) (limited to 'src') diff --git a/src/src/dns.c b/src/src/dns.c index 95db52686..820adff01 100644 --- a/src/src/dns.c +++ b/src/src/dns.c @@ -206,28 +206,28 @@ if (dns_use_edns0 >= 0) # ifndef RES_USE_EDNS0 # error Have RES_USE_DNSSEC but not RES_USE_EDNS0? Something hinky ... # endif -if (dns_use_dnssec >= 0) +if (dns_dnssec_ok >= 0) { - if (dns_use_edns0 == 0 && dns_use_dnssec != 0) + if (dns_use_edns0 == 0 && dns_dnssec_ok != 0) { DEBUG(D_resolver) - debug_printf("CONFLICT: dns_use_edns0 forced false, dns_use_dnssec forced true!\n"); + debug_printf("CONFLICT: dns_use_edns0 forced false, dns_dnssec_ok forced true, ignoring latter!\n"); } else { - if (dns_use_dnssec) + if (dns_dnssec_ok) resp->options |= RES_USE_DNSSEC; else resp->options &= ~RES_USE_DNSSEC; DEBUG(D_resolver) debug_printf("Coerced resolver DNSSEC support %s.\n", - dns_use_dnssec ? "on" : "off"); + dns_dnssec_ok ? "on" : "off"); } } # else -if (dns_use_dnssec >= 0) +if (dns_dnssec_ok >= 0) DEBUG(D_resolver) debug_printf("Unable to %sset DNSSEC without resolver support.\n", - dns_use_dnssec ? "" : "un"); + dns_dnssec_ok ? "" : "un"); # endif #endif /* DISABLE_DNSSEC */ diff --git a/src/src/globals.c b/src/src/globals.c index 5db858bfc..a4898fe3f 100644 --- a/src/src/globals.c +++ b/src/src/globals.c @@ -597,7 +597,7 @@ BOOL dns_csa_use_reverse = TRUE; uschar *dns_ipv4_lookup = NULL; int dns_retrans = 0; int dns_retry = 0; -int dns_use_dnssec = -1; /* <0 = not coerced */ +int dns_dnssec_ok = -1; /* <0 = not coerced */ int dns_use_edns0 = -1; /* <0 = not coerced */ uschar *dnslist_domain = NULL; uschar *dnslist_matched = NULL; diff --git a/src/src/globals.h b/src/src/globals.h index 8d83be710..df6132266 100644 --- a/src/src/globals.h +++ b/src/src/globals.h @@ -353,7 +353,7 @@ extern BOOL dns_csa_use_reverse; /* Check CSA in reverse DNS? (non-standar extern uschar *dns_ipv4_lookup; /* For these domains, don't look for AAAA (or A6) */ extern int dns_retrans; /* Retransmission time setting */ extern int dns_retry; /* Number of retries */ -extern int dns_use_dnssec; /* When constructing DNS query, set DO flag */ +extern int dns_dnssec_ok; /* When constructing DNS query, set DO flag */ extern int dns_use_edns0; /* Coerce EDNS0 support on/off in resolver. */ extern uschar *dnslist_domain; /* DNS (black) list domain */ extern uschar *dnslist_matched; /* DNS (black) list matched key */ diff --git a/src/src/readconf.c b/src/src/readconf.c index bba532594..77836d157 100644 --- a/src/src/readconf.c +++ b/src/src/readconf.c @@ -219,7 +219,7 @@ static optionlist optionlist_config[] = { { "dns_ipv4_lookup", opt_stringptr, &dns_ipv4_lookup }, { "dns_retrans", opt_time, &dns_retrans }, { "dns_retry", opt_int, &dns_retry }, - { "dns_use_dnssec", opt_int, &dns_use_dnssec }, + { "dns_dnssec_ok", opt_int, &dns_dnssec_ok }, { "dns_use_edns0", opt_int, &dns_use_edns0 }, /* This option is now a no-op, retained for compability */ { "drop_cr", opt_bool, &drop_cr }, -- cgit v1.2.3