summaryrefslogtreecommitdiffstats
path: root/src/resolve/resolved-dns-dnssec.h
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2016-01-05 19:57:33 +0100
committerLennart Poettering <lennart@poettering.net>2016-01-05 20:10:31 +0100
commitad6c04756115809d615dede330213d73edf732a8 (patch)
tree832a20d697321d22b62cabc5b9695b231a6f04f1 /src/resolve/resolved-dns-dnssec.h
parentresolved: log about per-interface setting parse errors (diff)
downloadsystemd-ad6c04756115809d615dede330213d73edf732a8.tar.xz
systemd-ad6c04756115809d615dede330213d73edf732a8.zip
resolved,networkd: add a per-interface DNSSEC setting
This adds a DNSSEC= setting to .network files, and makes resolved honour them.
Diffstat (limited to 'src/resolve/resolved-dns-dnssec.h')
-rw-r--r--src/resolve/resolved-dns-dnssec.h21
1 files changed, 0 insertions, 21 deletions
diff --git a/src/resolve/resolved-dns-dnssec.h b/src/resolve/resolved-dns-dnssec.h
index d818d1a906..6977faca75 100644
--- a/src/resolve/resolved-dns-dnssec.h
+++ b/src/resolve/resolved-dns-dnssec.h
@@ -28,24 +28,6 @@ typedef enum DnssecResult DnssecResult;
#include "resolved-dns-answer.h"
#include "resolved-dns-rr.h"
-enum DnssecMode {
- /* No DNSSEC validation is done */
- DNSSEC_NO,
-
- /* Validate locally, if the server knows DO, but if not,
- * don't. Don't trust the AD bit. If the server doesn't do
- * DNSSEC properly, downgrade to non-DNSSEC operation. Of
- * course, we then are vulnerable to a downgrade attack, but
- * that's life and what is configured. */
- DNSSEC_ALLOW_DOWNGRADE,
-
- /* Insist on DNSSEC server support, and rather fail than downgrading. */
- DNSSEC_YES,
-
- _DNSSEC_MODE_MAX,
- _DNSSEC_MODE_INVALID = -1
-};
-
enum DnssecResult {
/* These four are returned by dnssec_verify_rrset() */
DNSSEC_VALIDATED,
@@ -101,8 +83,5 @@ typedef enum DnssecNsecResult {
int dnssec_test_nsec(DnsAnswer *answer, DnsResourceKey *key, DnssecNsecResult *result, bool *authenticated, uint32_t *ttl);
-const char* dnssec_mode_to_string(DnssecMode m) _const_;
-DnssecMode dnssec_mode_from_string(const char *s) _pure_;
-
const char* dnssec_result_to_string(DnssecResult m) _const_;
DnssecResult dnssec_result_from_string(const char *s) _pure_;