diff options
author | Lennart Poettering <lennart@poettering.net> | 2016-01-05 19:57:33 +0100 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2016-01-05 20:10:31 +0100 |
commit | ad6c04756115809d615dede330213d73edf732a8 (patch) | |
tree | 832a20d697321d22b62cabc5b9695b231a6f04f1 /src/resolve/resolved-dns-dnssec.h | |
parent | resolved: log about per-interface setting parse errors (diff) | |
download | systemd-ad6c04756115809d615dede330213d73edf732a8.tar.xz systemd-ad6c04756115809d615dede330213d73edf732a8.zip |
resolved,networkd: add a per-interface DNSSEC setting
This adds a DNSSEC= setting to .network files, and makes resolved honour
them.
Diffstat (limited to 'src/resolve/resolved-dns-dnssec.h')
-rw-r--r-- | src/resolve/resolved-dns-dnssec.h | 21 |
1 files changed, 0 insertions, 21 deletions
diff --git a/src/resolve/resolved-dns-dnssec.h b/src/resolve/resolved-dns-dnssec.h index d818d1a906..6977faca75 100644 --- a/src/resolve/resolved-dns-dnssec.h +++ b/src/resolve/resolved-dns-dnssec.h @@ -28,24 +28,6 @@ typedef enum DnssecResult DnssecResult; #include "resolved-dns-answer.h" #include "resolved-dns-rr.h" -enum DnssecMode { - /* No DNSSEC validation is done */ - DNSSEC_NO, - - /* Validate locally, if the server knows DO, but if not, - * don't. Don't trust the AD bit. If the server doesn't do - * DNSSEC properly, downgrade to non-DNSSEC operation. Of - * course, we then are vulnerable to a downgrade attack, but - * that's life and what is configured. */ - DNSSEC_ALLOW_DOWNGRADE, - - /* Insist on DNSSEC server support, and rather fail than downgrading. */ - DNSSEC_YES, - - _DNSSEC_MODE_MAX, - _DNSSEC_MODE_INVALID = -1 -}; - enum DnssecResult { /* These four are returned by dnssec_verify_rrset() */ DNSSEC_VALIDATED, @@ -101,8 +83,5 @@ typedef enum DnssecNsecResult { int dnssec_test_nsec(DnsAnswer *answer, DnsResourceKey *key, DnssecNsecResult *result, bool *authenticated, uint32_t *ttl); -const char* dnssec_mode_to_string(DnssecMode m) _const_; -DnssecMode dnssec_mode_from_string(const char *s) _pure_; - const char* dnssec_result_to_string(DnssecResult m) _const_; DnssecResult dnssec_result_from_string(const char *s) _pure_; |