dns: add edns0 and trust-ad options when using local resolver
EDNS(0) is not enabled by default in glibc because the option has interoperability issues with some DNS servers. dnsmasq and systemd-resolved don't have such problems. Enable the option automatically when using a local resolver so that the data provided via EDNS(0) (e.g. SSH fingerprints or DNSSEC information) is available to applications. While at it, also enable 'trust-ad', as otherwise glibc (from version 2.31) strips the AD bit from responses [1]. systemd-resolved also adds both flags to resolv.conf when using the stub resolver [2]. [1] https://sourceware.org/git/?p=glibc.git;a=blobdiff;f=NEWS;h=12b239c1fbbe789114e59fed136efcdeecc5c9cd;hp=4e28dc473c844ef230e973fc8861bfbd4bc36b74;hb=446997ff1433d33452b81dfa9e626b8dccf101a4;hpb=4a2ab5843a5cc4a5db1b3b79916a520ea8b115dc [2] https://github.com/systemd/systemd/blob/v246/src/resolve/resolved-resolv-conf.c#L310 https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/233 https://bugzilla.redhat.com/show_bug.cgi?id=1878166
This commit is contained in:
@@ -1585,6 +1585,9 @@ plugin_skip:;
|
||||
*/
|
||||
if (caching) {
|
||||
const char *lladdr = "127.0.0.1";
|
||||
gboolean need_edns0;
|
||||
gboolean need_trust;
|
||||
guint len;
|
||||
|
||||
if (NM_IS_DNS_SYSTEMD_RESOLVED(priv->plugin)) {
|
||||
/* systemd-resolved uses a different link-local address */
|
||||
@@ -1594,6 +1597,19 @@ plugin_skip:;
|
||||
g_strfreev(nameservers);
|
||||
nameservers = g_new0(char *, 2);
|
||||
nameservers[0] = g_strdup(lladdr);
|
||||
|
||||
need_edns0 = nm_utils_strv_find_first(options, -1, NM_SETTING_DNS_OPTION_EDNS0) < 0;
|
||||
need_trust = nm_utils_strv_find_first(options, -1, NM_SETTING_DNS_OPTION_TRUST_AD) < 0;
|
||||
|
||||
if (need_edns0 || need_trust) {
|
||||
len = options ? g_strv_length(options) : 0;
|
||||
options = g_realloc(options, sizeof(char *) * (len + 3));
|
||||
if (need_edns0)
|
||||
options[len++] = g_strdup(NM_SETTING_DNS_OPTION_EDNS0);
|
||||
if (need_trust)
|
||||
options[len++] = g_strdup(NM_SETTING_DNS_OPTION_TRUST_AD);
|
||||
options[len] = NULL;
|
||||
}
|
||||
}
|
||||
|
||||
if (do_update) {
|
||||
|
Reference in New Issue
Block a user