recursor: make security awareness depend on config

crates/recursor/src/lib.rs

@@ -35,7 +35,3 @@ pub use hickory_proto as proto;
 pub use hickory_resolver as resolver;
 pub use hickory_resolver::config::NameServerConfig;
 pub use recursor::{Recursor, RecursorBuilder};
-
-fn is_security_aware() -> bool {
-    cfg!(feature = "dnssec")
-}

crates/recursor/src/recursor.rs

@@ -378,7 +378,7 @@ impl Recursor {
             }
         }
 
-        let response = ns.lookup(query.clone());
+        let response = ns.lookup(query.clone(), self.security_aware);
 
         // TODO: we are only expecting one response
         // TODO: should we change DnsHandle to always be a single response? And build a totally custom handler for other situations?

crates/recursor/src/recursor_pool.rs

@@ -76,7 +76,11 @@ where
         &self.zone
     }
 
-    pub(crate) async fn lookup(&self, query: Query) -> Result<DnsResponse, ResolveError> {
+    pub(crate) async fn lookup(
+        &self,
+        query: Query,
+        security_aware: bool,
+    ) -> Result<DnsResponse, ResolveError> {
         let ns = self.ns.clone();
 
         let query_cpy = query.clone();
@@ -90,8 +94,8 @@ where
                 info!("querying {} for {}", self.zone, query_cpy);
 
                 let mut options = DnsRequestOptions::default();
-                options.use_edns = crate::is_security_aware();
-                options.edns_set_dnssec_ok = crate::is_security_aware();
+                options.use_edns = security_aware;
+                options.edns_set_dnssec_ok = security_aware;
 
                 // convert the lookup into a shared future
                 let lookup = ns