From 5db65e336b9ebc0562d5806fad4356fe502e538d Mon Sep 17 00:00:00 2001
From: Dirkjan Ochtman <dirkjan@ochtman.nl>
Date: Sun, 12 May 2024 13:53:29 +0200
Subject: [PATCH] recursor: make security awareness depend on config

---
 crates/recursor/src/lib.rs           |  4 ----
 crates/recursor/src/recursor.rs      |  2 +-
 crates/recursor/src/recursor_pool.rs | 10 +++++++---
 3 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/crates/recursor/src/lib.rs b/crates/recursor/src/lib.rs
index d22b7b64..5091d7d0 100644
--- a/crates/recursor/src/lib.rs
+++ b/crates/recursor/src/lib.rs
@@ -35,7 +35,3 @@ pub use hickory_proto as proto;
 pub use hickory_resolver as resolver;
 pub use hickory_resolver::config::NameServerConfig;
 pub use recursor::{Recursor, RecursorBuilder};
-
-fn is_security_aware() -> bool {
-    cfg!(feature = "dnssec")
-}
diff --git a/crates/recursor/src/recursor.rs b/crates/recursor/src/recursor.rs
index 56e2eb7f..99a72a1a 100644
--- a/crates/recursor/src/recursor.rs
+++ b/crates/recursor/src/recursor.rs
@@ -378,7 +378,7 @@ impl Recursor {
             }
         }
 
-        let response = ns.lookup(query.clone());
+        let response = ns.lookup(query.clone(), self.security_aware);
 
         // TODO: we are only expecting one response
         // TODO: should we change DnsHandle to always be a single response? And build a totally custom handler for other situations?
diff --git a/crates/recursor/src/recursor_pool.rs b/crates/recursor/src/recursor_pool.rs
index 06abd280..fef87fc2 100644
--- a/crates/recursor/src/recursor_pool.rs
+++ b/crates/recursor/src/recursor_pool.rs
@@ -76,7 +76,11 @@ where
         &self.zone
     }
 
-    pub(crate) async fn lookup(&self, query: Query) -> Result<DnsResponse, ResolveError> {
+    pub(crate) async fn lookup(
+        &self,
+        query: Query,
+        security_aware: bool,
+    ) -> Result<DnsResponse, ResolveError> {
         let ns = self.ns.clone();
 
         let query_cpy = query.clone();
@@ -90,8 +94,8 @@ where
                 info!("querying {} for {}", self.zone, query_cpy);
 
                 let mut options = DnsRequestOptions::default();
-                options.use_edns = crate::is_security_aware();
-                options.edns_set_dnssec_ok = crate::is_security_aware();
+                options.use_edns = security_aware;
+                options.edns_set_dnssec_ok = security_aware;
 
                 // convert the lookup into a shared future
                 let lookup = ns