recursor: make security awareness depend on config
This commit is contained in:
parent
97e1f43456
commit
5db65e336b
@ -35,7 +35,3 @@ pub use hickory_proto as proto;
|
|||||||
pub use hickory_resolver as resolver;
|
pub use hickory_resolver as resolver;
|
||||||
pub use hickory_resolver::config::NameServerConfig;
|
pub use hickory_resolver::config::NameServerConfig;
|
||||||
pub use recursor::{Recursor, RecursorBuilder};
|
pub use recursor::{Recursor, RecursorBuilder};
|
||||||
|
|
||||||
fn is_security_aware() -> bool {
|
|
||||||
cfg!(feature = "dnssec")
|
|
||||||
}
|
|
||||||
|
@ -378,7 +378,7 @@ impl Recursor {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
let response = ns.lookup(query.clone());
|
let response = ns.lookup(query.clone(), self.security_aware);
|
||||||
|
|
||||||
// TODO: we are only expecting one response
|
// TODO: we are only expecting one response
|
||||||
// TODO: should we change DnsHandle to always be a single response? And build a totally custom handler for other situations?
|
// TODO: should we change DnsHandle to always be a single response? And build a totally custom handler for other situations?
|
||||||
|
@ -76,7 +76,11 @@ where
|
|||||||
&self.zone
|
&self.zone
|
||||||
}
|
}
|
||||||
|
|
||||||
pub(crate) async fn lookup(&self, query: Query) -> Result<DnsResponse, ResolveError> {
|
pub(crate) async fn lookup(
|
||||||
|
&self,
|
||||||
|
query: Query,
|
||||||
|
security_aware: bool,
|
||||||
|
) -> Result<DnsResponse, ResolveError> {
|
||||||
let ns = self.ns.clone();
|
let ns = self.ns.clone();
|
||||||
|
|
||||||
let query_cpy = query.clone();
|
let query_cpy = query.clone();
|
||||||
@ -90,8 +94,8 @@ where
|
|||||||
info!("querying {} for {}", self.zone, query_cpy);
|
info!("querying {} for {}", self.zone, query_cpy);
|
||||||
|
|
||||||
let mut options = DnsRequestOptions::default();
|
let mut options = DnsRequestOptions::default();
|
||||||
options.use_edns = crate::is_security_aware();
|
options.use_edns = security_aware;
|
||||||
options.edns_set_dnssec_ok = crate::is_security_aware();
|
options.edns_set_dnssec_ok = security_aware;
|
||||||
|
|
||||||
// convert the lookup into a shared future
|
// convert the lookup into a shared future
|
||||||
let lookup = ns
|
let lookup = ns
|
||||||
|
Loading…
Reference in New Issue
Block a user