expose security-aware setting in named.toml

2024-05-08 18:37:36 +02:00 · 2024-05-08 18:37:36 +02:00 · 97e1f43456
commit 97e1f43456
parent 36258a8a03
2 changed files with 12 additions and 2 deletions
--- a/crates/server/src/store/recursor/authority.rs
+++ b/crates/server/src/store/recursor/authority.rs
@ -73,9 +73,13 @@ impl RecursiveAuthority {
            });
        }

-        let recursor = Recursor::new()
+        let mut recursor = Recursor::new();
+        recursor
            .ns_cache_size(config.ns_cache_size)
-            .record_cache_size(config.record_cache_size)
+            .record_cache_size(config.record_cache_size);
+        #[cfg(feature = "dnssec")]
+        recursor.security_aware(config.security_aware);
+        let recursor = recursor
            .build(roots)
            .map_err(|e| format!("failed to initialize recursor: {e}"))?;

--- a/crates/server/src/store/recursor/config.rs
+++ b/crates/server/src/store/recursor/config.rs
@ -24,6 +24,7 @@ use crate::resolver::Name;

 /// Configuration for file based zones
 #[derive(Clone, Deserialize, Eq, PartialEq, Debug)]
+#[serde(deny_unknown_fields)]
 pub struct RecursiveConfig {
    /// File with roots, aka hints
    pub roots: PathBuf,
@ -35,6 +36,11 @@ pub struct RecursiveConfig {
    /// Maximum DNS record cache size
    #[serde(default = "record_cache_size_default")]
    pub record_cache_size: usize,
+
+    /// Whether the recursor is security-aware (RFC4035 section 3.2)
+    #[cfg(feature = "dnssec")]
+    #[serde(default)]
+    pub security_aware: bool,
 }

 impl RecursiveConfig {