From 97e1f43456da0552d5baf965b354a14c05f2ac95 Mon Sep 17 00:00:00 2001 From: Jorge Aparicio Date: Wed, 8 May 2024 18:37:36 +0200 Subject: [PATCH] expose security-aware setting in named.toml --- crates/server/src/store/recursor/authority.rs | 8 ++++++-- crates/server/src/store/recursor/config.rs | 6 ++++++ 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/crates/server/src/store/recursor/authority.rs b/crates/server/src/store/recursor/authority.rs index 56667689..3211306f 100644 --- a/crates/server/src/store/recursor/authority.rs +++ b/crates/server/src/store/recursor/authority.rs @@ -73,9 +73,13 @@ impl RecursiveAuthority { }); } - let recursor = Recursor::new() + let mut recursor = Recursor::new(); + recursor .ns_cache_size(config.ns_cache_size) - .record_cache_size(config.record_cache_size) + .record_cache_size(config.record_cache_size); + #[cfg(feature = "dnssec")] + recursor.security_aware(config.security_aware); + let recursor = recursor .build(roots) .map_err(|e| format!("failed to initialize recursor: {e}"))?; diff --git a/crates/server/src/store/recursor/config.rs b/crates/server/src/store/recursor/config.rs index 16970003..41843ef0 100644 --- a/crates/server/src/store/recursor/config.rs +++ b/crates/server/src/store/recursor/config.rs @@ -24,6 +24,7 @@ use crate::resolver::Name; /// Configuration for file based zones #[derive(Clone, Deserialize, Eq, PartialEq, Debug)] +#[serde(deny_unknown_fields)] pub struct RecursiveConfig { /// File with roots, aka hints pub roots: PathBuf, @@ -35,6 +36,11 @@ pub struct RecursiveConfig { /// Maximum DNS record cache size #[serde(default = "record_cache_size_default")] pub record_cache_size: usize, + + /// Whether the recursor is security-aware (RFC4035 section 3.2) + #[cfg(feature = "dnssec")] + #[serde(default)] + pub security_aware: bool, } impl RecursiveConfig {