e0e0c19eefceaf5d4ec40f9466b58a771f50e799vboxsync This file is part of systemd.
e0e0c19eefceaf5d4ec40f9466b58a771f50e799vboxsync Copyright 2016 Lennart Poettering
e0e0c19eefceaf5d4ec40f9466b58a771f50e799vboxsync systemd is free software; you can redistribute it and/or modify it
e0e0c19eefceaf5d4ec40f9466b58a771f50e799vboxsync under the terms of the GNU Lesser General Public License as published by
e0e0c19eefceaf5d4ec40f9466b58a771f50e799vboxsync the Free Software Foundation; either version 2.1 of the License, or
e0e0c19eefceaf5d4ec40f9466b58a771f50e799vboxsync (at your option) any later version.
e0e0c19eefceaf5d4ec40f9466b58a771f50e799vboxsync systemd is distributed in the hope that it will be useful, but
e0e0c19eefceaf5d4ec40f9466b58a771f50e799vboxsync WITHOUT ANY WARRANTY; without even the implied warranty of
e0e0c19eefceaf5d4ec40f9466b58a771f50e799vboxsync MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
e0e0c19eefceaf5d4ec40f9466b58a771f50e799vboxsync Lesser General Public License for more details.
e0e0c19eefceaf5d4ec40f9466b58a771f50e799vboxsync You should have received a copy of the GNU Lesser General Public License
772269936494ffaddd0750ba9e28e805ba81398cvboxsync along with systemd; If not, see <http://www.gnu.org/licenses/>.
a48399c41d6eb8b66ad69c050ad263af36873e9cvboxsync /* No DNSSEC validation is done */
e0e0c19eefceaf5d4ec40f9466b58a771f50e799vboxsync /* Validate locally, if the server knows DO, but if not,
e0e0c19eefceaf5d4ec40f9466b58a771f50e799vboxsync * don't. Don't trust the AD bit. If the server doesn't do
a48399c41d6eb8b66ad69c050ad263af36873e9cvboxsync * DNSSEC properly, downgrade to non-DNSSEC operation. Of
a48399c41d6eb8b66ad69c050ad263af36873e9cvboxsync * course, we then are vulnerable to a downgrade attack, but
a48399c41d6eb8b66ad69c050ad263af36873e9cvboxsync * that's life and what is configured. */
e0e0c19eefceaf5d4ec40f9466b58a771f50e799vboxsync /* Insist on DNSSEC server support, and rather fail than downgrading. */
de4b88070eed3a77d1e5b285a6373124450f8fccvboxsyncint config_parse_resolve_support(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
aae15a3015041f7ed6043344bf4939736254acf6vboxsyncint config_parse_dnssec_mode(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
ba44972d4fba964e9794fb07b869741c42aa7d35vboxsyncconst char* resolve_support_to_string(ResolveSupport p) _const_;
ba44972d4fba964e9794fb07b869741c42aa7d35vboxsyncResolveSupport resolve_support_from_string(const char *s) _pure_;
aae15a3015041f7ed6043344bf4939736254acf6vboxsyncconst char* dnssec_mode_to_string(DnssecMode p) _const_;