summaryrefslogtreecommitdiff
path: root/dns.c
diff options
context:
space:
mode:
Diffstat (limited to 'dns.c')
-rw-r--r--dns.c14
1 files changed, 13 insertions, 1 deletions
diff --git a/dns.c b/dns.c
index c4d073cf5..e5872c190 100644
--- a/dns.c
+++ b/dns.c
@@ -203,6 +203,7 @@ verify_host_key_dns(const char *hostname, struct sockaddr *address,
203{ 203{
204 u_int counter; 204 u_int counter;
205 int result; 205 int result;
206 unsigned int rrset_flags = 0;
206 struct rrsetinfo *fingerprints = NULL; 207 struct rrsetinfo *fingerprints = NULL;
207 208
208 u_int8_t hostkey_algorithm; 209 u_int8_t hostkey_algorithm;
@@ -226,8 +227,19 @@ verify_host_key_dns(const char *hostname, struct sockaddr *address,
226 return -1; 227 return -1;
227 } 228 }
228 229
230 /*
231 * Original getrrsetbyname function, found on OpenBSD for example,
232 * doesn't accept any flag and prerequisite for obtaining AD bit in
233 * DNS response is set by "options edns0" in resolv.conf.
234 *
235 * Our version is more clever and use RRSET_FORCE_EDNS0 flag.
236 */
237#ifndef HAVE_GETRRSETBYNAME
238 rrset_flags |= RRSET_FORCE_EDNS0;
239#endif
229 result = getrrsetbyname(hostname, DNS_RDATACLASS_IN, 240 result = getrrsetbyname(hostname, DNS_RDATACLASS_IN,
230 DNS_RDATATYPE_SSHFP, 0, &fingerprints); 241 DNS_RDATATYPE_SSHFP, rrset_flags, &fingerprints);
242
231 if (result) { 243 if (result) {
232 verbose("DNS lookup error: %s", dns_result_totext(result)); 244 verbose("DNS lookup error: %s", dns_result_totext(result));
233 return -1; 245 return -1;
generated by cgit v1.2.3 (git 2.39.1) at 2024-08-27 18:41:17 +0000