Skip to content

dns: add edns0 and trust-ad options when using local resolver

Beniamino Galvani requested to merge bg/dns-stub-edns0 into master

EDNS(0) is not enabled by default in glibc because the option has interoperability issues with some DNS servers. dnsmasq and systemd-resolved don't have such problems.

Enable the option automatically when using a local resolver so that the data provided via EDNS(0) (e.g. SSH fingerprints or DNSSEC information) is available to applications.

While at it, also enable 'trust-ad', as otherwise glibc (from version 2.31) strips the AD bit from responses [1].

systemd-resolved also adds both flags to resolv.conf when using the stub resolver [2].

[1] https://sourceware.org/git/?p=glibc.git;a=blobdiff;f=NEWS;h=12b239c1fbbe789114e59fed136efcdeecc5c9cd;hp=4e28dc473c844ef230e973fc8861bfbd4bc36b74;hb=446997ff1433d33452b81dfa9e626b8dccf101a4;hpb=4a2ab5843a5cc4a5db1b3b79916a520ea8b115dc [2] https://github.com/systemd/systemd/blob/v246/src/resolve/resolved-resolv-conf.c#L310

#233 (closed) https://bugzilla.redhat.com/show_bug.cgi?id=1878166

Merge request reports