diff options
author | 2020-09-17 16:28:43 +0200 | |
---|---|---|
committer | 2020-09-17 07:28:43 -0700 | |
commit | acf9a0fa19928e605ac8ac3314890c9fef73e16b (patch) | |
tree | a442ad2a7894d86b462eade46c44db4572016333 /request | |
parent | 22b68466262219284a47063e7f7bf9a833d21b61 (diff) | |
download | coredns-acf9a0fa19928e605ac8ac3314890c9fef73e16b.tar.gz coredns-acf9a0fa19928e605ac8ac3314890c9fef73e16b.tar.zst coredns-acf9a0fa19928e605ac8ac3314890c9fef73e16b.zip |
cache: default to DNSSEC (#4085)
* cache: default to DNSSEC
This change does away with the DNS/DNSSEC distinction the cache
currently makes. Cache will always make coredns perform a DNSSEC query
and store that result. If a client just needs plain DNS, the DNSSEC
records are stripped from the response.
It should also be more memory efficient, because we store a reply once
and not one DNS and another for DNSSEC.
Fixes: #3836
Signed-off-by: Miek Gieben <miek@miek.nl>
* Change OPT RR when one is present in the msg.
Signed-off-by: Miek Gieben <miek@miek.nl>
* Fix comment for isDNSSEC
Signed-off-by: Miek Gieben <miek@miek.nl>
* Update plugin/cache/handler.go
Co-authored-by: Chris O'Haver <cohaver@infoblox.com>
* Update plugin/cache/item.go
Co-authored-by: Chris O'Haver <cohaver@infoblox.com>
* Code review; fix comment for isDNSSEC
Signed-off-by: Miek Gieben <miek@miek.nl>
* Update doc and set AD to false
Set Authenticated Data to false when DNSSEC was not wanted. Also update
the readme with the new behavior.
Signed-off-by: Miek Gieben <miek@miek.nl>
* Update plugin/cache/handler.go
Co-authored-by: Chris O'Haver <cohaver@infoblox.com>
Co-authored-by: Chris O'Haver <cohaver@infoblox.com>
Diffstat (limited to 'request')
-rw-r--r-- | request/request.go | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/request/request.go b/request/request.go index 7374b0bd6..649e573c1 100644 --- a/request/request.go +++ b/request/request.go @@ -144,7 +144,7 @@ func (r *Request) Family() int { return 2 } -// Do returns if the request has the DO (DNSSEC OK) bit set. +// Do returns true if the request has the DO (DNSSEC OK) bit set. func (r *Request) Do() bool { if r.size != 0 { return r.do |