From acf9a0fa19928e605ac8ac3314890c9fef73e16b Mon Sep 17 00:00:00 2001 From: Miek Gieben Date: Thu, 17 Sep 2020 16:28:43 +0200 Subject: cache: default to DNSSEC (#4085) * cache: default to DNSSEC This change does away with the DNS/DNSSEC distinction the cache currently makes. Cache will always make coredns perform a DNSSEC query and store that result. If a client just needs plain DNS, the DNSSEC records are stripped from the response. It should also be more memory efficient, because we store a reply once and not one DNS and another for DNSSEC. Fixes: #3836 Signed-off-by: Miek Gieben * Change OPT RR when one is present in the msg. Signed-off-by: Miek Gieben * Fix comment for isDNSSEC Signed-off-by: Miek Gieben * Update plugin/cache/handler.go Co-authored-by: Chris O'Haver * Update plugin/cache/item.go Co-authored-by: Chris O'Haver * Code review; fix comment for isDNSSEC Signed-off-by: Miek Gieben * Update doc and set AD to false Set Authenticated Data to false when DNSSEC was not wanted. Also update the readme with the new behavior. Signed-off-by: Miek Gieben * Update plugin/cache/handler.go Co-authored-by: Chris O'Haver Co-authored-by: Chris O'Haver --- request/request.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'request/request.go') diff --git a/request/request.go b/request/request.go index 7374b0bd6..649e573c1 100644 --- a/request/request.go +++ b/request/request.go @@ -144,7 +144,7 @@ func (r *Request) Family() int { return 2 } -// Do returns if the request has the DO (DNSSEC OK) bit set. +// Do returns true if the request has the DO (DNSSEC OK) bit set. func (r *Request) Do() bool { if r.size != 0 { return r.do -- cgit v1.2.3