From 29b6e8b053d21f0a1e722e1c3be38371e7efaf10 Mon Sep 17 00:00:00 2001
From: manuel <manuel@mausz.at>
Date: Thu, 10 Aug 2023 01:10:02 +0200
Subject: add support for querying DNSSEC ad (validated) flag

also migrate from deprecated resolver functions
---
 dns.c | 44 ++++++++++++++++++++++++++------------------
 1 file changed, 26 insertions(+), 18 deletions(-)

(limited to 'dns.c')

diff --git a/dns.c b/dns.c
index b4d106c..d43e946 100644
--- a/dns.c
+++ b/dns.c
@@ -5,8 +5,6 @@
 #include <arpa/nameser.h>
 #include <resolv.h>
 #include <errno.h>
-extern int res_query();
-extern int res_search();
 #include "ip.h"
 #include "ipalloc.h"
 #include "fmt.h"
@@ -24,7 +22,6 @@ static int responsebuflen = 0;
 static int responselen;
 static unsigned char *responseend;
 static unsigned char *responsepos;
-static u_long saveresoptions;
 
 static int numanswers;
 static char name[MAXDNAME];
@@ -33,16 +30,21 @@ unsigned short pref;
 
 static stralloc glue = {0};
 
-static int (*lookup)() = res_query;
+static struct __res_state dns_res_state;
+static unsigned short dns_res_ad_flag = 0;
 
-static int resolve(domain,type)
-stralloc *domain;
-int type;
+static int (*lookup)(res_state statep, const char *dname, int class, int type, unsigned char *answer, int anslen) = res_nquery;
+
+static int resolve(stralloc *domain, int type)
 {
  int n;
  int i;
 
  errno = 0;
+
+ if ((dns_res_state.options & RES_INIT) == 0 && res_ninit(&dns_res_state) < 0)
+  return DNS_MEM;
+
  if (!stralloc_copy(&glue,domain)) return DNS_MEM;
  if (!stralloc_0(&glue)) return DNS_MEM;
  if (!responsebuflen)
@@ -50,7 +52,8 @@ int type;
    responsebuflen = PACKETSZ+1;
   else return DNS_MEM;
 
- responselen = lookup(glue.s,C_IN,type,response.buf,responsebuflen);
+ dns_res_ad_flag = 0;
+ responselen = lookup(&dns_res_state, glue.s, C_IN, type, response.buf, responsebuflen);
  if ((responselen >= responsebuflen) ||
      (responselen > 0 && (((HEADER *)response.buf)->tc)))
   {
@@ -58,10 +61,10 @@ int type;
     if (alloc_re(&response.buf, responsebuflen, 65536))
      responsebuflen = 65536;
     else return DNS_MEM;
-    saveresoptions = _res.options;
-    _res.options |= RES_USEVC;
-    responselen = lookup(glue.s,C_IN,type,response.buf,responsebuflen);
-    _res.options = saveresoptions;
+    u_long saveresoptions = dns_res_state.options;
+    dns_res_state.options |= RES_USEVC;
+    responselen = lookup(&dns_res_state, glue.s, C_IN, type, response.buf, responsebuflen);
+    dns_res_state.options = saveresoptions;
   }
  if (responselen <= 0)
   {
@@ -82,9 +85,15 @@ int type;
    responsepos += QFIXEDSZ;
   }
  numanswers = ntohs(((HEADER *)response.buf)->ancount);
+ dns_res_ad_flag = ((HEADER *)response.buf)->ad;
  return 0;
 }
 
+short dns_last_query_validated()
+{
+  return dns_res_ad_flag;
+}
+
 static int findname(wanttype)
 int wanttype;
 {
@@ -194,11 +203,9 @@ int wanttype;
  return 0;
 }
 
-void dns_init(flagsearch)
-int flagsearch;
+void dns_use_search(int use_search)
 {
- res_init();
- if (flagsearch) lookup = res_search;
+ lookup = (use_search) ? res_nsearch : res_nquery;
 }
 
 int dns_cname(sa)
@@ -308,13 +315,14 @@ int pref;
    ix.pref = pref;
    if (r == DNS_SOFT) return DNS_SOFT;
    if (r == 1) {
-#ifdef IX_FQDN
+#ifdef TLS
      ix.fqdn = glue.s;
+     ix.validated = dns_last_query_validated();
 #endif
      if (!ipalloc_append(ia,&ix)) return DNS_MEM;
   }
   }
-#ifdef IX_FQDN
+#ifdef TLS
  glue.s = 0;
 #endif
  return 0;
-- 
cgit v1.2.3