diff --git a/src/general.c b/src/general.c index f5f1abf1..aed20f1c 100644 --- a/src/general.c +++ b/src/general.c @@ -251,7 +251,8 @@ _getdns_check_dns_req_complete(getdns_dns_req *dns_req) #ifdef STUB_NATIVE_DNSSEC || (dns_req->context->resolution_type == GETDNS_RESOLUTION_STUB && (dns_req->dnssec_return_status || - dns_req->dnssec_return_only_secure + dns_req->dnssec_return_only_secure || + dns_req->dnssec_return_all_statuses )) #endif ) @@ -330,6 +331,7 @@ _getdns_submit_netreq(getdns_network_req *netreq) if ( dns_req->context->resolution_type == GETDNS_RESOLUTION_RECURSING || dns_req->dnssec_return_status || dns_req->dnssec_return_only_secure + || dns_req->dnssec_return_all_statuses || dns_req->dnssec_return_validation_chain) { #endif /* schedule the timeout */ @@ -398,6 +400,7 @@ validate_extensions(struct getdns_dict * extensions) static getdns_extension_format extformats[] = { {"add_opt_parameters" , t_dict, 1}, {"add_warning_for_bad_dns" , t_int , 1}, + {"dnssec_return_all_statuses" , t_int , 1}, {"dnssec_return_only_secure" , t_int , 1}, {"dnssec_return_status" , t_int , 1}, {"dnssec_return_validation_chain", t_int , 1}, diff --git a/src/request-internal.c b/src/request-internal.c index c46aa3ea..aff967fd 100644 --- a/src/request-internal.c +++ b/src/request-internal.c @@ -639,6 +639,8 @@ _getdns_dns_req_new(getdns_context *context, getdns_eventloop *loop, || is_extension_set(extensions, "dnssec_return_status"); int dnssec_return_only_secure = is_extension_set(extensions, "dnssec_return_only_secure"); + int dnssec_return_all_statuses + = is_extension_set(extensions, "dnssec_return_all_statuses"); int dnssec_return_validation_chain = is_extension_set(extensions, "dnssec_return_validation_chain"); int edns_cookies @@ -653,7 +655,8 @@ _getdns_dns_req_new(getdns_context *context, getdns_eventloop *loop, #endif int dnssec_extension_set = dnssec_return_status - || dnssec_return_only_secure || dnssec_return_validation_chain + || dnssec_return_only_secure || dnssec_return_all_statuses + || dnssec_return_validation_chain || (extensions == dnssec_ok_checking_disabled) || (extensions == dnssec_ok_checking_disabled_roadblock_avoidance) || (extensions == dnssec_ok_checking_disabled_avoid_roadblocks) @@ -850,6 +853,7 @@ _getdns_dns_req_new(getdns_context *context, getdns_eventloop *loop, ((uint64_t)arc4random()); result->dnssec_return_status = dnssec_return_status; result->dnssec_return_only_secure = dnssec_return_only_secure; + result->dnssec_return_all_statuses = dnssec_return_all_statuses; result->dnssec_return_validation_chain = dnssec_return_validation_chain; result->edns_cookies = edns_cookies; #ifdef DNSSEC_ROADBLOCK_AVOIDANCE diff --git a/src/test/getdns_query.c b/src/test/getdns_query.c index a17a4bec..083b34ae 100644 --- a/src/test/getdns_query.c +++ b/src/test/getdns_query.c @@ -472,6 +472,7 @@ print_usage(FILE *out, const char *progname) fprintf(out, "\t+add_warning_for_bad_dns\n"); fprintf(out, "\t+dnssec_return_status\n"); fprintf(out, "\t+dnssec_return_only_secure\n"); + fprintf(out, "\t+dnssec_return_all_statuses\n"); fprintf(out, "\t+dnssec_return_validation_chain\n"); #ifdef DNSSEC_ROADBLOCK_AVOIDANCE fprintf(out, "\t+dnssec_roadblock_avoidance\n"); diff --git a/src/types-internal.h b/src/types-internal.h index 38354c86..eb7bec31 100644 --- a/src/types-internal.h +++ b/src/types-internal.h @@ -286,6 +286,7 @@ typedef struct getdns_dns_req { /* request extensions */ int dnssec_return_status; int dnssec_return_only_secure; + int dnssec_return_all_statuses; int dnssec_return_validation_chain; #ifdef DNSSEC_ROADBLOCK_AVOIDANCE int dnssec_roadblock_avoidance; diff --git a/src/util-internal.c b/src/util-internal.c index 2498306b..90c8be1e 100644 --- a/src/util-internal.c +++ b/src/util-internal.c @@ -862,7 +862,8 @@ _getdns_create_getdns_response(getdns_dns_req *completed_request) return NULL; dnssec_return_status = completed_request->dnssec_return_status || - completed_request->dnssec_return_only_secure + completed_request->dnssec_return_only_secure || + completed_request->dnssec_return_all_statuses #ifdef DNSSEC_ROADBLOCK_AVOIDANCE || completed_request->dnssec_roadblock_avoidance #endif @@ -907,7 +908,8 @@ _getdns_create_getdns_response(getdns_dns_req *completed_request) nbogus++; - if (! completed_request->dnssec_return_validation_chain) { + if (! completed_request->dnssec_return_all_statuses && + ! completed_request->dnssec_return_validation_chain) { if (dnssec_return_status && netreq->dnssec_status == GETDNS_DNSSEC_BOGUS) continue;