dearsky/numa
1
0
Fork 0
Code Issues 10 Pull Requests 1 Actions Packages Projects Releases 25 Wiki Activity

feat: enable DNSSEC validation by default

Browse Source 
With recursive as the default mode, DNSSEC validation completes the
trustless resolution chain. Strict mode remains off by default.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Razvan Dimescu
2026-04-01 06:07:40 +03:00
parent e608e12000
commit 5626da097d
1 changed files with 15 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
src/config.rs
View File

@@ -114,6 +114,10 @@ impl Default for UpstreamConfig {
} }
} }
fn default_true() -> bool {
true
}
fn default_srtt() -> bool { fn default_srtt() -> bool {
true true
} }
@@ -356,14 +360,23 @@ fn default_lan_peer_timeout() -> u64 {
90 90
} }
#[derive(Deserialize, Clone, Default)] #[derive(Deserialize, Clone)]
pub struct DnssecConfig { pub struct DnssecConfig {
#[serde(default)] #[serde(default = "default_true")]
pub enabled: bool, pub enabled: bool,
#[serde(default)] #[serde(default)]
pub strict: bool, pub strict: bool,
} }
impl Default for DnssecConfig {
fn default() -> Self {
DnssecConfig {
enabled: true,
strict: false,
}
}
}
#[cfg(test)] #[cfg(test)]
mod tests { mod tests {
use super::*; use super::*;