Implement rfc6840 (AD flag processing) if using trusted name servers

libc can't do DNSSEC validation but it can ask a "security-aware"
resolver to do so. Let's send queries with the AD flag set when
appropriate, and let applications look at the AD flag in responses in
a safe way, ie clear the AD flag if the resolvers aren't trusted.
By default we only trust resolvers if resolv.conf(5) only lists name
servers on localhost - the obvious candidates being unwind(8) and
unbound(8). For non-localhost resolvers, an admin who trusts *all the
name servers* listed in resolv.conf(5) *and the network path leading to
them* can annotate this with "options trust-ad".

AD flag processing gives ssh -o VerifyHostkeyDNS=Yes a chance to fetch
SSHFP records in a secure manner, and tightens the situation for other
applications, eg those using RES_USE_DNSSEC for DANE. It should be
noted that postfix currently assumes trusted name servers by default and
forces RES_TRUSTAD if available.

RES_TRUSTAD and "options trust-ad" were first introduced in glibc by
Florian Weimer. Florian Obser (florian@) contributed various
improvements, fixed a bug and added automatic trust for name servers on
localhost.

ok florian@ phessler@

Unbreak tree. Last minute changes are evil.

There are cases where a program doing dns requests wants to set the
Checking Disabled flag. Introduce a RES flag to do so. ok krw@
deraadt@ eric@

Add support for RES_USE_DNSSEC

RES_USE_DNSSEC is implemented by setting the DNSSEC DO bit in outgoing
queries. The resolver is then supposed to set the AD bit in the reply
if it managed to validate the answer through DNSSEC. Useful when the
application doesn't implement validation internally. This scheme
assumes that the validating resolver is trusted and that the
communication channel between the validating resolver and and the client
is secure.

ok eric@ gilles@

Add EDNS0 support.

EDNS allows for various DNS extensions, among which UDP DNS packets size
bigger than 512 bytes. The default is still to not advertize anything.

ok eric@

Hide all unnecessary asr / resolver related API with _ prefixes.
direction & ok guenther

Make the asr API public. Install asr.h to /usr/include.h and manpages.
Include tweaks suggested by mpi@

ok deraadt@

prefix structure names to avoid ambiguity and possible collisions when
the API gets public.

ok deraadt@

Make some symbols static and prefix all visible symbols with asr_
to prevent collisions with third-party programs.

suggested by sthen@, ok theo@

properly check for domain name truncation at various places and fail
if that happens.

prodded by deraadt@

res_querydomain()'s code to terminate the domain with '.' had the assignment
flipped so that it always used a domain of ".."

Heavy lifting by otto@
ok eric@ otto@ miod@

knf

make separate structures for pack and unpack

split asr_resolver.c into different files to overlay the libc/net
resolver implementation.

Unbreak tree. Last minute changes are evil.

There are cases where a program doing dns requests wants to set the
Checking Disabled flag. Introduce a RES flag to do so. ok krw@
deraadt@ eric@

Add support for RES_USE_DNSSEC

RES_USE_DNSSEC is implemented by setting the DNSSEC DO bit in outgoing
queries. The resolver is then supposed to set the AD bit in the reply
if it managed to validate the answer through DNSSEC. Useful when the
application doesn't implement validation internally. This scheme
assumes that the validating resolver is trusted and that the
communication channel between the validating resolver and and the client
is secure.

ok eric@ gilles@

Add EDNS0 support.

EDNS allows for various DNS extensions, among which UDP DNS packets size
bigger than 512 bytes. The default is still to not advertize anything.

ok eric@

Hide all unnecessary asr / resolver related API with _ prefixes.
direction & ok guenther

Make the asr API public. Install asr.h to /usr/include.h and manpages.
Include tweaks suggested by mpi@

ok deraadt@

prefix structure names to avoid ambiguity and possible collisions when
the API gets public.

ok deraadt@

Make some symbols static and prefix all visible symbols with asr_
to prevent collisions with third-party programs.

suggested by sthen@, ok theo@

properly check for domain name truncation at various places and fail
if that happens.

prodded by deraadt@

res_querydomain()'s code to terminate the domain with '.' had the assignment
flipped so that it always used a domain of ".."

Heavy lifting by otto@
ok eric@ otto@ miod@

knf

make separate structures for pack and unpack

split asr_resolver.c into different files to overlay the libc/net
resolver implementation.

Add support for RES_USE_DNSSEC

RES_USE_DNSSEC is implemented by setting the DNSSEC DO bit in outgoing
queries. The resolver is then supposed to set the AD bit in the reply
if it managed to validate the answer through DNSSEC. Useful when the
application doesn't implement validation internally. This scheme
assumes that the validating resolver is trusted and that the
communication channel between the validating resolver and and the client
is secure.

ok eric@ gilles@

Add EDNS0 support.

EDNS allows for various DNS extensions, among which UDP DNS packets size
bigger than 512 bytes. The default is still to not advertize anything.

ok eric@

Hide all unnecessary asr / resolver related API with _ prefixes.
direction & ok guenther

Make the asr API public. Install asr.h to /usr/include.h and manpages.
Include tweaks suggested by mpi@

ok deraadt@

prefix structure names to avoid ambiguity and possible collisions when
the API gets public.

ok deraadt@

Make some symbols static and prefix all visible symbols with asr_
to prevent collisions with third-party programs.

suggested by sthen@, ok theo@

properly check for domain name truncation at various places and fail
if that happens.

prodded by deraadt@

res_querydomain()'s code to terminate the domain with '.' had the assignment
flipped so that it always used a domain of ".."

Heavy lifting by otto@
ok eric@ otto@ miod@

knf

make separate structures for pack and unpack

split asr_resolver.c into different files to overlay the libc/net
resolver implementation.