resolved: add comments referencing various RFCs to various places

src/resolve/resolved-dns-cache.c

@@ -26,7 +26,8 @@
 #include "resolved-dns-packet.h"
 #include "string-util.h"
 
-/* Never cache more than 4K entries */
+/* Never cache more than 4K entries. RFC 1536, Section 5 suggests to
+ * leave DNS caches unbounded, but that's crazy. */
 #define CACHE_MAX 4096
 
 /* We never keep any item longer than 2h in our cache */

src/resolve/resolved-dns-dnssec.c

@@ -458,7 +458,15 @@ static int dnssec_rrsig_expired(DnsResourceRecord *rrsig, usec_t realtime) {
 
 static int algorithm_to_gcrypt_md(uint8_t algorithm) {
 
-        /* Translates a DNSSEC signature algorithm into a gcrypt digest identifier */
+        /* Translates a DNSSEC signature algorithm into a gcrypt
+         * digest identifier.
+         *
+         * Note that we implement all algorithms listed as "Must
+         * implement" and "Recommended to Implement" in RFC6944. We
+         * don't implement any algorithms that are listed as
+         * "Optional" or "Must Not Implement". Specifically, we do not
+         * implement RSAMD5, DSASHA1, DH, DSA-NSEC3-SHA1, and
+         * GOST-ECC. */
 
         switch (algorithm) {
 

src/resolve/resolved-dns-rr.c

@@ -311,6 +311,9 @@ int dns_resource_key_to_string(const DnsResourceKey *key, char **ret) {
         const char *c, *t;
         char *s;
 
+        /* If we cannot convert the CLASS/TYPE into a known string,
+           use the format recommended by RFC 3597, Section 5. */
+
         c = dns_class_to_string(key->class);
         if (!c) {
                 sprintf(cbuf, "CLASS%u", key->class);
@@ -1021,6 +1024,7 @@ const char *dns_resource_record_to_string(DnsResourceRecord *rr) {
                 if (!t)
                         return NULL;
 
+                /* Format as documented in RFC 3597, Section 5 */
                 r = asprintf(&s, "%s \\# %zu %s", k, rr->generic.size, t);
                 if (r < 0)
                         return NULL;

src/resolve/resolved-dns-rr.h

@@ -157,6 +157,7 @@ struct DnsResourceRecord {
                         char *exchange;
                 } mx;
 
+                /* https://tools.ietf.org/html/rfc1876 */
                 struct {
                         uint8_t version;
                         uint8_t size;
@@ -167,14 +168,6 @@ struct DnsResourceRecord {
                         uint32_t altitude;
                 } loc;
 
-                struct {
-                        uint16_t key_tag;
-                        uint8_t algorithm;
-                        uint8_t digest_type;
-                        void *digest;
-                        size_t digest_size;
-                } ds;
-
                 /* https://tools.ietf.org/html/rfc4255#section-3.1 */
                 struct {
                         uint8_t algorithm;
@@ -212,6 +205,15 @@ struct DnsResourceRecord {
                         Bitmap *types;
                 } nsec;
 
+                /* https://tools.ietf.org/html/rfc4034#section-5.1 */
+                struct {
+                        uint16_t key_tag;
+                        uint8_t algorithm;
+                        uint8_t digest_type;
+                        void *digest;
+                        size_t digest_size;
+                } ds;
+
                 struct {
                         uint8_t algorithm;
                         uint8_t flags;