summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2015-08-14 13:21:28 +0200
committerLennart Poettering <lennart@poettering.net>2015-08-14 13:21:28 +0200
commit9b644bf921ca3b1f3967a794932c8e56636908db (patch)
tree52b037dd3bd61d9c6c55be7eba9968678f7a9810
parent2a1037af15dfcfdaea5888fee310c357b8be199d (diff)
resolved: never allow routing of "localhost" queries to DNS or LLMNR
We should never allow leaking of "localhost" queries onto the network, even if there's an explicit domain rotue set for this.
-rw-r--r--src/resolve/resolved-dns-scope.c8
1 files changed, 4 insertions, 4 deletions
diff --git a/src/resolve/resolved-dns-scope.c b/src/resolve/resolved-dns-scope.c
index b8414da87e..57d9071dfc 100644
--- a/src/resolve/resolved-dns-scope.c
+++ b/src/resolve/resolved-dns-scope.c
@@ -325,10 +325,6 @@ DnsScopeMatch dns_scope_good_domain(DnsScope *s, int ifindex, uint64_t flags, co
if ((SD_RESOLVED_FLAGS_MAKE(s->protocol, s->family) & flags) == 0)
return DNS_SCOPE_NO;
- STRV_FOREACH(i, s->domains)
- if (dns_name_endswith(domain, *i) > 0)
- return DNS_SCOPE_YES;
-
if (dns_name_root(domain) != 0)
return DNS_SCOPE_NO;
@@ -340,6 +336,10 @@ DnsScopeMatch dns_scope_good_domain(DnsScope *s, int ifindex, uint64_t flags, co
dns_name_equal(domain, "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa") > 0)
return DNS_SCOPE_NO;
+ STRV_FOREACH(i, s->domains)
+ if (dns_name_endswith(domain, *i) > 0)
+ return DNS_SCOPE_YES;
+
if (s->protocol == DNS_PROTOCOL_DNS) {
if (dns_name_endswith(domain, "254.169.in-addr.arpa") == 0 &&
dns_name_endswith(domain, "0.8.e.f.ip6.arpa") == 0 &&