diff options
| author | Lennart Poettering <lennart@poettering.net> | 2016-01-11 20:05:29 +0100 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2016-01-11 20:05:29 +0100 |
| commit | d0129ddb9fbb07bed7c8ea51b8031f824bf506fb (patch) | |
| tree | 9467e4acba84631984450893495e50a9bde15720 | |
| parent | 274b874830b93e6592f190608866133384066a35 (diff) | |
resolved: refuse doing queries for known-obsolete RR types
Given how fragile DNS servers are with some DNS types, and given that we really should avoid confusing them with
known-weird lookups, refuse doing lookups for known-obsolete RR types.
| -rw-r--r-- | src/resolve/dns-type.c | 27 | ||||
| -rw-r--r-- | src/resolve/dns-type.h | 1 | ||||
| -rw-r--r-- | src/resolve/resolved-bus.c | 2 | ||||
| -rw-r--r-- | src/resolve/resolved-dns-transaction.c | 2 |
4 files changed, 32 insertions, 0 deletions
diff --git a/src/resolve/dns-type.c b/src/resolve/dns-type.c index 646d98cd46..2522374c33 100644 --- a/src/resolve/dns-type.c +++ b/src/resolve/dns-type.c @@ -124,6 +124,33 @@ bool dns_type_is_dnssec(uint16_t type) { DNS_TYPE_NSEC3PARAM); } +bool dns_type_is_obsolete(uint16_t type) { + return IN_SET(type, + /* Obsoleted by RFC 973 */ + DNS_TYPE_MD, + DNS_TYPE_MF, + DNS_TYPE_MAILA, + + /* Kinda obsoleted by RFC 2505 */ + DNS_TYPE_MB, + DNS_TYPE_MG, + DNS_TYPE_MR, + DNS_TYPE_MINFO, + DNS_TYPE_MAILB, + + /* RFC1127 kinda obsoleted this by recommending against its use */ + DNS_TYPE_WKS, + + /* Declared historical by RFC 6563 */ + DNS_TYPE_A6, + + /* Obsoleted by DNSSEC-bis */ + DNS_TYPE_NXT, + + /* RFC 1035 removed support for concepts that needed this from RFC 883 */ + DNS_TYPE_NULL); +} + const char *dns_class_to_string(uint16_t class) { switch (class) { diff --git a/src/resolve/dns-type.h b/src/resolve/dns-type.h index 6b3516a76b..45080fd243 100644 --- a/src/resolve/dns-type.h +++ b/src/resolve/dns-type.h @@ -130,6 +130,7 @@ bool dns_type_is_valid_query(uint16_t type); bool dns_type_is_valid_rr(uint16_t type); bool dns_type_may_redirect(uint16_t type); bool dns_type_is_dnssec(uint16_t type); +bool dns_type_is_obsolete(uint16_t type); bool dns_class_is_pseudo(uint16_t class); bool dns_class_is_valid_rr(uint16_t class); diff --git a/src/resolve/resolved-bus.c b/src/resolve/resolved-bus.c index 87eeb6055d..437b1929f4 100644 --- a/src/resolve/resolved-bus.c +++ b/src/resolve/resolved-bus.c @@ -563,6 +563,8 @@ static int bus_method_resolve_record(sd_bus_message *message, void *userdata, sd if (!dns_type_is_valid_query(type)) return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid RR type for query %" PRIu16, type); + if (dns_type_is_obsolete(type)) + return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED, "Specified DNS RR type %" PRIu16 " is obsolete.", type); r = check_ifindex_flags(ifindex, &flags, 0, error); if (r < 0) diff --git a/src/resolve/resolved-dns-transaction.c b/src/resolve/resolved-dns-transaction.c index a6d3a27f8b..9ee10f21c8 100644 --- a/src/resolve/resolved-dns-transaction.c +++ b/src/resolve/resolved-dns-transaction.c @@ -138,6 +138,8 @@ int dns_transaction_new(DnsTransaction **ret, DnsScope *s, DnsResourceKey *key) /* Don't allow looking up invalid or pseudo RRs */ if (!dns_type_is_valid_query(key->type)) return -EINVAL; + if (dns_type_is_obsolete(key->type)) + return -EOPNOTSUPP; /* We only support the IN class */ if (key->class != DNS_CLASS_IN && key->class != DNS_CLASS_ANY) |