diff options
| author | Lennart Poettering <lennart@poettering.net> | 2016-01-18 22:33:23 +0100 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2016-01-18 23:31:16 +0100 |
| commit | 542e0c84d1518a1515e03194dd25299b2652778c (patch) | |
| tree | 0c862d869f25f16a2239cbc612165409abc47a3d | |
| parent | 59a899908f9f1ead3cdb8b87ff98225054b5dab0 (diff) | |
resolved: never consider following a CNAME/DNAME chain for a CNAME/DNAME lookup
Let's avoid thinking that a CNAME/DNAME chain traversal could be a good idea if QTYPE is already CNAME/DNAME.
(Also, let's bail out early when trying to see if some RR is a suitable CNAME/DNAME for some other RR).
| -rw-r--r-- | src/resolve/resolved-dns-query.c | 2 | ||||
| -rw-r--r-- | src/resolve/resolved-dns-question.c | 9 | ||||
| -rw-r--r-- | src/resolve/resolved-dns-question.h | 2 |
3 files changed, 10 insertions, 3 deletions
diff --git a/src/resolve/resolved-dns-query.c b/src/resolve/resolved-dns-query.c index 2938238f27..1b7083d7dc 100644 --- a/src/resolve/resolved-dns-query.c +++ b/src/resolve/resolved-dns-query.c @@ -1268,7 +1268,7 @@ int dns_query_process_cname(DnsQuery *q) { if (r > 0) return DNS_QUERY_MATCH; /* The answer matches directly, no need to follow cnames */ - r = dns_question_matches_cname(question, rr, DNS_SEARCH_DOMAIN_NAME(q->answer_search_domain)); + r = dns_question_matches_cname_or_dname(question, rr, DNS_SEARCH_DOMAIN_NAME(q->answer_search_domain)); if (r < 0) return r; if (r > 0 && !cname) diff --git a/src/resolve/resolved-dns-question.c b/src/resolve/resolved-dns-question.c index fb5637779c..1e41a9aa3c 100644 --- a/src/resolve/resolved-dns-question.c +++ b/src/resolve/resolved-dns-question.c @@ -108,7 +108,7 @@ int dns_question_matches_rr(DnsQuestion *q, DnsResourceRecord *rr, const char *s return 0; } -int dns_question_matches_cname(DnsQuestion *q, DnsResourceRecord *rr, const char *search_domain) { +int dns_question_matches_cname_or_dname(DnsQuestion *q, DnsResourceRecord *rr, const char *search_domain) { unsigned i; int r; @@ -117,7 +117,14 @@ int dns_question_matches_cname(DnsQuestion *q, DnsResourceRecord *rr, const char if (!q) return 0; + if (!IN_SET(rr->key->type, DNS_TYPE_CNAME, DNS_TYPE_DNAME)) + return 0; + for (i = 0; i < q->n_keys; i++) { + /* For a {C,D}NAME record we can never find a matching {C,D}NAME record */ + if (!dns_type_may_redirect(q->keys[i]->type)) + return 0; + r = dns_resource_key_match_cname_or_dname(q->keys[i], rr->key, search_domain); if (r != 0) return r; diff --git a/src/resolve/resolved-dns-question.h b/src/resolve/resolved-dns-question.h index 7ca9224e6f..98e1f0e366 100644 --- a/src/resolve/resolved-dns-question.h +++ b/src/resolve/resolved-dns-question.h @@ -45,7 +45,7 @@ int dns_question_new_service(DnsQuestion **ret, const char *service, const char int dns_question_add(DnsQuestion *q, DnsResourceKey *key); int dns_question_matches_rr(DnsQuestion *q, DnsResourceRecord *rr, const char *search_domain); -int dns_question_matches_cname(DnsQuestion *q, DnsResourceRecord *rr, const char* search_domain); +int dns_question_matches_cname_or_dname(DnsQuestion *q, DnsResourceRecord *rr, const char* search_domain); int dns_question_is_valid_for_query(DnsQuestion *q); int dns_question_contains(DnsQuestion *a, const DnsResourceKey *k); int dns_question_is_equal(DnsQuestion *a, DnsQuestion *b); |