diff options
| author | Lennart Poettering <lennart@poettering.net> | 2017-02-14 19:25:47 +0100 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2017-02-17 10:25:15 +0100 |
| commit | 941dd294507e1def8fd5e59c5bc3e3ed2b27b6b0 (patch) | |
| tree | 9bac331bc02b9a9f622eaf60ec9727be0d36bc0d | |
| parent | ce7c8b20df36550ee7d30862b50afdea0d206907 (diff) | |
resolved: automatically downgrade reply bits on send
Doesn't really change anything, but makes things a bit simpler to read.
| -rw-r--r-- | src/resolve/resolved-dns-stub.c | 17 |
1 files changed, 13 insertions, 4 deletions
diff --git a/src/resolve/resolved-dns-stub.c b/src/resolve/resolved-dns-stub.c index 7d43825960..12936bc015 100644 --- a/src/resolve/resolved-dns-stub.c +++ b/src/resolve/resolved-dns-stub.c @@ -94,9 +94,18 @@ static int dns_stub_finish_reply_packet( assert(p); - /* If the client didn't do EDNS, clamp the rcode to 4 bit */ - if (!add_opt && rcode > 0xF) - rcode = DNS_RCODE_SERVFAIL; + if (!add_opt) { + /* If the client can't to EDNS0, don't do DO either */ + edns0_do = false; + + /* If the client didn't do EDNS, clamp the rcode to 4 bit */ + if (rcode > 0xF) + rcode = DNS_RCODE_SERVFAIL; + } + + /* Don't set the AD bit unless DO is on, too */ + if (!edns0_do) + ad = false; DNS_PACKET_HEADER(p)->id = id; @@ -214,7 +223,7 @@ static void dns_stub_query_complete(DnsQuery *q) { q->answer_rcode, !!q->request_dns_packet->opt, DNS_PACKET_DO(q->request_dns_packet), - DNS_PACKET_DO(q->request_dns_packet) && dns_query_fully_authenticated(q)); + dns_query_fully_authenticated(q)); if (r < 0) { log_debug_errno(r, "Failed to finish reply packet: %m"); break; |