summaryrefslogtreecommitdiff
path: root/src/analyze
diff options
context:
space:
mode:
authorMartin Pitt <martin.pitt@ubuntu.com>2016-09-30 09:30:08 +0200
committerZbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>2016-09-30 09:30:08 +0200
commitb9fe94cad99968a58e169592d999306fd059eb14 (patch)
treed791e9c45716a8842338f0ec4ac3562b79dfc751 /src/analyze
parenta86b76753d7868c2d05f046f601bc7dc89fc2203 (diff)
resolved: don't query domain-limited DNS servers for other domains (#3621)
DNS servers which have route-only domains should only be used for the specified domains. Routing queries about other domains there is a privacy violation, prone to fail (as that DNS server was not meant to be used for other domains), and puts unnecessary load onto that server. Introduce a new helper function dns_server_limited_domains() that checks if the DNS server should only be used for some selected domains, i. e. has some route-only domains without "~.". Use that when determining whether to query it in the scope, and when writing resolv.conf. Extend the test_route_only_dns() case to ensure that the DNS server limited to ~company does not appear in resolv.conf. Add test_route_only_dns_all_domains() to ensure that a server that also has ~. does appear in resolv.conf as global name server. These reproduce #3420. Add a new test_resolved_domain_restricted_dns() test case that verifies that domain-limited DNS servers are only being used for those domains. This reproduces #3421. Clarify what a "routing domain" is in the manpage. Fixes #3420 Fixes #3421
Diffstat (limited to 'src/analyze')
0 files changed, 0 insertions, 0 deletions