diff options
author | Martin Pitt <martin.pitt@ubuntu.com> | 2016-09-30 09:30:08 +0200 |
---|---|---|
committer | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2016-09-30 09:30:08 +0200 |
commit | b9fe94cad99968a58e169592d999306fd059eb14 (patch) | |
tree | d791e9c45716a8842338f0ec4ac3562b79dfc751 /src/escape | |
parent | a86b76753d7868c2d05f046f601bc7dc89fc2203 (diff) |
resolved: don't query domain-limited DNS servers for other domains (#3621)
DNS servers which have route-only domains should only be used for
the specified domains. Routing queries about other domains there is a privacy
violation, prone to fail (as that DNS server was not meant to be used for other
domains), and puts unnecessary load onto that server.
Introduce a new helper function dns_server_limited_domains() that checks if the
DNS server should only be used for some selected domains, i. e. has some
route-only domains without "~.". Use that when determining whether to query it
in the scope, and when writing resolv.conf.
Extend the test_route_only_dns() case to ensure that the DNS server limited to
~company does not appear in resolv.conf. Add test_route_only_dns_all_domains()
to ensure that a server that also has ~. does appear in resolv.conf as global
name server. These reproduce #3420.
Add a new test_resolved_domain_restricted_dns() test case that verifies that
domain-limited DNS servers are only being used for those domains. This
reproduces #3421.
Clarify what a "routing domain" is in the manpage.
Fixes #3420
Fixes #3421
Diffstat (limited to 'src/escape')
0 files changed, 0 insertions, 0 deletions