diff options
| author | Lennart Poettering <lennart@poettering.net> | 2016-01-08 17:10:49 +0100 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2016-01-11 19:40:00 +0100 |
| commit | 91adc4db33f69606aabd332813a5d7d5751c859f (patch) | |
| tree | ba1435ba438cb3148c1729c3aa20241db70eb6d2 /src/resolve/resolved-bus.c | |
| parent | 29ab055292924329ab0512ddb83846a53dd8e0ab (diff) | |
resolved: don't attempt to send queries for DNSSEC RR types to servers not supporting them
If we already degraded the feature level below DO don't bother with sending requests for DS, DNSKEY, RRSIG, NSEC, NSEC3
or NSEC3PARAM RRs. After all, we cannot do DNSSEC validation then anyway, and we better not press a legacy server like
this with such modern concepts.
This also has the benefit that when we try to validate a response we received using DNSSEC, and we detect a limited
server support level while doing so, all further auxiliary DNSSEC queries will fail right-away.
Diffstat (limited to 'src/resolve/resolved-bus.c')
| -rw-r--r-- | src/resolve/resolved-bus.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/src/resolve/resolved-bus.c b/src/resolve/resolved-bus.c index d7295ca39c..39ccf827d6 100644 --- a/src/resolve/resolved-bus.c +++ b/src/resolve/resolved-bus.c @@ -67,6 +67,9 @@ static int reply_query_state(DnsQuery *q) { case DNS_TRANSACTION_NO_TRUST_ANCHOR: return sd_bus_reply_method_errorf(q->request, BUS_ERROR_NO_TRUST_ANCHOR, "No suitable trust anchor known"); + case DNS_TRANSACTION_RR_TYPE_UNSUPPORTED: + return sd_bus_reply_method_errorf(q->request, BUS_ERROR_RR_TYPE_UNSUPPORTED, "Server does not support requested resource record type"); + case DNS_TRANSACTION_RCODE_FAILURE: { _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL; |