diff options
author | Tom Gundersen <teg@jklm.no> | 2015-12-10 15:22:18 +0100 |
---|---|---|
committer | Tom Gundersen <teg@jklm.no> | 2015-12-10 15:22:18 +0100 |
commit | 553947b77c3232d5795cbb2cd1129e74cb11c86d (patch) | |
tree | d2d8d8fb86dd315cf80c03ac4e2c25b5c7b13d35 /src/resolve/resolved-dns-cache.c | |
parent | 312501458d119704e27e14ef59a18f612757421c (diff) | |
parent | c842ff2488456f503db365430592d02b8c251fa5 (diff) |
Merge pull request #2129 from poettering/dnssec3
Third DNSSEC patch series
Diffstat (limited to 'src/resolve/resolved-dns-cache.c')
-rw-r--r-- | src/resolve/resolved-dns-cache.c | 33 |
1 files changed, 4 insertions, 29 deletions
diff --git a/src/resolve/resolved-dns-cache.c b/src/resolve/resolved-dns-cache.c index 1774ae6cb8..4aacc268e2 100644 --- a/src/resolve/resolved-dns-cache.c +++ b/src/resolve/resolved-dns-cache.c @@ -473,15 +473,15 @@ int dns_cache_put( return 0; /* Third, add in negative entries if the key has no RR */ - r = dns_answer_contains(answer, key); + r = dns_answer_match_key(answer, key); if (r < 0) goto fail; if (r > 0) return 0; - /* See https://tools.ietf.org/html/rfc2308, which - * say that a matching SOA record in the packet - * is used to to enable negative caching. */ + /* See https://tools.ietf.org/html/rfc2308, which say that a + * matching SOA record in the packet is used to to enable + * negative caching. */ r = dns_answer_find_soa(answer, key, &soa); if (r < 0) @@ -489,31 +489,6 @@ int dns_cache_put( if (r == 0) return 0; - /* Also, if the requested key is an alias, the negative response should - be cached for each name in the redirect chain. Any CNAME record in - the response is from the redirection chain, though only the final one - is guaranteed to be included. This means that we cannot verify the - chain and that we need to cache them all as it may be incomplete. */ - for (i = 0; i < answer->n_rrs; i++) { - DnsResourceRecord *answer_rr = answer->items[i].rr; - - if (answer_rr->key->type == DNS_TYPE_CNAME) { - _cleanup_(dns_resource_key_unrefp) DnsResourceKey *canonical_key = NULL; - - canonical_key = dns_resource_key_new_redirect(key, answer_rr); - if (!canonical_key) - goto fail; - - /* Let's not add negative cache entries for records outside the current zone. */ - if (!dns_answer_match_soa(canonical_key, soa->key)) - continue; - - r = dns_cache_put_negative(c, canonical_key, rcode, authenticated, timestamp, MIN(soa->soa.minimum, soa->ttl), owner_family, owner_address); - if (r < 0) - goto fail; - } - } - r = dns_cache_put_negative(c, key, rcode, authenticated, timestamp, MIN(soa->soa.minimum, soa->ttl), owner_family, owner_address); if (r < 0) goto fail; |