summaryrefslogtreecommitdiff
path: root/src/resolve/resolved-dns-trust-anchor.c
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2015-12-03 18:26:12 +0100
committerLennart Poettering <lennart@poettering.net>2015-12-03 21:17:49 +0100
commit28b9b7640603f88cb49f95609331fa5072715f15 (patch)
tree783bf5e750679fbb00fba97858d3d665c2992fbf /src/resolve/resolved-dns-trust-anchor.c
parent22f711bb6a1ca9ef20c1672a7fa077f5d3235d55 (diff)
resolved: rework how we allow allow queries to be dispatched to scopes
Previously, we'd never do any single-label or root domain lookups via DNS, thus leaving single-label lookups to LLMNR and the search path logic in order that single-label names don't leak too easily onto the internet. With this change we open things up a bit, and only prohibit A/AAAA lookups of single-label/root domains, but allow all other lookups. This should provide similar protection, but allow us to resolve DNSKEY+DS RRs for the top-level and root domains. (This also simplifies handling of the search domain detection, and gets rid of dns_scope_has_search_domains() in favour of dns_scope_get_search_domains()).
Diffstat (limited to 'src/resolve/resolved-dns-trust-anchor.c')
0 files changed, 0 insertions, 0 deletions