resolved: rework how we allow allow queries to be dispatched to scopes - ~lukeshu/systemd - Unnamed repository; edit this file 'description' to name the repository.

diff options

author	Lennart Poettering <lennart@poettering.net>	2015-12-03 18:26:12 +0100
committer	Lennart Poettering <lennart@poettering.net>	2015-12-03 21:17:49 +0100
commit	28b9b7640603f88cb49f95609331fa5072715f15 (patch)
tree	783bf5e750679fbb00fba97858d3d665c2992fbf /src/resolve/resolved-dns-trust-anchor.h
parent	22f711bb6a1ca9ef20c1672a7fa077f5d3235d55 (diff)

resolved: rework how we allow allow queries to be dispatched to scopes

Previously, we'd never do any single-label or root domain lookups via DNS, thus leaving single-label lookups to LLMNR and the search path logic in order that single-label names don't leak too easily onto the internet. With this change we open things up a bit, and only prohibit A/AAAA lookups of single-label/root domains, but allow all other lookups. This should provide similar protection, but allow us to resolve DNSKEY+DS RRs for the top-level and root domains. (This also simplifies handling of the search domain detection, and gets rid of dns_scope_has_search_domains() in favour of dns_scope_get_search_domains()).

Diffstat (limited to 'src/resolve/resolved-dns-trust-anchor.h')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: