Merge branch 'systemd/parabola' into notsystemd/premove

# Conflicts: # Makefile.amp
author: Luke Shumaker <lukeshu@sbcglobal.net> 2016-12-17 02:47:02 -0500
committer: Luke Shumaker <lukeshu@sbcglobal.net> 2016-12-17 02:47:02 -0500
commit: a4d083550a7273b895b44aac8d2ff7e2fdb1f7d5 (patch)
tree: 6f148433641f8c92d6f1eddcb2199a78dbd111a0 /src/resolve/resolved-resolv-conf.c
parent: b6d071f1df46eb841ba3f88cdb2b248eaf5f35f8 (diff)
parent: 86e9bb69ae74bd960e1fd427258f41d54240d6d1 (diff)
1 files changed, 10 insertions, 0 deletions
diff --git a/src/resolve/resolved-resolv-conf.c b/src/resolve/resolved-resolv-conf.c
index 31b25ca50f..801014caf5 100644
--- a/src/resolve/resolved-resolv-conf.c
+++ b/src/resolve/resolved-resolv-conf.c
@@ -154,6 +154,16 @@ static void write_resolv_conf_server(DnsServer *s, FILE *f, unsigned *count) {
                 return;
         }
 
+        /* Check if the DNS server is limited to particular domains;
+         * resolv.conf does not have a syntax to express that, so it must not
+         * appear as a global name server to avoid routing unrelated domains to
+         * it (which is a privacy violation, will most probably fail anyway,
+         * and adds unnecessary load) */
+        if (dns_server_limited_domains(s)) {
+                log_debug("DNS server %s has route-only domains, not using as global name server", dns_server_string(s));
+                return;
+        }
+
         if (*count == MAXNS)
                 fputs("# Too many DNS servers configured, the following entries may be ignored.\n", f);
         (*count)++;
author	Luke Shumaker <lukeshu@sbcglobal.net>	2016-12-17 02:47:02 -0500
committer	Luke Shumaker <lukeshu@sbcglobal.net>	2016-12-17 02:47:02 -0500
commit	a4d083550a7273b895b44aac8d2ff7e2fdb1f7d5 (patch)
tree	6f148433641f8c92d6f1eddcb2199a78dbd111a0 /src/resolve/resolved-resolv-conf.c
parent	b6d071f1df46eb841ba3f88cdb2b248eaf5f35f8 (diff)
parent	86e9bb69ae74bd960e1fd427258f41d54240d6d1 (diff)