summaryrefslogtreecommitdiff
path: root/src/resolve
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2016-01-11 20:15:28 +0100
committerLennart Poettering <lennart@poettering.net>2016-01-11 20:15:28 +0100
commit04680e36a490fe9db1a5245ba9586efd8e8284dc (patch)
treec9bf7163c69eed0a83da0095cf32a3ae8c369fa3 /src/resolve
parentd0129ddb9fbb07bed7c8ea51b8031f824bf506fb (diff)
resolved: don#t allow explicit queries for RRSIG RRs
We wouldn't know how to validate them, since they are the signatures, and hence have no signatures.
Diffstat (limited to 'src/resolve')
-rw-r--r--src/resolve/dns-type.c8
1 files changed, 7 insertions, 1 deletions
diff --git a/src/resolve/dns-type.c b/src/resolve/dns-type.c
index 2522374c33..fb8228048d 100644
--- a/src/resolve/dns-type.c
+++ b/src/resolve/dns-type.c
@@ -77,7 +77,13 @@ bool dns_type_is_valid_query(uint16_t type) {
0,
DNS_TYPE_OPT,
DNS_TYPE_TSIG,
- DNS_TYPE_TKEY);
+ DNS_TYPE_TKEY,
+
+ /* RRSIG are technically valid as questions, but we refuse doing explicit queries for them, as
+ * they aren't really payload, but signatures for payload, and cannot be validated on their
+ * own. After all they are the signatures, and have no signatures of their own validating
+ * them. */
+ DNS_TYPE_RRSIG);
}
bool dns_type_is_valid_rr(uint16_t type) {