resolved: never cache RRs originating from localhost

After all, this is likely a local DNS forwarder that caches anyway,
hence there's no point in caching twice.

Fixes #2038.

2 files changed, 10 insertions, 1 deletions

diff --git a/src/resolve/resolved-dns-packet.h b/src/resolve/resolved-dns-packet.h
index 48df5dfc53..90b5a7c8bd 100644
--- a/src/resolve/resolved-dns-packet.h
+++ b/src/resolve/resolved-dns-packet.h
@@ -177,6 +177,14 @@ void dns_packet_rewind(DnsPacket *p, size_t idx);
 int dns_packet_skip_question(DnsPacket *p);
 int dns_packet_extract(DnsPacket *p);
 
+static inline bool DNS_PACKET_SHALL_CACHE(DnsPacket *p) {
+        /* Never cache data originating from localhost, under the
+         * assumption, that it's coming from a locally DNS forwarder
+         * or server, that is caching on its own. */
+
+        return in_addr_is_localhost(p->family, &p->sender) == 0;
+}
+
 enum {
         DNS_RCODE_SUCCESS = 0,
         DNS_RCODE_FORMERR = 1,
diff --git a/src/resolve/resolved-dns-transaction.c b/src/resolve/resolved-dns-transaction.c
index c65c9c9f49..8c4f23a4da 100644
--- a/src/resolve/resolved-dns-transaction.c
+++ b/src/resolve/resolved-dns-transaction.c
@@ -478,7 +478,8 @@ void dns_transaction_process_reply(DnsTransaction *t, DnsPacket *p) {
         }
 
         /* According to RFC 4795, section 2.9. only the RRs from the answer section shall be cached */
-        dns_cache_put(&t->scope->cache, t->key, DNS_PACKET_RCODE(p), p->answer, DNS_PACKET_ANCOUNT(p), 0, p->family, &p->sender);
+        if (DNS_PACKET_SHALL_CACHE(p))
+                dns_cache_put(&t->scope->cache, t->key, DNS_PACKET_RCODE(p), p->answer, DNS_PACKET_ANCOUNT(p), 0, p->family, &p->sender);
 
         if (DNS_PACKET_RCODE(p) == DNS_RCODE_SUCCESS)
                 dns_transaction_complete(t, DNS_TRANSACTION_SUCCESS);