resolved: when accepted a query candidate as final answer, propagate authentication bool even on failure

Let's make sure that if we accept a query candidate, then let's also propagate the authenticated flag for it, so that we can properly report back to the clients whether lookups failed due to non-existance that can be proven.
author: Lennart Poettering <lennart@poettering.net> 2017-02-15 15:29:05 +0100
committer: Lennart Poettering <lennart@poettering.net> 2017-02-17 10:25:15 +0100
commit: cbb1aabb99c5898213cc8d7d942785dcc442581d (patch)
tree: 032be56b1db9b712d74d35e11820699d7b182c20 /src/resolve
parent: 2b2d98c175f851b77706c4bee0deed99d36fa565 (diff)
1 files changed, 7 insertions, 3 deletions
diff --git a/src/resolve/resolved-dns-query.c b/src/resolve/resolved-dns-query.c
index c58845c3b6..0dfe9320b5 100644
--- a/src/resolve/resolved-dns-query.c
+++ b/src/resolve/resolved-dns-query.c
@@ -811,6 +811,7 @@ static void dns_query_accept(DnsQuery *q, DnsQueryCandidate *c) {
                 q->answer = dns_answer_unref(q->answer);
                 q->answer_rcode = 0;
                 q->answer_dnssec_result = _DNSSEC_RESULT_INVALID;
+                q->answer_authenticated = false;
                 q->answer_errno = c->error_code;
         }
 
@@ -847,15 +848,18 @@ static void dns_query_accept(DnsQuery *q, DnsQueryCandidate *c) {
                         continue;
 
                 default:
-                        /* Any kind of failure? Store the data away,
-                         * if there's nothing stored yet. */
-
+                        /* Any kind of failure? Store the data away, if there's nothing stored yet. */
                         if (state == DNS_TRANSACTION_SUCCESS)
                                 continue;
 
+                        /* If there's already an authenticated negative reply stored, then prefer that over any unauthenticated one */
+                        if (q->answer_authenticated && !t->answer_authenticated)
+                                continue;
+
                         q->answer = dns_answer_unref(q->answer);
                         q->answer_rcode = t->answer_rcode;
                         q->answer_dnssec_result = t->answer_dnssec_result;
+                        q->answer_authenticated = t->answer_authenticated;
                         q->answer_errno = t->answer_errno;
 
                         state = t->state;
author	Lennart Poettering <lennart@poettering.net>	2017-02-15 15:29:05 +0100
committer	Lennart Poettering <lennart@poettering.net>	2017-02-17 10:25:15 +0100
commit	cbb1aabb99c5898213cc8d7d942785dcc442581d (patch)
tree	032be56b1db9b712d74d35e11820699d7b182c20 /src/resolve
parent	2b2d98c175f851b77706c4bee0deed99d36fa565 (diff)