resolved: never attempt to resolve loopback addresses via DNS/LLMNR/mDNS

We already refuse to resolve "localhost", hence we should also refuse resolving "127.0.0.1" and friends.
author: Lennart Poettering <lennart@poettering.net> 2015-07-29 12:22:55 +0200
committer: Lennart Poettering <lennart@poettering.net> 2015-07-29 12:30:49 +0200
commit: 9436e8cae4709b50ed57f2f5858a3ffad03d5d32 (patch)
tree: d98c2cfdacfb07a66c59fe899205d35b9523c4a6 /src/resolve
parent: 87b46c575a14c133fbc408b56b0835f13a918b1d (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/src/resolve/resolved-dns-scope.c b/src/resolve/resolved-dns-scope.c
index 927a1ddc26..4bc4157028 100644
--- a/src/resolve/resolved-dns-scope.c
+++ b/src/resolve/resolved-dns-scope.c
@@ -313,6 +313,11 @@ DnsScopeMatch dns_scope_good_domain(DnsScope *s, int ifindex, uint64_t flags, co
         if (is_localhost(domain))
                 return DNS_SCOPE_NO;
 
+        /* Never resolve any loopback IP address via DNS, LLMNR or mDNS */
+        if (dns_name_endswith(domain, "127.in-addr.arpa") > 0 ||
+            dns_name_equal(domain, "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa") > 0)
+                return DNS_SCOPE_NO;
+
         if (s->protocol == DNS_PROTOCOL_DNS) {
                 if (dns_name_endswith(domain, "254.169.in-addr.arpa") == 0 &&
                     dns_name_endswith(domain, "0.8.e.f.ip6.arpa") == 0 &&
author	Lennart Poettering <lennart@poettering.net>	2015-07-29 12:22:55 +0200
committer	Lennart Poettering <lennart@poettering.net>	2015-07-29 12:30:49 +0200
commit	9436e8cae4709b50ed57f2f5858a3ffad03d5d32 (patch)
tree	d98c2cfdacfb07a66c59fe899205d35b9523c4a6 /src/resolve
parent	87b46c575a14c133fbc408b56b0835f13a918b1d (diff)