summaryrefslogtreecommitdiff
path: root/src/resolve
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2017-02-14 18:20:34 +0100
committerLennart Poettering <lennart@poettering.net>2017-02-17 10:25:15 +0100
commitce7c8b20df36550ee7d30862b50afdea0d206907 (patch)
treec19eae6ecd93dc913f622d6764421ad5e101125a /src/resolve
parent97c2ea26456f21334ac164f330426dd518067f08 (diff)
resolved: when the dns server feature level grace period elapses, flush caches
The cache might contain all kinds of unauthenticated data that we really shouldn't be using if we upgrade our feature level and suddenly are able to get authenticated data again. Might fix: #4866
Diffstat (limited to 'src/resolve')
-rw-r--r--src/resolve/resolved-dns-server.c21
-rw-r--r--src/resolve/resolved-dns-server.h2
2 files changed, 23 insertions, 0 deletions
diff --git a/src/resolve/resolved-dns-server.c b/src/resolve/resolved-dns-server.c
index 072cbfca1a..9f81798f6e 100644
--- a/src/resolve/resolved-dns-server.c
+++ b/src/resolve/resolved-dns-server.c
@@ -415,6 +415,8 @@ DnsServerFeatureLevel dns_server_possible_feature_level(DnsServer *s) {
dns_server_feature_level_to_string(s->possible_feature_level),
dns_server_string(s));
+ dns_server_flush_cache(s);
+
} else if (s->possible_feature_level <= s->verified_feature_level)
s->possible_feature_level = s->verified_feature_level;
else {
@@ -792,6 +794,25 @@ DnssecMode dns_server_get_dnssec_mode(DnsServer *s) {
return manager_get_dnssec_mode(s->manager);
}
+void dns_server_flush_cache(DnsServer *s) {
+ DnsServer *current;
+ DnsScope *scope;
+
+ assert(s);
+
+ /* Flush the cache of the scope this server belongs to */
+
+ current = s->link ? s->link->current_dns_server : s->manager->current_dns_server;
+ if (current != s)
+ return;
+
+ scope = s->link ? s->link->unicast_scope : s->manager->unicast_scope;
+ if (!scope)
+ return;
+
+ dns_cache_flush(&scope->cache);
+}
+
static const char* const dns_server_type_table[_DNS_SERVER_TYPE_MAX] = {
[DNS_SERVER_SYSTEM] = "system",
[DNS_SERVER_FALLBACK] = "fallback",
diff --git a/src/resolve/resolved-dns-server.h b/src/resolve/resolved-dns-server.h
index 406282d864..bc95d53c6a 100644
--- a/src/resolve/resolved-dns-server.h
+++ b/src/resolve/resolved-dns-server.h
@@ -149,3 +149,5 @@ DnssecMode dns_server_get_dnssec_mode(DnsServer *s);
DEFINE_TRIVIAL_CLEANUP_FUNC(DnsServer*, dns_server_unref);
extern const struct hash_ops dns_server_hash_ops;
+
+void dns_server_flush_cache(DnsServer *s);