diff options
author | Lennart Poettering <lennart@poettering.net> | 2017-02-14 18:20:34 +0100 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2017-02-17 10:25:15 +0100 |
commit | ce7c8b20df36550ee7d30862b50afdea0d206907 (patch) | |
tree | c19eae6ecd93dc913f622d6764421ad5e101125a /src/resolve | |
parent | 97c2ea26456f21334ac164f330426dd518067f08 (diff) |
resolved: when the dns server feature level grace period elapses, flush caches
The cache might contain all kinds of unauthenticated data that we really
shouldn't be using if we upgrade our feature level and suddenly are able
to get authenticated data again.
Might fix: #4866
Diffstat (limited to 'src/resolve')
-rw-r--r-- | src/resolve/resolved-dns-server.c | 21 | ||||
-rw-r--r-- | src/resolve/resolved-dns-server.h | 2 |
2 files changed, 23 insertions, 0 deletions
diff --git a/src/resolve/resolved-dns-server.c b/src/resolve/resolved-dns-server.c index 072cbfca1a..9f81798f6e 100644 --- a/src/resolve/resolved-dns-server.c +++ b/src/resolve/resolved-dns-server.c @@ -415,6 +415,8 @@ DnsServerFeatureLevel dns_server_possible_feature_level(DnsServer *s) { dns_server_feature_level_to_string(s->possible_feature_level), dns_server_string(s)); + dns_server_flush_cache(s); + } else if (s->possible_feature_level <= s->verified_feature_level) s->possible_feature_level = s->verified_feature_level; else { @@ -792,6 +794,25 @@ DnssecMode dns_server_get_dnssec_mode(DnsServer *s) { return manager_get_dnssec_mode(s->manager); } +void dns_server_flush_cache(DnsServer *s) { + DnsServer *current; + DnsScope *scope; + + assert(s); + + /* Flush the cache of the scope this server belongs to */ + + current = s->link ? s->link->current_dns_server : s->manager->current_dns_server; + if (current != s) + return; + + scope = s->link ? s->link->unicast_scope : s->manager->unicast_scope; + if (!scope) + return; + + dns_cache_flush(&scope->cache); +} + static const char* const dns_server_type_table[_DNS_SERVER_TYPE_MAX] = { [DNS_SERVER_SYSTEM] = "system", [DNS_SERVER_FALLBACK] = "fallback", diff --git a/src/resolve/resolved-dns-server.h b/src/resolve/resolved-dns-server.h index 406282d864..bc95d53c6a 100644 --- a/src/resolve/resolved-dns-server.h +++ b/src/resolve/resolved-dns-server.h @@ -149,3 +149,5 @@ DnssecMode dns_server_get_dnssec_mode(DnsServer *s); DEFINE_TRIVIAL_CLEANUP_FUNC(DnsServer*, dns_server_unref); extern const struct hash_ops dns_server_hash_ops; + +void dns_server_flush_cache(DnsServer *s); |