summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2015-08-14 13:21:28 +0200
committerLennart Poettering <lennart@poettering.net>2015-08-14 13:21:28 +0200
commit9b644bf921ca3b1f3967a794932c8e56636908db (patch)
tree52b037dd3bd61d9c6c55be7eba9968678f7a9810 /src
parent2a1037af15dfcfdaea5888fee310c357b8be199d (diff)
resolved: never allow routing of "localhost" queries to DNS or LLMNR
We should never allow leaking of "localhost" queries onto the network, even if there's an explicit domain rotue set for this.
Diffstat (limited to 'src')
-rw-r--r--src/resolve/resolved-dns-scope.c8
1 files changed, 4 insertions, 4 deletions
diff --git a/src/resolve/resolved-dns-scope.c b/src/resolve/resolved-dns-scope.c
index b8414da87e..57d9071dfc 100644
--- a/src/resolve/resolved-dns-scope.c
+++ b/src/resolve/resolved-dns-scope.c
@@ -325,10 +325,6 @@ DnsScopeMatch dns_scope_good_domain(DnsScope *s, int ifindex, uint64_t flags, co
if ((SD_RESOLVED_FLAGS_MAKE(s->protocol, s->family) & flags) == 0)
return DNS_SCOPE_NO;
- STRV_FOREACH(i, s->domains)
- if (dns_name_endswith(domain, *i) > 0)
- return DNS_SCOPE_YES;
-
if (dns_name_root(domain) != 0)
return DNS_SCOPE_NO;
@@ -340,6 +336,10 @@ DnsScopeMatch dns_scope_good_domain(DnsScope *s, int ifindex, uint64_t flags, co
dns_name_equal(domain, "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa") > 0)
return DNS_SCOPE_NO;
+ STRV_FOREACH(i, s->domains)
+ if (dns_name_endswith(domain, *i) > 0)
+ return DNS_SCOPE_YES;
+
if (s->protocol == DNS_PROTOCOL_DNS) {
if (dns_name_endswith(domain, "254.169.in-addr.arpa") == 0 &&
dns_name_endswith(domain, "0.8.e.f.ip6.arpa") == 0 &&