diff options
author | Daniel Mack <github@zonque.org> | 2015-07-29 12:44:22 +0200 |
---|---|---|
committer | Daniel Mack <github@zonque.org> | 2015-07-29 12:44:22 +0200 |
commit | 3512af1706e764a1610cfc185a95b6d955684d71 (patch) | |
tree | cdb8e4a859ccf9a8bfcaf755a202316ec81b0c31 /src | |
parent | 19a9bc49dfacf9824a94828d56b18b58701c135f (diff) | |
parent | 9436e8cae4709b50ed57f2f5858a3ffad03d5d32 (diff) |
Merge pull request #768 from poettering/resolved-localhost
resolved: never attempt to resolve loopback addresses via DNS/LLMNR/mDNS
Diffstat (limited to 'src')
-rw-r--r-- | src/resolve/resolved-dns-scope.c | 5 | ||||
-rw-r--r-- | src/test/test-dns-domain.c | 2 |
2 files changed, 7 insertions, 0 deletions
diff --git a/src/resolve/resolved-dns-scope.c b/src/resolve/resolved-dns-scope.c index 927a1ddc26..4bc4157028 100644 --- a/src/resolve/resolved-dns-scope.c +++ b/src/resolve/resolved-dns-scope.c @@ -313,6 +313,11 @@ DnsScopeMatch dns_scope_good_domain(DnsScope *s, int ifindex, uint64_t flags, co if (is_localhost(domain)) return DNS_SCOPE_NO; + /* Never resolve any loopback IP address via DNS, LLMNR or mDNS */ + if (dns_name_endswith(domain, "127.in-addr.arpa") > 0 || + dns_name_equal(domain, "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa") > 0) + return DNS_SCOPE_NO; + if (s->protocol == DNS_PROTOCOL_DNS) { if (dns_name_endswith(domain, "254.169.in-addr.arpa") == 0 && dns_name_endswith(domain, "0.8.e.f.ip6.arpa") == 0 && diff --git a/src/test/test-dns-domain.c b/src/test/test-dns-domain.c index 31e110cf0d..0042722c99 100644 --- a/src/test/test-dns-domain.c +++ b/src/test/test-dns-domain.c @@ -247,6 +247,8 @@ static void test_dns_name_reverse_one(const char *address, const char *name) { static void test_dns_name_reverse(void) { test_dns_name_reverse_one("47.11.8.15", "15.8.11.47.in-addr.arpa"); test_dns_name_reverse_one("fe80::47", "7.4.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa"); + test_dns_name_reverse_one("127.0.0.1", "1.0.0.127.in-addr.arpa"); + test_dns_name_reverse_one("::1", "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa"); } int main(int argc, char *argv[]) { |