summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--man/nss-myhostname.xml2
-rw-r--r--man/nss-mymachines.xml2
-rw-r--r--man/nss-resolve.xml2
-rw-r--r--man/nss-systemd.xml2
-rw-r--r--src/nss-resolve/nss-resolve.c19
-rw-r--r--src/resolve/resolved-dns-server.c5
6 files changed, 18 insertions, 14 deletions
diff --git a/man/nss-myhostname.xml b/man/nss-myhostname.xml
index b1daaba02b..c25476ecc8 100644
--- a/man/nss-myhostname.xml
+++ b/man/nss-myhostname.xml
@@ -110,7 +110,7 @@
group: compat mymachines systemd
shadow: compat
-hosts: files mymachines resolve <command>myhostname</command>
+hosts: files mymachines resolve [!UNAVAIL=return] dns <command>myhostname</command>
networks: files
protocols: db files
diff --git a/man/nss-mymachines.xml b/man/nss-mymachines.xml
index a70119e256..00bcc53ec0 100644
--- a/man/nss-mymachines.xml
+++ b/man/nss-mymachines.xml
@@ -86,7 +86,7 @@
group: compat <command>mymachines</command> systemd
shadow: compat
-hosts: files <command>mymachines</command> resolve myhostname
+hosts: files <command>mymachines</command> resolve [!UNAVAIL=return] dns myhostname
networks: files
protocols: db files
diff --git a/man/nss-resolve.xml b/man/nss-resolve.xml
index d66e8ba521..9f24f65019 100644
--- a/man/nss-resolve.xml
+++ b/man/nss-resolve.xml
@@ -85,7 +85,7 @@
group: compat mymachines systemd
shadow: compat
-hosts: files mymachines <command>resolve [!UNAVAIL=return]</command> dns
+hosts: files mymachines <command>resolve [!UNAVAIL=return]</command> dns myhostname
networks: files
protocols: db files
diff --git a/man/nss-systemd.xml b/man/nss-systemd.xml
index 56d26e7d1f..71aed4df83 100644
--- a/man/nss-systemd.xml
+++ b/man/nss-systemd.xml
@@ -83,7 +83,7 @@
group: compat mymachines <command>systemd</command>
shadow: compat
-hosts: files mymachines resolve myhostname
+hosts: files mymachines resolve [!UNAVAIL=return] dns myhostname
networks: files
protocols: db files
diff --git a/src/nss-resolve/nss-resolve.c b/src/nss-resolve/nss-resolve.c
index eea91e3e88..d46a3afe91 100644
--- a/src/nss-resolve/nss-resolve.c
+++ b/src/nss-resolve/nss-resolve.c
@@ -121,6 +121,7 @@ enum nss_status _nss_resolve_gethostbyname4_r(
_cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
struct gaih_addrtuple *r_tuple, *r_tuple_first = NULL;
_cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
+ enum nss_status ret = NSS_STATUS_UNAVAIL;
const char *canonical = NULL;
size_t l, ms, idx;
char *r_name;
@@ -167,6 +168,10 @@ enum nss_status _nss_resolve_gethostbyname4_r(
if (bus_error_shall_fallback(&error))
goto fallback;
+ /* Treat all other error conditions as NOTFOUND, and fail. This includes DNSSEC errors and
+ suchlike. (We don't use UNAVAIL in this case so that the nsswitch.conf configuration can distuingish
+ such executed but negative replies from complete failure to talk to resolved. */
+ ret = NSS_STATUS_NOTFOUND;
goto fail;
}
@@ -279,12 +284,9 @@ fallback:
}
fail:
- /* When we arrive here, resolved runs and has answered (fallback to
- * "dns" is handled earlier). So we have a definitive "no" answer and
- * should not fall back to subsequent NSS modules via "UNAVAIL". */
*errnop = -r;
*h_errnop = NO_RECOVERY;
- return NSS_STATUS_NOTFOUND;
+ return ret;
}
enum nss_status _nss_resolve_gethostbyname3_r(
@@ -300,6 +302,7 @@ enum nss_status _nss_resolve_gethostbyname3_r(
_cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
char *r_name, *r_aliases, *r_addr, *r_addr_list;
_cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
+ enum nss_status ret = NSS_STATUS_UNAVAIL;
size_t l, idx, ms, alen;
const char *canonical;
int c, r, i = 0;
@@ -353,6 +356,7 @@ enum nss_status _nss_resolve_gethostbyname3_r(
if (bus_error_shall_fallback(&error))
goto fallback;
+ ret = NSS_STATUS_NOTFOUND;
goto fail;
}
@@ -479,7 +483,7 @@ fallback:
fail:
*errnop = -r;
*h_errnop = NO_RECOVERY;
- return NSS_STATUS_NOTFOUND;
+ return ret;
}
enum nss_status _nss_resolve_gethostbyaddr2_r(
@@ -494,6 +498,7 @@ enum nss_status _nss_resolve_gethostbyaddr2_r(
_cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
char *r_name, *r_aliases, *r_addr, *r_addr_list;
_cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
+ enum nss_status ret = NSS_STATUS_UNAVAIL;
unsigned c = 0, i = 0;
size_t ms = 0, idx;
const char *n;
@@ -560,7 +565,7 @@ enum nss_status _nss_resolve_gethostbyaddr2_r(
if (bus_error_shall_fallback(&error))
goto fallback;
-
+ ret = NSS_STATUS_NOTFOUND;
goto fail;
}
@@ -669,7 +674,7 @@ fallback:
fail:
*errnop = -r;
*h_errnop = NO_RECOVERY;
- return NSS_STATUS_NOTFOUND;
+ return ret;
}
NSS_GETHOSTBYNAME_FALLBACKS(resolve);
diff --git a/src/resolve/resolved-dns-server.c b/src/resolve/resolved-dns-server.c
index 7282848e35..22c64e8491 100644
--- a/src/resolve/resolved-dns-server.c
+++ b/src/resolve/resolved-dns-server.c
@@ -575,8 +575,7 @@ void dns_server_warn_downgrade(DnsServer *server) {
server->warned_downgrade = true;
}
-bool dns_server_limited_domains(DnsServer *server)
-{
+bool dns_server_limited_domains(DnsServer *server) {
DnsSearchDomain *domain;
bool domain_restricted = false;
@@ -589,7 +588,7 @@ bool dns_server_limited_domains(DnsServer *server)
if (domain->route_only) {
domain_restricted = true;
/* ~. means "any domain", thus it is a global server */
- if (streq(DNS_SEARCH_DOMAIN_NAME(domain), "."))
+ if (dns_name_is_root(DNS_SEARCH_DOMAIN_NAME(domain)))
return false;
}