diff options
-rw-r--r-- | man/nss-myhostname.xml | 2 | ||||
-rw-r--r-- | man/nss-mymachines.xml | 2 | ||||
-rw-r--r-- | man/nss-resolve.xml | 2 | ||||
-rw-r--r-- | man/nss-systemd.xml | 2 | ||||
-rw-r--r-- | src/nss-resolve/nss-resolve.c | 19 | ||||
-rw-r--r-- | src/resolve/resolved-dns-server.c | 5 |
6 files changed, 18 insertions, 14 deletions
diff --git a/man/nss-myhostname.xml b/man/nss-myhostname.xml index b1daaba02b..c25476ecc8 100644 --- a/man/nss-myhostname.xml +++ b/man/nss-myhostname.xml @@ -110,7 +110,7 @@ group: compat mymachines systemd shadow: compat -hosts: files mymachines resolve <command>myhostname</command> +hosts: files mymachines resolve [!UNAVAIL=return] dns <command>myhostname</command> networks: files protocols: db files diff --git a/man/nss-mymachines.xml b/man/nss-mymachines.xml index a70119e256..00bcc53ec0 100644 --- a/man/nss-mymachines.xml +++ b/man/nss-mymachines.xml @@ -86,7 +86,7 @@ group: compat <command>mymachines</command> systemd shadow: compat -hosts: files <command>mymachines</command> resolve myhostname +hosts: files <command>mymachines</command> resolve [!UNAVAIL=return] dns myhostname networks: files protocols: db files diff --git a/man/nss-resolve.xml b/man/nss-resolve.xml index d66e8ba521..9f24f65019 100644 --- a/man/nss-resolve.xml +++ b/man/nss-resolve.xml @@ -85,7 +85,7 @@ group: compat mymachines systemd shadow: compat -hosts: files mymachines <command>resolve [!UNAVAIL=return]</command> dns +hosts: files mymachines <command>resolve [!UNAVAIL=return]</command> dns myhostname networks: files protocols: db files diff --git a/man/nss-systemd.xml b/man/nss-systemd.xml index 56d26e7d1f..71aed4df83 100644 --- a/man/nss-systemd.xml +++ b/man/nss-systemd.xml @@ -83,7 +83,7 @@ group: compat mymachines <command>systemd</command> shadow: compat -hosts: files mymachines resolve myhostname +hosts: files mymachines resolve [!UNAVAIL=return] dns myhostname networks: files protocols: db files diff --git a/src/nss-resolve/nss-resolve.c b/src/nss-resolve/nss-resolve.c index eea91e3e88..d46a3afe91 100644 --- a/src/nss-resolve/nss-resolve.c +++ b/src/nss-resolve/nss-resolve.c @@ -121,6 +121,7 @@ enum nss_status _nss_resolve_gethostbyname4_r( _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL; struct gaih_addrtuple *r_tuple, *r_tuple_first = NULL; _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL; + enum nss_status ret = NSS_STATUS_UNAVAIL; const char *canonical = NULL; size_t l, ms, idx; char *r_name; @@ -167,6 +168,10 @@ enum nss_status _nss_resolve_gethostbyname4_r( if (bus_error_shall_fallback(&error)) goto fallback; + /* Treat all other error conditions as NOTFOUND, and fail. This includes DNSSEC errors and + suchlike. (We don't use UNAVAIL in this case so that the nsswitch.conf configuration can distuingish + such executed but negative replies from complete failure to talk to resolved. */ + ret = NSS_STATUS_NOTFOUND; goto fail; } @@ -279,12 +284,9 @@ fallback: } fail: - /* When we arrive here, resolved runs and has answered (fallback to - * "dns" is handled earlier). So we have a definitive "no" answer and - * should not fall back to subsequent NSS modules via "UNAVAIL". */ *errnop = -r; *h_errnop = NO_RECOVERY; - return NSS_STATUS_NOTFOUND; + return ret; } enum nss_status _nss_resolve_gethostbyname3_r( @@ -300,6 +302,7 @@ enum nss_status _nss_resolve_gethostbyname3_r( _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL; char *r_name, *r_aliases, *r_addr, *r_addr_list; _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL; + enum nss_status ret = NSS_STATUS_UNAVAIL; size_t l, idx, ms, alen; const char *canonical; int c, r, i = 0; @@ -353,6 +356,7 @@ enum nss_status _nss_resolve_gethostbyname3_r( if (bus_error_shall_fallback(&error)) goto fallback; + ret = NSS_STATUS_NOTFOUND; goto fail; } @@ -479,7 +483,7 @@ fallback: fail: *errnop = -r; *h_errnop = NO_RECOVERY; - return NSS_STATUS_NOTFOUND; + return ret; } enum nss_status _nss_resolve_gethostbyaddr2_r( @@ -494,6 +498,7 @@ enum nss_status _nss_resolve_gethostbyaddr2_r( _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL; char *r_name, *r_aliases, *r_addr, *r_addr_list; _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL; + enum nss_status ret = NSS_STATUS_UNAVAIL; unsigned c = 0, i = 0; size_t ms = 0, idx; const char *n; @@ -560,7 +565,7 @@ enum nss_status _nss_resolve_gethostbyaddr2_r( if (bus_error_shall_fallback(&error)) goto fallback; - + ret = NSS_STATUS_NOTFOUND; goto fail; } @@ -669,7 +674,7 @@ fallback: fail: *errnop = -r; *h_errnop = NO_RECOVERY; - return NSS_STATUS_NOTFOUND; + return ret; } NSS_GETHOSTBYNAME_FALLBACKS(resolve); diff --git a/src/resolve/resolved-dns-server.c b/src/resolve/resolved-dns-server.c index 7282848e35..22c64e8491 100644 --- a/src/resolve/resolved-dns-server.c +++ b/src/resolve/resolved-dns-server.c @@ -575,8 +575,7 @@ void dns_server_warn_downgrade(DnsServer *server) { server->warned_downgrade = true; } -bool dns_server_limited_domains(DnsServer *server) -{ +bool dns_server_limited_domains(DnsServer *server) { DnsSearchDomain *domain; bool domain_restricted = false; @@ -589,7 +588,7 @@ bool dns_server_limited_domains(DnsServer *server) if (domain->route_only) { domain_restricted = true; /* ~. means "any domain", thus it is a global server */ - if (streq(DNS_SEARCH_DOMAIN_NAME(domain), ".")) + if (dns_name_is_root(DNS_SEARCH_DOMAIN_NAME(domain))) return false; } |