diff options
Diffstat (limited to 'src/resolve')
| -rw-r--r-- | src/resolve/resolved-dns-packet.h | 8 | ||||
| -rw-r--r-- | src/resolve/resolved-dns-transaction.c | 3 | ||||
| -rw-r--r-- | src/resolve/resolved-resolv-conf.c | 31 |
3 files changed, 29 insertions, 13 deletions
diff --git a/src/resolve/resolved-dns-packet.h b/src/resolve/resolved-dns-packet.h index 48df5dfc53..90b5a7c8bd 100644 --- a/src/resolve/resolved-dns-packet.h +++ b/src/resolve/resolved-dns-packet.h @@ -177,6 +177,14 @@ void dns_packet_rewind(DnsPacket *p, size_t idx); int dns_packet_skip_question(DnsPacket *p); int dns_packet_extract(DnsPacket *p); +static inline bool DNS_PACKET_SHALL_CACHE(DnsPacket *p) { + /* Never cache data originating from localhost, under the + * assumption, that it's coming from a locally DNS forwarder + * or server, that is caching on its own. */ + + return in_addr_is_localhost(p->family, &p->sender) == 0; +} + enum { DNS_RCODE_SUCCESS = 0, DNS_RCODE_FORMERR = 1, diff --git a/src/resolve/resolved-dns-transaction.c b/src/resolve/resolved-dns-transaction.c index c65c9c9f49..8c4f23a4da 100644 --- a/src/resolve/resolved-dns-transaction.c +++ b/src/resolve/resolved-dns-transaction.c @@ -478,7 +478,8 @@ void dns_transaction_process_reply(DnsTransaction *t, DnsPacket *p) { } /* According to RFC 4795, section 2.9. only the RRs from the answer section shall be cached */ - dns_cache_put(&t->scope->cache, t->key, DNS_PACKET_RCODE(p), p->answer, DNS_PACKET_ANCOUNT(p), 0, p->family, &p->sender); + if (DNS_PACKET_SHALL_CACHE(p)) + dns_cache_put(&t->scope->cache, t->key, DNS_PACKET_RCODE(p), p->answer, DNS_PACKET_ANCOUNT(p), 0, p->family, &p->sender); if (DNS_PACKET_RCODE(p) == DNS_RCODE_SUCCESS) dns_transaction_complete(t, DNS_TRANSACTION_SUCCESS); diff --git a/src/resolve/resolved-resolv-conf.c b/src/resolve/resolved-resolv-conf.c index 744969b745..956f380f3c 100644 --- a/src/resolve/resolved-resolv-conf.c +++ b/src/resolve/resolved-resolv-conf.c @@ -50,9 +50,9 @@ int manager_read_resolv_conf(Manager *m) { r = stat("/etc/resolv.conf", &st); if (r < 0) { if (errno == ENOENT) - r = 0; - else - r = log_warning_errno(errno, "Failed to stat /etc/resolv.conf: %m"); + return 0; + + r = log_warning_errno(errno, "Failed to stat /etc/resolv.conf: %m"); goto clear; } @@ -61,22 +61,18 @@ int manager_read_resolv_conf(Manager *m) { if (t == m->resolv_conf_mtime) return 0; - m->resolv_conf_mtime = t; - /* Is it symlinked to our own file? */ if (stat("/run/systemd/resolve/resolv.conf", &own) >= 0 && st.st_dev == own.st_dev && - st.st_ino == own.st_ino) { - r = 0; - goto clear; - } + st.st_ino == own.st_ino) + return 0; f = fopen("/etc/resolv.conf", "re"); if (!f) { if (errno == ENOENT) - r = 0; - else - r = log_warning_errno(errno, "Failed to open /etc/resolv.conf: %m"); + return 0; + + r = log_warning_errno(errno, "Failed to open /etc/resolv.conf: %m"); goto clear; } @@ -115,6 +111,8 @@ int manager_read_resolv_conf(Manager *m) { } } + m->resolv_conf_mtime = t; + /* Flush out all servers and search domains that are still * marked. Those are then ones that didn't appear in the new * /etc/resolv.conf */ @@ -131,6 +129,15 @@ int manager_read_resolv_conf(Manager *m) { * resolve VPN domains. */ manager_set_dns_server(m, m->dns_servers); + /* Unconditionally flush the cache when /etc/resolv.conf is + * modified, even if the data it contained was completely + * identical to the previous version we used. We do this + * because altering /etc/resolv.conf is typically done when + * the network configuration changes, and that should be + * enough to flush the global unicast DNS cache. */ + if (m->unicast_scope) + dns_cache_flush(&m->unicast_scope->cache); + return 0; clear: |