summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/nss-resolve/nss-resolve.c19
-rw-r--r--src/resolve/resolved-dns-server.c5
2 files changed, 14 insertions, 10 deletions
diff --git a/src/nss-resolve/nss-resolve.c b/src/nss-resolve/nss-resolve.c
index eea91e3e88..d46a3afe91 100644
--- a/src/nss-resolve/nss-resolve.c
+++ b/src/nss-resolve/nss-resolve.c
@@ -121,6 +121,7 @@ enum nss_status _nss_resolve_gethostbyname4_r(
_cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
struct gaih_addrtuple *r_tuple, *r_tuple_first = NULL;
_cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
+ enum nss_status ret = NSS_STATUS_UNAVAIL;
const char *canonical = NULL;
size_t l, ms, idx;
char *r_name;
@@ -167,6 +168,10 @@ enum nss_status _nss_resolve_gethostbyname4_r(
if (bus_error_shall_fallback(&error))
goto fallback;
+ /* Treat all other error conditions as NOTFOUND, and fail. This includes DNSSEC errors and
+ suchlike. (We don't use UNAVAIL in this case so that the nsswitch.conf configuration can distuingish
+ such executed but negative replies from complete failure to talk to resolved. */
+ ret = NSS_STATUS_NOTFOUND;
goto fail;
}
@@ -279,12 +284,9 @@ fallback:
}
fail:
- /* When we arrive here, resolved runs and has answered (fallback to
- * "dns" is handled earlier). So we have a definitive "no" answer and
- * should not fall back to subsequent NSS modules via "UNAVAIL". */
*errnop = -r;
*h_errnop = NO_RECOVERY;
- return NSS_STATUS_NOTFOUND;
+ return ret;
}
enum nss_status _nss_resolve_gethostbyname3_r(
@@ -300,6 +302,7 @@ enum nss_status _nss_resolve_gethostbyname3_r(
_cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
char *r_name, *r_aliases, *r_addr, *r_addr_list;
_cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
+ enum nss_status ret = NSS_STATUS_UNAVAIL;
size_t l, idx, ms, alen;
const char *canonical;
int c, r, i = 0;
@@ -353,6 +356,7 @@ enum nss_status _nss_resolve_gethostbyname3_r(
if (bus_error_shall_fallback(&error))
goto fallback;
+ ret = NSS_STATUS_NOTFOUND;
goto fail;
}
@@ -479,7 +483,7 @@ fallback:
fail:
*errnop = -r;
*h_errnop = NO_RECOVERY;
- return NSS_STATUS_NOTFOUND;
+ return ret;
}
enum nss_status _nss_resolve_gethostbyaddr2_r(
@@ -494,6 +498,7 @@ enum nss_status _nss_resolve_gethostbyaddr2_r(
_cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
char *r_name, *r_aliases, *r_addr, *r_addr_list;
_cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
+ enum nss_status ret = NSS_STATUS_UNAVAIL;
unsigned c = 0, i = 0;
size_t ms = 0, idx;
const char *n;
@@ -560,7 +565,7 @@ enum nss_status _nss_resolve_gethostbyaddr2_r(
if (bus_error_shall_fallback(&error))
goto fallback;
-
+ ret = NSS_STATUS_NOTFOUND;
goto fail;
}
@@ -669,7 +674,7 @@ fallback:
fail:
*errnop = -r;
*h_errnop = NO_RECOVERY;
- return NSS_STATUS_NOTFOUND;
+ return ret;
}
NSS_GETHOSTBYNAME_FALLBACKS(resolve);
diff --git a/src/resolve/resolved-dns-server.c b/src/resolve/resolved-dns-server.c
index 7282848e35..22c64e8491 100644
--- a/src/resolve/resolved-dns-server.c
+++ b/src/resolve/resolved-dns-server.c
@@ -575,8 +575,7 @@ void dns_server_warn_downgrade(DnsServer *server) {
server->warned_downgrade = true;
}
-bool dns_server_limited_domains(DnsServer *server)
-{
+bool dns_server_limited_domains(DnsServer *server) {
DnsSearchDomain *domain;
bool domain_restricted = false;
@@ -589,7 +588,7 @@ bool dns_server_limited_domains(DnsServer *server)
if (domain->route_only) {
domain_restricted = true;
/* ~. means "any domain", thus it is a global server */
- if (streq(DNS_SEARCH_DOMAIN_NAME(domain), "."))
+ if (dns_name_is_root(DNS_SEARCH_DOMAIN_NAME(domain)))
return false;
}