From 3ba27cd339d2de53fa34c1ec7242da50a1c047b7 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Thu, 3 Dec 2015 21:03:00 +0100
Subject: resolved: when synthesizing NODATA from cached NSEC bitmaps, honour
 CNAME/DNAME

When an RR type is not set in an NSEC, then the CNAME/DNAME types might
still be, hence check them too.

Otherwise we might end up refusing resolving of CNAME'd RRs if we cached
an NSEC before.
---
 src/resolve/resolved-dns-cache.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'src/resolve/resolved-dns-cache.c')

diff --git a/src/resolve/resolved-dns-cache.c b/src/resolve/resolved-dns-cache.c
index 3abb0374b6..241187dd51 100644
--- a/src/resolve/resolved-dns-cache.c
+++ b/src/resolve/resolved-dns-cache.c
@@ -636,7 +636,9 @@ int dns_cache_lookup(DnsCache *c, DnsResourceKey *key, int *rcode, DnsAnswer **r
                 *ret = NULL;
                 *rcode = DNS_RCODE_SUCCESS;
 
-                return !bitmap_isset(nsec->nsec.types, key->type);
+                return !bitmap_isset(nsec->nsec.types, key->type) &&
+                       !bitmap_isset(nsec->nsec.types, DNS_TYPE_CNAME) &&
+                       !bitmap_isset(nsec->nsec.types, DNS_TYPE_DNAME);
         }
 
         log_debug("%s cache hit for %s",
-- 
cgit v1.2.3-54-g00ecf