From d2f47562d5d834339ef3030e345a76a8c6f09c74 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Wed, 30 Jul 2014 01:46:27 +0200 Subject: resolved: only cache answer RRs, never additional or authoritative RRs of responses --- src/resolve/resolved-dns-query.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'src/resolve/resolved-dns-query.c') diff --git a/src/resolve/resolved-dns-query.c b/src/resolve/resolved-dns-query.c index 271b8fd9c9..8570251528 100644 --- a/src/resolve/resolved-dns-query.c +++ b/src/resolve/resolved-dns-query.c @@ -344,7 +344,8 @@ void dns_query_transaction_process_reply(DnsQueryTransaction *t, DnsPacket *p) { return; } - dns_cache_put(&t->scope->cache, p->question, DNS_PACKET_RCODE(p), p->answer, 0); + /* According to RFC 4795, section 2.9. only the RRs from the answer section shall be cached */ + dns_cache_put(&t->scope->cache, p->question, DNS_PACKET_RCODE(p), p->answer, DNS_PACKET_ANCOUNT(p), 0); if (DNS_PACKET_RCODE(p) == DNS_RCODE_SUCCESS) dns_query_transaction_complete(t, DNS_QUERY_SUCCESS); -- cgit v1.2.3-54-g00ecf