From 28b9b7640603f88cb49f95609331fa5072715f15 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Thu, 3 Dec 2015 18:26:12 +0100 Subject: resolved: rework how we allow allow queries to be dispatched to scopes Previously, we'd never do any single-label or root domain lookups via DNS, thus leaving single-label lookups to LLMNR and the search path logic in order that single-label names don't leak too easily onto the internet. With this change we open things up a bit, and only prohibit A/AAAA lookups of single-label/root domains, but allow all other lookups. This should provide similar protection, but allow us to resolve DNSKEY+DS RRs for the top-level and root domains. (This also simplifies handling of the search domain detection, and gets rid of dns_scope_has_search_domains() in favour of dns_scope_get_search_domains()). --- src/resolve/resolved-dns-scope.h | 1 - 1 file changed, 1 deletion(-) (limited to 'src/resolve/resolved-dns-scope.h') diff --git a/src/resolve/resolved-dns-scope.h b/src/resolve/resolved-dns-scope.h index 0480f702f8..b816e90cf1 100644 --- a/src/resolve/resolved-dns-scope.h +++ b/src/resolve/resolved-dns-scope.h @@ -102,6 +102,5 @@ void dns_scope_check_conflicts(DnsScope *scope, DnsPacket *p); void dns_scope_dump(DnsScope *s, FILE *f); DnsSearchDomain *dns_scope_get_search_domains(DnsScope *s); -bool dns_scope_has_search_domains(DnsScope *s); bool dns_scope_name_needs_search_domain(DnsScope *s, const char *name); -- cgit v1.2.3-54-g00ecf