From c33be4a6f229ed26407f19fbc463decb3d9b4cbc Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Thu, 10 Dec 2015 13:46:05 +0100 Subject: resolved: refuse to cache ANY kind of pseudo-RR-type --- src/resolve/dns-type.c | 2 +- src/resolve/resolved-dns-cache.c | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) (limited to 'src') diff --git a/src/resolve/dns-type.c b/src/resolve/dns-type.c index 393fee0356..8ce8a566f1 100644 --- a/src/resolve/dns-type.c +++ b/src/resolve/dns-type.c @@ -51,7 +51,7 @@ bool dns_type_is_pseudo(uint16_t type) { * but apparently entails all RR types that are not actually * stored as RRs on the server and should hence also not be * cached. We use this list primarily to validate NSEC type - * bitfields. */ + * bitfields, and to verify what to cache. */ return IN_SET(type, 0, /* A Pseudo RR type, according to RFC 2931 */ diff --git a/src/resolve/resolved-dns-cache.c b/src/resolve/resolved-dns-cache.c index 9ab44400bd..676fa08ffb 100644 --- a/src/resolve/resolved-dns-cache.c +++ b/src/resolve/resolved-dns-cache.c @@ -302,7 +302,7 @@ static int dns_cache_put_positive( if (rr->key->class == DNS_CLASS_ANY) return 0; - if (rr->key->type == DNS_TYPE_ANY) + if (dns_type_is_pseudo(rr->key->type)) return 0; /* Entry exists already? Update TTL and timestamp */ @@ -370,9 +370,9 @@ static int dns_cache_put_negative( if (key->class == DNS_CLASS_ANY) return 0; - if (key->type == DNS_TYPE_ANY) - /* This is particularly important to filter out as we use this as a - * pseudo-type for NXDOMAIN entries */ + if (dns_type_is_pseudo(key->type)) + /* ANY is particularly important to filter out as we + * use this as a pseudo-type for NXDOMAIN entries */ return 0; if (soa_ttl <= 0) { if (log_get_max_level() >= LOG_DEBUG) { -- cgit v1.2.3-54-g00ecf