resolved: when synthesizing NODATA from cached NSEC bitmaps, honour CNAME/DNAME

When an RR type is not set in an NSEC, then the CNAME/DNAME types might still be, hence check them too. Otherwise we might end up refusing resolving of CNAME'd RRs if we cached an NSEC before.
2015-12-03 21:03:00 +01:00 · 2015-12-03 21:03:00 +01:00 · 3ba27cd339
parent 2cd8727718
commit 3ba27cd339
1 changed files with 3 additions and 1 deletions
--- a/src/resolve/resolved-dns-cache.c
+++ b/src/resolve/resolved-dns-cache.c
@ -636,7 +636,9 @@ int dns_cache_lookup(DnsCache *c, DnsResourceKey *key, int *rcode, DnsAnswer **r
                *ret = NULL;
                *rcode = DNS_RCODE_SUCCESS;

-                return !bitmap_isset(nsec->nsec.types, key->type);
+                return !bitmap_isset(nsec->nsec.types, key->type) &&
+                       !bitmap_isset(nsec->nsec.types, DNS_TYPE_CNAME) &&
+                       !bitmap_isset(nsec->nsec.types, DNS_TYPE_DNAME);
        }

        log_debug("%s cache hit for %s",