resolved: refuse to cache ANY kind of pseudo-RR-type

2015-12-10 13:46:05 +01:00 · 2015-12-10 13:46:05 +01:00 · c33be4a6f2
parent 6728a58d10
commit c33be4a6f2
2 changed files with 5 additions and 5 deletions
--- a/src/resolve/dns-type.c
+++ b/src/resolve/dns-type.c
@ -51,7 +51,7 @@ bool dns_type_is_pseudo(uint16_t type) {
         * but apparently entails all RR types that are not actually
         * stored as RRs on the server and should hence also not be
         * cached. We use this list primarily to validate NSEC type
-         * bitfields. */
+         * bitfields, and to verify what to cache. */

        return IN_SET(type,
                      0, /* A Pseudo RR type, according to RFC 2931 */
--- a/src/resolve/resolved-dns-cache.c
+++ b/src/resolve/resolved-dns-cache.c
@ -302,7 +302,7 @@ static int dns_cache_put_positive(

        if (rr->key->class == DNS_CLASS_ANY)
                return 0;
-        if (rr->key->type == DNS_TYPE_ANY)
+        if (dns_type_is_pseudo(rr->key->type))
                return 0;

        /* Entry exists already? Update TTL and timestamp */
@ -370,9 +370,9 @@ static int dns_cache_put_negative(

        if (key->class == DNS_CLASS_ANY)
                return 0;
-        if (key->type == DNS_TYPE_ANY)
-                /* This is particularly important to filter out as we use this as a
-                 * pseudo-type for NXDOMAIN entries */
+        if (dns_type_is_pseudo(key->type))
+                /* ANY is particularly important to filter out as we
+                 * use this as a pseudo-type for NXDOMAIN entries */
                return 0;
        if (soa_ttl <= 0) {
                if (log_get_max_level() >= LOG_DEBUG) {