resolved: refuse doing queries for known-obsolete RR types

Given how fragile DNS servers are with some DNS types, and given that we really should avoid confusing them with known-weird lookups, refuse doing lookups for known-obsolete RR types.
2016-01-11 20:05:29 +01:00 · 2016-01-11 20:05:29 +01:00 · d0129ddb9f
parent 274b874830
commit d0129ddb9f
4 changed files with 32 additions and 0 deletions
--- a/src/resolve/dns-type.c
+++ b/src/resolve/dns-type.c
@ -124,6 +124,33 @@ bool dns_type_is_dnssec(uint16_t type) {
                      DNS_TYPE_NSEC3PARAM);
 }

+bool dns_type_is_obsolete(uint16_t type) {
+        return IN_SET(type,
+                      /* Obsoleted by RFC 973 */
+                      DNS_TYPE_MD,
+                      DNS_TYPE_MF,
+                      DNS_TYPE_MAILA,
+
+                      /* Kinda obsoleted by RFC 2505 */
+                      DNS_TYPE_MB,
+                      DNS_TYPE_MG,
+                      DNS_TYPE_MR,
+                      DNS_TYPE_MINFO,
+                      DNS_TYPE_MAILB,
+
+                      /* RFC1127 kinda obsoleted this by recommending against its use */
+                      DNS_TYPE_WKS,
+
+                      /* Declared historical by RFC 6563 */
+                      DNS_TYPE_A6,
+
+                      /* Obsoleted by DNSSEC-bis */
+                      DNS_TYPE_NXT,
+
+                      /* RFC 1035 removed support for concepts that needed this from RFC 883 */
+                      DNS_TYPE_NULL);
+}
+
 const char *dns_class_to_string(uint16_t class) {

        switch (class) {
--- a/src/resolve/dns-type.h
+++ b/src/resolve/dns-type.h
@ -130,6 +130,7 @@ bool dns_type_is_valid_query(uint16_t type);
 bool dns_type_is_valid_rr(uint16_t type);
 bool dns_type_may_redirect(uint16_t type);
 bool dns_type_is_dnssec(uint16_t type);
+bool dns_type_is_obsolete(uint16_t type);

 bool dns_class_is_pseudo(uint16_t class);
 bool dns_class_is_valid_rr(uint16_t class);
--- a/src/resolve/resolved-bus.c
+++ b/src/resolve/resolved-bus.c
@ -563,6 +563,8 @@ static int bus_method_resolve_record(sd_bus_message *message, void *userdata, sd

        if (!dns_type_is_valid_query(type))
                return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid RR type for query %" PRIu16, type);
+        if (dns_type_is_obsolete(type))
+                return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED, "Specified DNS RR type %" PRIu16 " is obsolete.", type);

        r = check_ifindex_flags(ifindex, &flags, 0, error);
        if (r < 0)
--- a/src/resolve/resolved-dns-transaction.c
+++ b/src/resolve/resolved-dns-transaction.c
@ -138,6 +138,8 @@ int dns_transaction_new(DnsTransaction **ret, DnsScope *s, DnsResourceKey *key)
        /* Don't allow looking up invalid or pseudo RRs */
        if (!dns_type_is_valid_query(key->type))
                return -EINVAL;
+        if (dns_type_is_obsolete(key->type))
+                return -EOPNOTSUPP;

        /* We only support the IN class */
        if (key->class != DNS_CLASS_IN && key->class != DNS_CLASS_ANY)