resolved: refuse doing queries for known-obsolete RR types
Given how fragile DNS servers are with some DNS types, and given that we really should avoid confusing them with known-weird lookups, refuse doing lookups for known-obsolete RR types.
This commit is contained in:
parent
274b874830
commit
d0129ddb9f
|
@ -124,6 +124,33 @@ bool dns_type_is_dnssec(uint16_t type) {
|
|||
DNS_TYPE_NSEC3PARAM);
|
||||
}
|
||||
|
||||
bool dns_type_is_obsolete(uint16_t type) {
|
||||
return IN_SET(type,
|
||||
/* Obsoleted by RFC 973 */
|
||||
DNS_TYPE_MD,
|
||||
DNS_TYPE_MF,
|
||||
DNS_TYPE_MAILA,
|
||||
|
||||
/* Kinda obsoleted by RFC 2505 */
|
||||
DNS_TYPE_MB,
|
||||
DNS_TYPE_MG,
|
||||
DNS_TYPE_MR,
|
||||
DNS_TYPE_MINFO,
|
||||
DNS_TYPE_MAILB,
|
||||
|
||||
/* RFC1127 kinda obsoleted this by recommending against its use */
|
||||
DNS_TYPE_WKS,
|
||||
|
||||
/* Declared historical by RFC 6563 */
|
||||
DNS_TYPE_A6,
|
||||
|
||||
/* Obsoleted by DNSSEC-bis */
|
||||
DNS_TYPE_NXT,
|
||||
|
||||
/* RFC 1035 removed support for concepts that needed this from RFC 883 */
|
||||
DNS_TYPE_NULL);
|
||||
}
|
||||
|
||||
const char *dns_class_to_string(uint16_t class) {
|
||||
|
||||
switch (class) {
|
||||
|
|
|
@ -130,6 +130,7 @@ bool dns_type_is_valid_query(uint16_t type);
|
|||
bool dns_type_is_valid_rr(uint16_t type);
|
||||
bool dns_type_may_redirect(uint16_t type);
|
||||
bool dns_type_is_dnssec(uint16_t type);
|
||||
bool dns_type_is_obsolete(uint16_t type);
|
||||
|
||||
bool dns_class_is_pseudo(uint16_t class);
|
||||
bool dns_class_is_valid_rr(uint16_t class);
|
||||
|
|
|
@ -563,6 +563,8 @@ static int bus_method_resolve_record(sd_bus_message *message, void *userdata, sd
|
|||
|
||||
if (!dns_type_is_valid_query(type))
|
||||
return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid RR type for query %" PRIu16, type);
|
||||
if (dns_type_is_obsolete(type))
|
||||
return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED, "Specified DNS RR type %" PRIu16 " is obsolete.", type);
|
||||
|
||||
r = check_ifindex_flags(ifindex, &flags, 0, error);
|
||||
if (r < 0)
|
||||
|
|
|
@ -138,6 +138,8 @@ int dns_transaction_new(DnsTransaction **ret, DnsScope *s, DnsResourceKey *key)
|
|||
/* Don't allow looking up invalid or pseudo RRs */
|
||||
if (!dns_type_is_valid_query(key->type))
|
||||
return -EINVAL;
|
||||
if (dns_type_is_obsolete(key->type))
|
||||
return -EOPNOTSUPP;
|
||||
|
||||
/* We only support the IN class */
|
||||
if (key->class != DNS_CLASS_IN && key->class != DNS_CLASS_ANY)
|
||||
|
|
Loading…
Reference in a new issue