From d746bb3eb25b73b5e8eef2295610284b3051d7b5 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Wed, 18 Nov 2015 15:33:37 +0100
Subject: [PATCH] resolved: shortcut lookups names in the local zone

Previously, we'd always generate a packet on the wire, even for names
that are within our local zone. Shortcut this, and always check the
local zone first. This should minimize generated traffic and improve
security.
---
 src/resolve/resolved-dns-transaction.c | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/src/resolve/resolved-dns-transaction.c b/src/resolve/resolved-dns-transaction.c
index 6545f6cd8a..37f47c47c0 100644
--- a/src/resolve/resolved-dns-transaction.c
+++ b/src/resolve/resolved-dns-transaction.c
@@ -626,6 +626,20 @@ int dns_transaction_go(DnsTransaction *t) {
         t->cached = dns_answer_unref(t->cached);
         t->cached_rcode = 0;
 
+        /* Check the zone, but obly if this transaction is not used
+         * for probing or verifying a zone item. */
+        if (set_isempty(t->zone_items)) {
+
+                r = dns_zone_lookup(&t->scope->zone, t->key, &t->cached, NULL, NULL);
+                if (r < 0)
+                        return r;
+                if (r > 0) {
+                        t->cached_rcode = DNS_RCODE_SUCCESS;
+                        dns_transaction_complete(t, DNS_TRANSACTION_SUCCESS);
+                        return 0;
+                }
+        }
+
         /* Check the cache, but only if this transaction is not used
          * for probing or verifying a zone item. */
         if (set_isempty(t->zone_items)) {