picnoir/Systemd
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

resolved: split out a new dns_type_may_redirect() call

Browse source 
Let's abstract which RRs shall honour CNAMEs, and which ones should not.
This commit is contained in:
Lennart Poettering 2015-12-21 16:23:48 +01:00
parent 40667ebe74
commit d3c7e9139c
3 changed files with 21 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
src/resolve/dns-type.c
View file

@ -95,6 +95,25 @@ bool dns_class_is_valid_rr(uint16_t class) {
return class != DNS_CLASS_ANY;
}
bool dns_type_may_redirect(uint16_t type) {
/* The following record types should never be redirected using
* CNAME/DNAME RRs. See
* <https://tools.ietf.org/html/rfc4035#section-2.5>. */
if (dns_type_is_pseudo(type))
return false;
return !IN_SET(type,
DNS_TYPE_CNAME,
DNS_TYPE_DNAME,
DNS_TYPE_NSEC3,
DNS_TYPE_NSEC,
DNS_TYPE_RRSIG,
DNS_TYPE_NXT,
DNS_TYPE_SIG,
DNS_TYPE_KEY);
}
const char *dns_class_to_string(uint16_t class) {
switch (class) {

1
src/resolve/dns-type.h
View file

@ -128,6 +128,7 @@ enum {
bool dns_type_is_pseudo(uint16_t type);
bool dns_type_is_valid_query(uint16_t type);
bool dns_type_is_valid_rr(uint16_t type);
bool dns_type_may_redirect(uint16_t type);
bool dns_class_is_pseudo(uint16_t class);
bool dns_class_is_valid_rr(uint16_t class);

6
src/resolve/resolved-dns-cache.c
View file

@ -672,11 +672,7 @@ static DnsCacheItem *dns_cache_get_by_key_follow_cname_dname_nsec(DnsCache *c, D
if (i && i->type == DNS_CACHE_NXDOMAIN)
return i;
/* The following record types should never be redirected. See
* <https://tools.ietf.org/html/rfc4035#section-2.5>. */
if (!IN_SET(k->type, DNS_TYPE_CNAME, DNS_TYPE_DNAME,
DNS_TYPE_NSEC3, DNS_TYPE_NSEC, DNS_TYPE_RRSIG,
DNS_TYPE_NXT, DNS_TYPE_SIG, DNS_TYPE_KEY)) {
if (dns_type_may_redirect(k->type)) {
/* Check if we have a CNAME record instead */
i = hashmap_get(c->by_key, &DNS_RESOURCE_KEY_CONST(k->class, DNS_TYPE_CNAME, n));
if (i)