resolved: split out a new dns_type_may_redirect() call
Let's abstract which RRs shall honour CNAMEs, and which ones should not.
This commit is contained in:
parent
40667ebe74
commit
d3c7e9139c
|
@ -95,6 +95,25 @@ bool dns_class_is_valid_rr(uint16_t class) {
|
|||
return class != DNS_CLASS_ANY;
|
||||
}
|
||||
|
||||
bool dns_type_may_redirect(uint16_t type) {
|
||||
/* The following record types should never be redirected using
|
||||
* CNAME/DNAME RRs. See
|
||||
* <https://tools.ietf.org/html/rfc4035#section-2.5>. */
|
||||
|
||||
if (dns_type_is_pseudo(type))
|
||||
return false;
|
||||
|
||||
return !IN_SET(type,
|
||||
DNS_TYPE_CNAME,
|
||||
DNS_TYPE_DNAME,
|
||||
DNS_TYPE_NSEC3,
|
||||
DNS_TYPE_NSEC,
|
||||
DNS_TYPE_RRSIG,
|
||||
DNS_TYPE_NXT,
|
||||
DNS_TYPE_SIG,
|
||||
DNS_TYPE_KEY);
|
||||
}
|
||||
|
||||
const char *dns_class_to_string(uint16_t class) {
|
||||
|
||||
switch (class) {
|
||||
|
|
|
@ -128,6 +128,7 @@ enum {
|
|||
bool dns_type_is_pseudo(uint16_t type);
|
||||
bool dns_type_is_valid_query(uint16_t type);
|
||||
bool dns_type_is_valid_rr(uint16_t type);
|
||||
bool dns_type_may_redirect(uint16_t type);
|
||||
|
||||
bool dns_class_is_pseudo(uint16_t class);
|
||||
bool dns_class_is_valid_rr(uint16_t class);
|
||||
|
|
|
@ -672,11 +672,7 @@ static DnsCacheItem *dns_cache_get_by_key_follow_cname_dname_nsec(DnsCache *c, D
|
|||
if (i && i->type == DNS_CACHE_NXDOMAIN)
|
||||
return i;
|
||||
|
||||
/* The following record types should never be redirected. See
|
||||
* <https://tools.ietf.org/html/rfc4035#section-2.5>. */
|
||||
if (!IN_SET(k->type, DNS_TYPE_CNAME, DNS_TYPE_DNAME,
|
||||
DNS_TYPE_NSEC3, DNS_TYPE_NSEC, DNS_TYPE_RRSIG,
|
||||
DNS_TYPE_NXT, DNS_TYPE_SIG, DNS_TYPE_KEY)) {
|
||||
if (dns_type_may_redirect(k->type)) {
|
||||
/* Check if we have a CNAME record instead */
|
||||
i = hashmap_get(c->by_key, &DNS_RESOURCE_KEY_CONST(k->class, DNS_TYPE_CNAME, n));
|
||||
if (i)
|
||||
|
|
Loading…
Reference in a new issue