2 This file is part of systemd.
4 Copyright 2014 Lennart Poettering
6 systemd is free software; you can redistribute it and/or modify it
7 under the terms of the GNU Lesser General Public License as published by
8 the Free Software Foundation; either version 2.1 of the License, or
9 (at your option) any later version.
11 systemd is distributed in the hope that it will be useful, but
12 WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 Lesser General Public License for more details.
16 You should have received a copy of the GNU Lesser General Public License
17 along with systemd; If not, see <http://www.gnu.org/licenses/>.
20 #include "alloc-util.h"
21 #include "dns-domain.h"
23 #include "hostname-util.h"
24 #include "local-addresses.h"
25 #include "resolved-dns-query.h"
26 #include "resolved-dns-synthesize.h"
27 #include "resolved-etc-hosts.h"
28 #include "string-util.h"
30 /* How long to wait for the query in total */
31 #define QUERY_TIMEOUT_USEC (60 * USEC_PER_SEC)
34 #define QUERIES_MAX 2048
35 #define AUXILIARY_QUERIES_MAX 64
37 static int dns_query_candidate_new(DnsQueryCandidate
**ret
, DnsQuery
*q
, DnsScope
*s
) {
44 c
= new0(DnsQueryCandidate
, 1);
51 LIST_PREPEND(candidates_by_query
, q
->candidates
, c
);
52 LIST_PREPEND(candidates_by_scope
, s
->query_candidates
, c
);
58 static void dns_query_candidate_stop(DnsQueryCandidate
*c
) {
63 while ((t
= set_steal_first(c
->transactions
))) {
64 set_remove(t
->notify_query_candidates
, c
);
65 set_remove(t
->notify_query_candidates_done
, c
);
66 dns_transaction_gc(t
);
70 DnsQueryCandidate
* dns_query_candidate_free(DnsQueryCandidate
*c
) {
75 dns_query_candidate_stop(c
);
77 set_free(c
->transactions
);
78 dns_search_domain_unref(c
->search_domain
);
81 LIST_REMOVE(candidates_by_query
, c
->query
->candidates
, c
);
84 LIST_REMOVE(candidates_by_scope
, c
->scope
->query_candidates
, c
);
89 static int dns_query_candidate_next_search_domain(DnsQueryCandidate
*c
) {
90 DnsSearchDomain
*next
= NULL
;
94 if (c
->search_domain
&& c
->search_domain
->linked
)
95 next
= c
->search_domain
->domains_next
;
97 next
= dns_scope_get_search_domains(c
->scope
);
100 if (!next
) /* We hit the end of the list */
103 if (!next
->route_only
)
106 /* Skip over route-only domains */
107 next
= next
->domains_next
;
110 dns_search_domain_unref(c
->search_domain
);
111 c
->search_domain
= dns_search_domain_ref(next
);
116 static int dns_query_candidate_add_transaction(DnsQueryCandidate
*c
, DnsResourceKey
*key
) {
123 t
= dns_scope_find_transaction(c
->scope
, key
, true);
125 r
= dns_transaction_new(&t
, c
->scope
, key
);
129 if (set_contains(c
->transactions
, t
))
133 r
= set_ensure_allocated(&c
->transactions
, NULL
);
137 r
= set_ensure_allocated(&t
->notify_query_candidates
, NULL
);
141 r
= set_ensure_allocated(&t
->notify_query_candidates_done
, NULL
);
145 r
= set_put(t
->notify_query_candidates
, c
);
149 r
= set_put(c
->transactions
, t
);
151 (void) set_remove(t
->notify_query_candidates
, c
);
155 t
->clamp_ttl
= c
->query
->clamp_ttl
;
159 dns_transaction_gc(t
);
163 static int dns_query_candidate_go(DnsQueryCandidate
*c
) {
171 /* Start the transactions that are not started yet */
172 SET_FOREACH(t
, c
->transactions
, i
) {
173 if (t
->state
!= DNS_TRANSACTION_NULL
)
176 r
= dns_transaction_go(t
);
183 /* If there was nothing to start, then let's proceed immediately */
185 dns_query_candidate_notify(c
);
190 static DnsTransactionState
dns_query_candidate_state(DnsQueryCandidate
*c
) {
191 DnsTransactionState state
= DNS_TRANSACTION_NO_SERVERS
;
197 if (c
->error_code
!= 0)
198 return DNS_TRANSACTION_ERRNO
;
200 SET_FOREACH(t
, c
->transactions
, i
) {
204 case DNS_TRANSACTION_NULL
:
205 /* If there's a NULL transaction pending, then
206 * this means not all transactions where
207 * started yet, and we were called from within
208 * the stackframe that is supposed to start
209 * remaining transactions. In this case,
210 * simply claim the candidate is pending. */
212 case DNS_TRANSACTION_PENDING
:
213 case DNS_TRANSACTION_VALIDATING
:
214 /* If there's one transaction currently in
215 * VALIDATING state, then this means there's
216 * also one in PENDING state, hence we can
217 * return PENDING immediately. */
218 return DNS_TRANSACTION_PENDING
;
220 case DNS_TRANSACTION_SUCCESS
:
225 if (state
!= DNS_TRANSACTION_SUCCESS
)
235 static bool dns_query_candidate_is_routable(DnsQueryCandidate
*c
, uint16_t type
) {
240 /* Checks whether the specified RR type matches an address family that is routable on the link(s) the scope of
241 * this candidate belongs to. Specifically, whether there's a routable IPv4 address on it if we query an A RR,
242 * or a routable IPv6 address if we query an AAAA RR. */
244 if (!c
->query
->suppress_unroutable_family
)
247 if (c
->scope
->protocol
!= DNS_PROTOCOL_DNS
)
250 family
= dns_type_to_af(type
);
255 return link_relevant(c
->scope
->link
, family
, false);
257 return manager_routable(c
->scope
->manager
, family
);
260 static int dns_query_candidate_setup_transactions(DnsQueryCandidate
*c
) {
261 DnsQuestion
*question
;
267 dns_query_candidate_stop(c
);
269 question
= dns_query_question_for_protocol(c
->query
, c
->scope
->protocol
);
271 /* Create one transaction per question key */
272 DNS_QUESTION_FOREACH(key
, question
) {
273 _cleanup_(dns_resource_key_unrefp
) DnsResourceKey
*new_key
= NULL
;
274 DnsResourceKey
*qkey
;
276 if (!dns_query_candidate_is_routable(c
, key
->type
))
279 if (c
->search_domain
) {
280 r
= dns_resource_key_new_append_suffix(&new_key
, key
, c
->search_domain
->name
);
288 if (!dns_scope_good_key(c
->scope
, qkey
))
291 r
= dns_query_candidate_add_transaction(c
, qkey
);
301 dns_query_candidate_stop(c
);
305 void dns_query_candidate_notify(DnsQueryCandidate
*c
) {
306 DnsTransactionState state
;
311 state
= dns_query_candidate_state(c
);
313 if (DNS_TRANSACTION_IS_LIVE(state
))
316 if (state
!= DNS_TRANSACTION_SUCCESS
&& c
->search_domain
) {
318 r
= dns_query_candidate_next_search_domain(c
);
323 /* OK, there's another search domain to try, let's do so. */
325 r
= dns_query_candidate_setup_transactions(c
);
330 /* New transactions where queued. Start them and wait */
332 r
= dns_query_candidate_go(c
);
342 dns_query_ready(c
->query
);
346 log_warning_errno(r
, "Failed to follow search domains: %m");
348 dns_query_ready(c
->query
);
351 static void dns_query_stop(DnsQuery
*q
) {
352 DnsQueryCandidate
*c
;
356 q
->timeout_event_source
= sd_event_source_unref(q
->timeout_event_source
);
358 LIST_FOREACH(candidates_by_query
, c
, q
->candidates
)
359 dns_query_candidate_stop(c
);
362 static void dns_query_free_candidates(DnsQuery
*q
) {
365 while (q
->candidates
)
366 dns_query_candidate_free(q
->candidates
);
369 static void dns_query_reset_answer(DnsQuery
*q
) {
372 q
->answer
= dns_answer_unref(q
->answer
);
374 q
->answer_dnssec_result
= _DNSSEC_RESULT_INVALID
;
376 q
->answer_authenticated
= false;
377 q
->answer_protocol
= _DNS_PROTOCOL_INVALID
;
378 q
->answer_family
= AF_UNSPEC
;
379 q
->answer_search_domain
= dns_search_domain_unref(q
->answer_search_domain
);
382 DnsQuery
*dns_query_free(DnsQuery
*q
) {
386 while (q
->auxiliary_queries
)
387 dns_query_free(q
->auxiliary_queries
);
389 if (q
->auxiliary_for
) {
390 assert(q
->auxiliary_for
->n_auxiliary_queries
> 0);
391 q
->auxiliary_for
->n_auxiliary_queries
--;
392 LIST_REMOVE(auxiliary_queries
, q
->auxiliary_for
->auxiliary_queries
, q
);
395 dns_query_free_candidates(q
);
397 dns_question_unref(q
->question_idna
);
398 dns_question_unref(q
->question_utf8
);
400 dns_query_reset_answer(q
);
402 sd_bus_message_unref(q
->request
);
403 sd_bus_track_unref(q
->bus_track
);
405 dns_packet_unref(q
->request_dns_packet
);
406 dns_packet_unref(q
->reply_dns_packet
);
408 if (q
->request_dns_stream
) {
409 /* Detach the stream from our query, in case something else keeps a reference to it. */
410 q
->request_dns_stream
->complete
= NULL
;
411 q
->request_dns_stream
->on_packet
= NULL
;
412 q
->request_dns_stream
->query
= NULL
;
413 dns_stream_unref(q
->request_dns_stream
);
416 free(q
->request_address_string
);
419 LIST_REMOVE(queries
, q
->manager
->dns_queries
, q
);
420 q
->manager
->n_dns_queries
--;
429 DnsQuestion
*question_utf8
,
430 DnsQuestion
*question_idna
,
434 _cleanup_(dns_query_freep
) DnsQuery
*q
= NULL
;
438 char key_str
[DNS_RESOURCE_KEY_STRING_MAX
];
442 if (dns_question_size(question_utf8
) > 0) {
443 r
= dns_question_is_valid_for_query(question_utf8
);
452 /* If the IDNA and UTF8 questions are the same, merge their references */
453 r
= dns_question_is_equal(question_idna
, question_utf8
);
457 question_idna
= question_utf8
;
459 if (dns_question_size(question_idna
) > 0) {
460 r
= dns_question_is_valid_for_query(question_idna
);
470 if (!good
) /* don't allow empty queries */
473 if (m
->n_dns_queries
>= QUERIES_MAX
)
476 q
= new0(DnsQuery
, 1);
480 q
->question_utf8
= dns_question_ref(question_utf8
);
481 q
->question_idna
= dns_question_ref(question_idna
);
482 q
->ifindex
= ifindex
;
484 q
->answer_dnssec_result
= _DNSSEC_RESULT_INVALID
;
485 q
->answer_protocol
= _DNS_PROTOCOL_INVALID
;
486 q
->answer_family
= AF_UNSPEC
;
488 /* First dump UTF8 question */
489 DNS_QUESTION_FOREACH(key
, question_utf8
)
490 log_debug("Looking up RR for %s.",
491 dns_resource_key_to_string(key
, key_str
, sizeof key_str
));
493 /* And then dump the IDNA question, but only what hasn't been dumped already through the UTF8 question. */
494 DNS_QUESTION_FOREACH(key
, question_idna
) {
495 r
= dns_question_contains(question_utf8
, key
);
501 log_debug("Looking up IDNA RR for %s.",
502 dns_resource_key_to_string(key
, key_str
, sizeof key_str
));
505 LIST_PREPEND(queries
, m
->dns_queries
, q
);
516 int dns_query_make_auxiliary(DnsQuery
*q
, DnsQuery
*auxiliary_for
) {
518 assert(auxiliary_for
);
520 /* Ensure that the query is not auxiliary yet, and
521 * nothing else is auxiliary to it either */
522 assert(!q
->auxiliary_for
);
523 assert(!q
->auxiliary_queries
);
525 /* Ensure that the unit we shall be made auxiliary for isn't
526 * auxiliary itself */
527 assert(!auxiliary_for
->auxiliary_for
);
529 if (auxiliary_for
->n_auxiliary_queries
>= AUXILIARY_QUERIES_MAX
)
532 LIST_PREPEND(auxiliary_queries
, auxiliary_for
->auxiliary_queries
, q
);
533 q
->auxiliary_for
= auxiliary_for
;
535 auxiliary_for
->n_auxiliary_queries
++;
539 static void dns_query_complete(DnsQuery
*q
, DnsTransactionState state
) {
541 assert(!DNS_TRANSACTION_IS_LIVE(state
));
542 assert(DNS_TRANSACTION_IS_LIVE(q
->state
));
544 /* Note that this call might invalidate the query. Callers
545 * should hence not attempt to access the query or transaction
546 * after calling this function. */
555 static int on_query_timeout(sd_event_source
*s
, usec_t usec
, void *userdata
) {
556 DnsQuery
*q
= userdata
;
561 dns_query_complete(q
, DNS_TRANSACTION_TIMEOUT
);
565 static int dns_query_add_candidate(DnsQuery
*q
, DnsScope
*s
) {
566 DnsQueryCandidate
*c
;
572 r
= dns_query_candidate_new(&c
, q
, s
);
576 /* If this a single-label domain on DNS, we might append a suitable search domain first. */
577 if ((q
->flags
& SD_RESOLVED_NO_SEARCH
) == 0) {
578 r
= dns_scope_name_needs_search_domain(s
, dns_question_first_name(q
->question_idna
));
582 /* OK, we need a search domain now. Let's find one for this scope */
584 r
= dns_query_candidate_next_search_domain(c
);
585 if (r
<= 0) /* if there's no search domain, then we won't add any transaction. */
590 r
= dns_query_candidate_setup_transactions(c
);
597 dns_query_candidate_free(c
);
601 static int dns_query_synthesize_reply(DnsQuery
*q
, DnsTransactionState
*state
) {
602 _cleanup_(dns_answer_unrefp
) DnsAnswer
*answer
= NULL
;
608 /* Tries to synthesize localhost RR replies (and others) where appropriate. Note that this is done *after* the
609 * the normal lookup finished. The data from the network hence takes precedence over the data we
610 * synthesize. (But note that many scopes refuse to resolve certain domain names) */
613 DNS_TRANSACTION_RCODE_FAILURE
,
614 DNS_TRANSACTION_NO_SERVERS
,
615 DNS_TRANSACTION_TIMEOUT
,
616 DNS_TRANSACTION_ATTEMPTS_MAX_REACHED
,
617 DNS_TRANSACTION_NETWORK_DOWN
,
618 DNS_TRANSACTION_NOT_FOUND
))
621 r
= dns_synthesize_answer(
627 /* If we get ENXIO this tells us to generate NXDOMAIN unconditionally. */
629 dns_query_reset_answer(q
);
630 q
->answer_rcode
= DNS_RCODE_NXDOMAIN
;
631 q
->answer_protocol
= dns_synthesize_protocol(q
->flags
);
632 q
->answer_family
= dns_synthesize_family(q
->flags
);
633 q
->answer_authenticated
= true;
634 *state
= DNS_TRANSACTION_RCODE_FAILURE
;
641 dns_query_reset_answer(q
);
645 q
->answer_rcode
= DNS_RCODE_SUCCESS
;
646 q
->answer_protocol
= dns_synthesize_protocol(q
->flags
);
647 q
->answer_family
= dns_synthesize_family(q
->flags
);
648 q
->answer_authenticated
= true;
650 *state
= DNS_TRANSACTION_SUCCESS
;
655 static int dns_query_try_etc_hosts(DnsQuery
*q
) {
656 _cleanup_(dns_answer_unrefp
) DnsAnswer
*answer
= NULL
;
661 /* Looks in /etc/hosts for matching entries. Note that this is done *before* the normal lookup is done. The
662 * data from /etc/hosts hence takes precedence over the network. */
664 r
= manager_etc_hosts_lookup(
671 dns_query_reset_answer(q
);
675 q
->answer_rcode
= DNS_RCODE_SUCCESS
;
676 q
->answer_protocol
= dns_synthesize_protocol(q
->flags
);
677 q
->answer_family
= dns_synthesize_family(q
->flags
);
678 q
->answer_authenticated
= true;
683 int dns_query_go(DnsQuery
*q
) {
684 DnsScopeMatch found
= DNS_SCOPE_NO
;
685 DnsScope
*s
, *first
= NULL
;
686 DnsQueryCandidate
*c
;
691 if (q
->state
!= DNS_TRANSACTION_NULL
)
694 r
= dns_query_try_etc_hosts(q
);
698 dns_query_complete(q
, DNS_TRANSACTION_SUCCESS
);
702 LIST_FOREACH(scopes
, s
, q
->manager
->dns_scopes
) {
706 name
= dns_question_first_name(dns_query_question_for_protocol(q
, s
->protocol
));
710 match
= dns_scope_good_domain(s
, q
->ifindex
, q
->flags
, name
);
714 if (match
== DNS_SCOPE_NO
)
719 if (match
== DNS_SCOPE_YES
) {
723 assert(match
== DNS_SCOPE_MAYBE
);
730 if (found
== DNS_SCOPE_NO
) {
731 DnsTransactionState state
= DNS_TRANSACTION_NO_SERVERS
;
733 r
= dns_query_synthesize_reply(q
, &state
);
737 dns_query_complete(q
, state
);
741 r
= dns_query_add_candidate(q
, first
);
745 LIST_FOREACH(scopes
, s
, first
->scopes_next
) {
749 name
= dns_question_first_name(dns_query_question_for_protocol(q
, s
->protocol
));
753 match
= dns_scope_good_domain(s
, q
->ifindex
, q
->flags
, name
);
760 r
= dns_query_add_candidate(q
, s
);
765 dns_query_reset_answer(q
);
767 r
= sd_event_add_time(
769 &q
->timeout_event_source
,
770 clock_boottime_or_monotonic(),
771 now(clock_boottime_or_monotonic()) + QUERY_TIMEOUT_USEC
, 0,
772 on_query_timeout
, q
);
776 (void) sd_event_source_set_description(q
->timeout_event_source
, "query-timeout");
778 q
->state
= DNS_TRANSACTION_PENDING
;
781 /* Start the transactions */
782 LIST_FOREACH(candidates_by_query
, c
, q
->candidates
) {
783 r
= dns_query_candidate_go(c
);
800 static void dns_query_accept(DnsQuery
*q
, DnsQueryCandidate
*c
) {
801 DnsTransactionState state
= DNS_TRANSACTION_NO_SERVERS
;
802 bool has_authenticated
= false, has_non_authenticated
= false;
803 DnssecResult dnssec_result_authenticated
= _DNSSEC_RESULT_INVALID
, dnssec_result_non_authenticated
= _DNSSEC_RESULT_INVALID
;
811 r
= dns_query_synthesize_reply(q
, &state
);
815 dns_query_complete(q
, state
);
819 if (c
->error_code
!= 0) {
820 /* If the candidate had an error condition of its own, start with that. */
821 state
= DNS_TRANSACTION_ERRNO
;
822 q
->answer
= dns_answer_unref(q
->answer
);
824 q
->answer_dnssec_result
= _DNSSEC_RESULT_INVALID
;
825 q
->answer_authenticated
= false;
826 q
->answer_errno
= c
->error_code
;
829 SET_FOREACH(t
, c
->transactions
, i
) {
833 case DNS_TRANSACTION_SUCCESS
: {
834 /* We found a successfully reply, merge it into the answer */
835 r
= dns_answer_extend(&q
->answer
, t
->answer
);
839 q
->answer_rcode
= t
->answer_rcode
;
842 if (t
->answer_authenticated
) {
843 has_authenticated
= true;
844 dnssec_result_authenticated
= t
->answer_dnssec_result
;
846 has_non_authenticated
= true;
847 dnssec_result_non_authenticated
= t
->answer_dnssec_result
;
850 state
= DNS_TRANSACTION_SUCCESS
;
854 case DNS_TRANSACTION_NULL
:
855 case DNS_TRANSACTION_PENDING
:
856 case DNS_TRANSACTION_VALIDATING
:
857 case DNS_TRANSACTION_ABORTED
:
858 /* Ignore transactions that didn't complete */
862 /* Any kind of failure? Store the data away, if there's nothing stored yet. */
863 if (state
== DNS_TRANSACTION_SUCCESS
)
866 /* If there's already an authenticated negative reply stored, then prefer that over any unauthenticated one */
867 if (q
->answer_authenticated
&& !t
->answer_authenticated
)
870 q
->answer
= dns_answer_unref(q
->answer
);
871 q
->answer_rcode
= t
->answer_rcode
;
872 q
->answer_dnssec_result
= t
->answer_dnssec_result
;
873 q
->answer_authenticated
= t
->answer_authenticated
;
874 q
->answer_errno
= t
->answer_errno
;
881 if (state
== DNS_TRANSACTION_SUCCESS
) {
882 q
->answer_authenticated
= has_authenticated
&& !has_non_authenticated
;
883 q
->answer_dnssec_result
= q
->answer_authenticated
? dnssec_result_authenticated
: dnssec_result_non_authenticated
;
886 q
->answer_protocol
= c
->scope
->protocol
;
887 q
->answer_family
= c
->scope
->family
;
889 dns_search_domain_unref(q
->answer_search_domain
);
890 q
->answer_search_domain
= dns_search_domain_ref(c
->search_domain
);
892 r
= dns_query_synthesize_reply(q
, &state
);
896 dns_query_complete(q
, state
);
900 q
->answer_errno
= -r
;
901 dns_query_complete(q
, DNS_TRANSACTION_ERRNO
);
904 void dns_query_ready(DnsQuery
*q
) {
906 DnsQueryCandidate
*bad
= NULL
, *c
;
907 bool pending
= false;
910 assert(DNS_TRANSACTION_IS_LIVE(q
->state
));
912 /* Note that this call might invalidate the query. Callers
913 * should hence not attempt to access the query or transaction
914 * after calling this function, unless the block_ready
915 * counter was explicitly bumped before doing so. */
917 if (q
->block_ready
> 0)
920 LIST_FOREACH(candidates_by_query
, c
, q
->candidates
) {
921 DnsTransactionState state
;
923 state
= dns_query_candidate_state(c
);
926 case DNS_TRANSACTION_SUCCESS
:
927 /* One of the candidates is successful,
928 * let's use it, and copy its data out */
929 dns_query_accept(q
, c
);
932 case DNS_TRANSACTION_NULL
:
933 case DNS_TRANSACTION_PENDING
:
934 case DNS_TRANSACTION_VALIDATING
:
935 /* One of the candidates is still going on,
936 * let's maybe wait for it */
941 /* Any kind of failure */
950 dns_query_accept(q
, bad
);
953 static int dns_query_cname_redirect(DnsQuery
*q
, const DnsResourceRecord
*cname
) {
954 _cleanup_(dns_question_unrefp
) DnsQuestion
*nq_idna
= NULL
, *nq_utf8
= NULL
;
959 q
->n_cname_redirects
++;
960 if (q
->n_cname_redirects
> CNAME_MAX
)
963 r
= dns_question_cname_redirect(q
->question_idna
, cname
, &nq_idna
);
967 log_debug("Following CNAME/DNAME %s → %s.", dns_question_first_name(q
->question_idna
), dns_question_first_name(nq_idna
));
969 k
= dns_question_is_equal(q
->question_idna
, q
->question_utf8
);
973 /* Same question? Shortcut new question generation */
974 nq_utf8
= dns_question_ref(nq_idna
);
977 k
= dns_question_cname_redirect(q
->question_utf8
, cname
, &nq_utf8
);
981 log_debug("Following UTF8 CNAME/DNAME %s → %s.", dns_question_first_name(q
->question_utf8
), dns_question_first_name(nq_utf8
));
984 if (r
== 0 && k
== 0) /* No actual cname happened? */
987 if (q
->answer_protocol
== DNS_PROTOCOL_DNS
) {
988 /* Don't permit CNAME redirects from unicast DNS to LLMNR or MulticastDNS, so that global resources
989 * cannot invade the local namespace. The opposite way we permit: local names may redirect to global
992 q
->flags
&= ~(SD_RESOLVED_LLMNR
|SD_RESOLVED_MDNS
); /* mask away the local protocols */
995 /* Turn off searching for the new name */
996 q
->flags
|= SD_RESOLVED_NO_SEARCH
;
998 dns_question_unref(q
->question_idna
);
999 q
->question_idna
= nq_idna
;
1002 dns_question_unref(q
->question_utf8
);
1003 q
->question_utf8
= nq_utf8
;
1006 dns_query_free_candidates(q
);
1007 dns_query_reset_answer(q
);
1009 q
->state
= DNS_TRANSACTION_NULL
;
1014 int dns_query_process_cname(DnsQuery
*q
) {
1015 _cleanup_(dns_resource_record_unrefp
) DnsResourceRecord
*cname
= NULL
;
1016 DnsQuestion
*question
;
1017 DnsResourceRecord
*rr
;
1022 if (!IN_SET(q
->state
, DNS_TRANSACTION_SUCCESS
, DNS_TRANSACTION_NULL
))
1023 return DNS_QUERY_NOMATCH
;
1025 question
= dns_query_question_for_protocol(q
, q
->answer_protocol
);
1027 DNS_ANSWER_FOREACH(rr
, q
->answer
) {
1028 r
= dns_question_matches_rr(question
, rr
, DNS_SEARCH_DOMAIN_NAME(q
->answer_search_domain
));
1032 return DNS_QUERY_MATCH
; /* The answer matches directly, no need to follow cnames */
1034 r
= dns_question_matches_cname_or_dname(question
, rr
, DNS_SEARCH_DOMAIN_NAME(q
->answer_search_domain
));
1037 if (r
> 0 && !cname
)
1038 cname
= dns_resource_record_ref(rr
);
1042 return DNS_QUERY_NOMATCH
; /* No match and no cname to follow */
1044 if (q
->flags
& SD_RESOLVED_NO_CNAME
)
1047 if (!q
->answer_authenticated
)
1048 q
->previous_redirect_unauthenticated
= true;
1050 /* OK, let's actually follow the CNAME */
1051 r
= dns_query_cname_redirect(q
, cname
);
1055 /* Let's see if the answer can already answer the new
1056 * redirected question */
1057 r
= dns_query_process_cname(q
);
1058 if (r
!= DNS_QUERY_NOMATCH
)
1061 /* OK, it cannot, let's begin with the new query */
1062 r
= dns_query_go(q
);
1066 return DNS_QUERY_RESTARTED
; /* We restarted the query for a new cname */
1069 static int on_bus_track(sd_bus_track
*t
, void *userdata
) {
1070 DnsQuery
*q
= userdata
;
1075 log_debug("Client of active query vanished, aborting query.");
1076 dns_query_complete(q
, DNS_TRANSACTION_ABORTED
);
1080 int dns_query_bus_track(DnsQuery
*q
, sd_bus_message
*m
) {
1086 if (!q
->bus_track
) {
1087 r
= sd_bus_track_new(sd_bus_message_get_bus(m
), &q
->bus_track
, on_bus_track
, q
);
1092 r
= sd_bus_track_add_sender(q
->bus_track
, m
);
1099 DnsQuestion
* dns_query_question_for_protocol(DnsQuery
*q
, DnsProtocol protocol
) {
1104 case DNS_PROTOCOL_DNS
:
1105 return q
->question_idna
;
1107 case DNS_PROTOCOL_MDNS
:
1108 case DNS_PROTOCOL_LLMNR
:
1109 return q
->question_utf8
;
1116 const char *dns_query_string(DnsQuery
*q
) {
1120 /* Returns a somewhat useful human-readable lookup key string for this query */
1122 if (q
->request_address_string
)
1123 return q
->request_address_string
;
1125 if (q
->request_address_valid
) {
1126 r
= in_addr_to_string(q
->request_family
, &q
->request_address
, &q
->request_address_string
);
1128 return q
->request_address_string
;
1131 name
= dns_question_first_name(q
->question_utf8
);
1135 return dns_question_first_name(q
->question_idna
);
1138 bool dns_query_fully_authenticated(DnsQuery
*q
) {
1141 return q
->answer_authenticated
&& !q
->previous_redirect_unauthenticated
;