1 /* SPDX-License-Identifier: LGPL-2.1+ */
3 #include "alloc-util.h"
4 #include "dns-domain.h"
6 #include "hostname-util.h"
7 #include "local-addresses.h"
8 #include "resolved-dns-query.h"
9 #include "resolved-dns-synthesize.h"
10 #include "resolved-etc-hosts.h"
11 #include "string-util.h"
14 #define QUERIES_MAX 2048
15 #define AUXILIARY_QUERIES_MAX 64
17 static int dns_query_candidate_new(DnsQueryCandidate
**ret
, DnsQuery
*q
, DnsScope
*s
) {
24 c
= new0(DnsQueryCandidate
, 1);
31 LIST_PREPEND(candidates_by_query
, q
->candidates
, c
);
32 LIST_PREPEND(candidates_by_scope
, s
->query_candidates
, c
);
38 static void dns_query_candidate_stop(DnsQueryCandidate
*c
) {
43 while ((t
= set_steal_first(c
->transactions
))) {
44 set_remove(t
->notify_query_candidates
, c
);
45 set_remove(t
->notify_query_candidates_done
, c
);
46 dns_transaction_gc(t
);
50 DnsQueryCandidate
* dns_query_candidate_free(DnsQueryCandidate
*c
) {
55 dns_query_candidate_stop(c
);
57 set_free(c
->transactions
);
58 dns_search_domain_unref(c
->search_domain
);
61 LIST_REMOVE(candidates_by_query
, c
->query
->candidates
, c
);
64 LIST_REMOVE(candidates_by_scope
, c
->scope
->query_candidates
, c
);
69 static int dns_query_candidate_next_search_domain(DnsQueryCandidate
*c
) {
70 DnsSearchDomain
*next
= NULL
;
74 if (c
->search_domain
&& c
->search_domain
->linked
)
75 next
= c
->search_domain
->domains_next
;
77 next
= dns_scope_get_search_domains(c
->scope
);
80 if (!next
) /* We hit the end of the list */
83 if (!next
->route_only
)
86 /* Skip over route-only domains */
87 next
= next
->domains_next
;
90 dns_search_domain_unref(c
->search_domain
);
91 c
->search_domain
= dns_search_domain_ref(next
);
96 static int dns_query_candidate_add_transaction(DnsQueryCandidate
*c
, DnsResourceKey
*key
) {
103 t
= dns_scope_find_transaction(c
->scope
, key
, true);
105 r
= dns_transaction_new(&t
, c
->scope
, key
);
109 if (set_contains(c
->transactions
, t
))
113 r
= set_ensure_allocated(&c
->transactions
, NULL
);
117 r
= set_ensure_allocated(&t
->notify_query_candidates
, NULL
);
121 r
= set_ensure_allocated(&t
->notify_query_candidates_done
, NULL
);
125 r
= set_put(t
->notify_query_candidates
, c
);
129 r
= set_put(c
->transactions
, t
);
131 (void) set_remove(t
->notify_query_candidates
, c
);
135 t
->clamp_ttl
= c
->query
->clamp_ttl
;
139 dns_transaction_gc(t
);
143 static int dns_query_candidate_go(DnsQueryCandidate
*c
) {
151 /* Start the transactions that are not started yet */
152 SET_FOREACH(t
, c
->transactions
, i
) {
153 if (t
->state
!= DNS_TRANSACTION_NULL
)
156 r
= dns_transaction_go(t
);
163 /* If there was nothing to start, then let's proceed immediately */
165 dns_query_candidate_notify(c
);
170 static DnsTransactionState
dns_query_candidate_state(DnsQueryCandidate
*c
) {
171 DnsTransactionState state
= DNS_TRANSACTION_NO_SERVERS
;
177 if (c
->error_code
!= 0)
178 return DNS_TRANSACTION_ERRNO
;
180 SET_FOREACH(t
, c
->transactions
, i
) {
184 case DNS_TRANSACTION_NULL
:
185 /* If there's a NULL transaction pending, then
186 * this means not all transactions where
187 * started yet, and we were called from within
188 * the stackframe that is supposed to start
189 * remaining transactions. In this case,
190 * simply claim the candidate is pending. */
192 case DNS_TRANSACTION_PENDING
:
193 case DNS_TRANSACTION_VALIDATING
:
194 /* If there's one transaction currently in
195 * VALIDATING state, then this means there's
196 * also one in PENDING state, hence we can
197 * return PENDING immediately. */
198 return DNS_TRANSACTION_PENDING
;
200 case DNS_TRANSACTION_SUCCESS
:
205 if (state
!= DNS_TRANSACTION_SUCCESS
)
215 static bool dns_query_candidate_is_routable(DnsQueryCandidate
*c
, uint16_t type
) {
220 /* Checks whether the specified RR type matches an address family that is routable on the link(s) the scope of
221 * this candidate belongs to. Specifically, whether there's a routable IPv4 address on it if we query an A RR,
222 * or a routable IPv6 address if we query an AAAA RR. */
224 if (!c
->query
->suppress_unroutable_family
)
227 if (c
->scope
->protocol
!= DNS_PROTOCOL_DNS
)
230 family
= dns_type_to_af(type
);
235 return link_relevant(c
->scope
->link
, family
, false);
237 return manager_routable(c
->scope
->manager
, family
);
240 static int dns_query_candidate_setup_transactions(DnsQueryCandidate
*c
) {
241 DnsQuestion
*question
;
247 dns_query_candidate_stop(c
);
249 question
= dns_query_question_for_protocol(c
->query
, c
->scope
->protocol
);
251 /* Create one transaction per question key */
252 DNS_QUESTION_FOREACH(key
, question
) {
253 _cleanup_(dns_resource_key_unrefp
) DnsResourceKey
*new_key
= NULL
;
254 DnsResourceKey
*qkey
;
256 if (!dns_query_candidate_is_routable(c
, key
->type
))
259 if (c
->search_domain
) {
260 r
= dns_resource_key_new_append_suffix(&new_key
, key
, c
->search_domain
->name
);
268 if (!dns_scope_good_key(c
->scope
, qkey
))
271 r
= dns_query_candidate_add_transaction(c
, qkey
);
281 dns_query_candidate_stop(c
);
285 void dns_query_candidate_notify(DnsQueryCandidate
*c
) {
286 DnsTransactionState state
;
291 state
= dns_query_candidate_state(c
);
293 if (DNS_TRANSACTION_IS_LIVE(state
))
296 if (state
!= DNS_TRANSACTION_SUCCESS
&& c
->search_domain
) {
298 r
= dns_query_candidate_next_search_domain(c
);
303 /* OK, there's another search domain to try, let's do so. */
305 r
= dns_query_candidate_setup_transactions(c
);
310 /* New transactions where queued. Start them and wait */
312 r
= dns_query_candidate_go(c
);
322 dns_query_ready(c
->query
);
326 log_warning_errno(r
, "Failed to follow search domains: %m");
328 dns_query_ready(c
->query
);
331 static void dns_query_stop(DnsQuery
*q
) {
332 DnsQueryCandidate
*c
;
336 q
->timeout_event_source
= sd_event_source_unref(q
->timeout_event_source
);
338 LIST_FOREACH(candidates_by_query
, c
, q
->candidates
)
339 dns_query_candidate_stop(c
);
342 static void dns_query_free_candidates(DnsQuery
*q
) {
345 while (q
->candidates
)
346 dns_query_candidate_free(q
->candidates
);
349 static void dns_query_reset_answer(DnsQuery
*q
) {
352 q
->answer
= dns_answer_unref(q
->answer
);
354 q
->answer_dnssec_result
= _DNSSEC_RESULT_INVALID
;
356 q
->answer_authenticated
= false;
357 q
->answer_protocol
= _DNS_PROTOCOL_INVALID
;
358 q
->answer_family
= AF_UNSPEC
;
359 q
->answer_search_domain
= dns_search_domain_unref(q
->answer_search_domain
);
362 DnsQuery
*dns_query_free(DnsQuery
*q
) {
366 while (q
->auxiliary_queries
)
367 dns_query_free(q
->auxiliary_queries
);
369 if (q
->auxiliary_for
) {
370 assert(q
->auxiliary_for
->n_auxiliary_queries
> 0);
371 q
->auxiliary_for
->n_auxiliary_queries
--;
372 LIST_REMOVE(auxiliary_queries
, q
->auxiliary_for
->auxiliary_queries
, q
);
375 dns_query_free_candidates(q
);
377 dns_question_unref(q
->question_idna
);
378 dns_question_unref(q
->question_utf8
);
380 dns_query_reset_answer(q
);
382 sd_bus_message_unref(q
->request
);
383 sd_bus_track_unref(q
->bus_track
);
385 dns_packet_unref(q
->request_dns_packet
);
386 dns_packet_unref(q
->reply_dns_packet
);
388 if (q
->request_dns_stream
) {
389 /* Detach the stream from our query, in case something else keeps a reference to it. */
390 q
->request_dns_stream
->complete
= NULL
;
391 q
->request_dns_stream
->on_packet
= NULL
;
392 q
->request_dns_stream
->query
= NULL
;
393 dns_stream_unref(q
->request_dns_stream
);
396 free(q
->request_address_string
);
399 LIST_REMOVE(queries
, q
->manager
->dns_queries
, q
);
400 q
->manager
->n_dns_queries
--;
409 DnsQuestion
*question_utf8
,
410 DnsQuestion
*question_idna
,
414 _cleanup_(dns_query_freep
) DnsQuery
*q
= NULL
;
418 char key_str
[DNS_RESOURCE_KEY_STRING_MAX
];
422 if (dns_question_size(question_utf8
) > 0) {
423 r
= dns_question_is_valid_for_query(question_utf8
);
432 /* If the IDNA and UTF8 questions are the same, merge their references */
433 r
= dns_question_is_equal(question_idna
, question_utf8
);
437 question_idna
= question_utf8
;
439 if (dns_question_size(question_idna
) > 0) {
440 r
= dns_question_is_valid_for_query(question_idna
);
450 if (!good
) /* don't allow empty queries */
453 if (m
->n_dns_queries
>= QUERIES_MAX
)
456 q
= new0(DnsQuery
, 1);
460 q
->question_utf8
= dns_question_ref(question_utf8
);
461 q
->question_idna
= dns_question_ref(question_idna
);
462 q
->ifindex
= ifindex
;
464 q
->answer_dnssec_result
= _DNSSEC_RESULT_INVALID
;
465 q
->answer_protocol
= _DNS_PROTOCOL_INVALID
;
466 q
->answer_family
= AF_UNSPEC
;
468 /* First dump UTF8 question */
469 DNS_QUESTION_FOREACH(key
, question_utf8
)
470 log_debug("Looking up RR for %s.",
471 dns_resource_key_to_string(key
, key_str
, sizeof key_str
));
473 /* And then dump the IDNA question, but only what hasn't been dumped already through the UTF8 question. */
474 DNS_QUESTION_FOREACH(key
, question_idna
) {
475 r
= dns_question_contains(question_utf8
, key
);
481 log_debug("Looking up IDNA RR for %s.",
482 dns_resource_key_to_string(key
, key_str
, sizeof key_str
));
485 LIST_PREPEND(queries
, m
->dns_queries
, q
);
496 int dns_query_make_auxiliary(DnsQuery
*q
, DnsQuery
*auxiliary_for
) {
498 assert(auxiliary_for
);
500 /* Ensure that the query is not auxiliary yet, and
501 * nothing else is auxiliary to it either */
502 assert(!q
->auxiliary_for
);
503 assert(!q
->auxiliary_queries
);
505 /* Ensure that the unit we shall be made auxiliary for isn't
506 * auxiliary itself */
507 assert(!auxiliary_for
->auxiliary_for
);
509 if (auxiliary_for
->n_auxiliary_queries
>= AUXILIARY_QUERIES_MAX
)
512 LIST_PREPEND(auxiliary_queries
, auxiliary_for
->auxiliary_queries
, q
);
513 q
->auxiliary_for
= auxiliary_for
;
515 auxiliary_for
->n_auxiliary_queries
++;
519 static void dns_query_complete(DnsQuery
*q
, DnsTransactionState state
) {
521 assert(!DNS_TRANSACTION_IS_LIVE(state
));
522 assert(DNS_TRANSACTION_IS_LIVE(q
->state
));
524 /* Note that this call might invalidate the query. Callers
525 * should hence not attempt to access the query or transaction
526 * after calling this function. */
535 static int on_query_timeout(sd_event_source
*s
, usec_t usec
, void *userdata
) {
536 DnsQuery
*q
= userdata
;
541 dns_query_complete(q
, DNS_TRANSACTION_TIMEOUT
);
545 static int dns_query_add_candidate(DnsQuery
*q
, DnsScope
*s
) {
546 DnsQueryCandidate
*c
;
552 r
= dns_query_candidate_new(&c
, q
, s
);
556 /* If this a single-label domain on DNS, we might append a suitable search domain first. */
557 if ((q
->flags
& SD_RESOLVED_NO_SEARCH
) == 0 &&
558 dns_scope_name_needs_search_domain(s
, dns_question_first_name(q
->question_idna
))) {
559 /* OK, we need a search domain now. Let's find one for this scope */
561 r
= dns_query_candidate_next_search_domain(c
);
562 if (r
<= 0) /* if there's no search domain, then we won't add any transaction. */
566 r
= dns_query_candidate_setup_transactions(c
);
573 dns_query_candidate_free(c
);
577 static int dns_query_synthesize_reply(DnsQuery
*q
, DnsTransactionState
*state
) {
578 _cleanup_(dns_answer_unrefp
) DnsAnswer
*answer
= NULL
;
584 /* Tries to synthesize localhost RR replies (and others) where appropriate. Note that this is done *after* the
585 * the normal lookup finished. The data from the network hence takes precedence over the data we
586 * synthesize. (But note that many scopes refuse to resolve certain domain names) */
589 DNS_TRANSACTION_RCODE_FAILURE
,
590 DNS_TRANSACTION_NO_SERVERS
,
591 DNS_TRANSACTION_TIMEOUT
,
592 DNS_TRANSACTION_ATTEMPTS_MAX_REACHED
,
593 DNS_TRANSACTION_NETWORK_DOWN
,
594 DNS_TRANSACTION_NOT_FOUND
))
597 r
= dns_synthesize_answer(
603 /* If we get ENXIO this tells us to generate NXDOMAIN unconditionally. */
605 dns_query_reset_answer(q
);
606 q
->answer_rcode
= DNS_RCODE_NXDOMAIN
;
607 q
->answer_protocol
= dns_synthesize_protocol(q
->flags
);
608 q
->answer_family
= dns_synthesize_family(q
->flags
);
609 q
->answer_authenticated
= true;
610 *state
= DNS_TRANSACTION_RCODE_FAILURE
;
617 dns_query_reset_answer(q
);
619 q
->answer
= TAKE_PTR(answer
);
620 q
->answer_rcode
= DNS_RCODE_SUCCESS
;
621 q
->answer_protocol
= dns_synthesize_protocol(q
->flags
);
622 q
->answer_family
= dns_synthesize_family(q
->flags
);
623 q
->answer_authenticated
= true;
625 *state
= DNS_TRANSACTION_SUCCESS
;
630 static int dns_query_try_etc_hosts(DnsQuery
*q
) {
631 _cleanup_(dns_answer_unrefp
) DnsAnswer
*answer
= NULL
;
636 /* Looks in /etc/hosts for matching entries. Note that this is done *before* the normal lookup is done. The
637 * data from /etc/hosts hence takes precedence over the network. */
639 r
= manager_etc_hosts_lookup(
646 dns_query_reset_answer(q
);
648 q
->answer
= TAKE_PTR(answer
);
649 q
->answer_rcode
= DNS_RCODE_SUCCESS
;
650 q
->answer_protocol
= dns_synthesize_protocol(q
->flags
);
651 q
->answer_family
= dns_synthesize_family(q
->flags
);
652 q
->answer_authenticated
= true;
657 int dns_query_go(DnsQuery
*q
) {
658 DnsScopeMatch found
= DNS_SCOPE_NO
;
659 DnsScope
*s
, *first
= NULL
;
660 DnsQueryCandidate
*c
;
665 if (q
->state
!= DNS_TRANSACTION_NULL
)
668 r
= dns_query_try_etc_hosts(q
);
672 dns_query_complete(q
, DNS_TRANSACTION_SUCCESS
);
676 LIST_FOREACH(scopes
, s
, q
->manager
->dns_scopes
) {
680 name
= dns_question_first_name(dns_query_question_for_protocol(q
, s
->protocol
));
684 match
= dns_scope_good_domain(s
, q
->ifindex
, q
->flags
, name
);
686 log_debug("Couldn't check if '%s' matches against scope, ignoring.", name
);
690 if (match
> found
) { /* Does this match better? If so, remember how well it matched, and the first one
691 * that matches this well */
697 if (found
== DNS_SCOPE_NO
) {
698 DnsTransactionState state
= DNS_TRANSACTION_NO_SERVERS
;
700 r
= dns_query_synthesize_reply(q
, &state
);
704 dns_query_complete(q
, state
);
708 r
= dns_query_add_candidate(q
, first
);
712 LIST_FOREACH(scopes
, s
, first
->scopes_next
) {
716 name
= dns_question_first_name(dns_query_question_for_protocol(q
, s
->protocol
));
720 match
= dns_scope_good_domain(s
, q
->ifindex
, q
->flags
, name
);
722 log_debug("Couldn't check if '%s' matches agains scope, ignoring.", name
);
729 r
= dns_query_add_candidate(q
, s
);
734 dns_query_reset_answer(q
);
736 r
= sd_event_add_time(
738 &q
->timeout_event_source
,
739 clock_boottime_or_monotonic(),
740 now(clock_boottime_or_monotonic()) + SD_RESOLVED_QUERY_TIMEOUT_USEC
,
741 0, on_query_timeout
, q
);
745 (void) sd_event_source_set_description(q
->timeout_event_source
, "query-timeout");
747 q
->state
= DNS_TRANSACTION_PENDING
;
750 /* Start the transactions */
751 LIST_FOREACH(candidates_by_query
, c
, q
->candidates
) {
752 r
= dns_query_candidate_go(c
);
769 static void dns_query_accept(DnsQuery
*q
, DnsQueryCandidate
*c
) {
770 DnsTransactionState state
= DNS_TRANSACTION_NO_SERVERS
;
771 bool has_authenticated
= false, has_non_authenticated
= false;
772 DnssecResult dnssec_result_authenticated
= _DNSSEC_RESULT_INVALID
, dnssec_result_non_authenticated
= _DNSSEC_RESULT_INVALID
;
780 r
= dns_query_synthesize_reply(q
, &state
);
784 dns_query_complete(q
, state
);
788 if (c
->error_code
!= 0) {
789 /* If the candidate had an error condition of its own, start with that. */
790 state
= DNS_TRANSACTION_ERRNO
;
791 q
->answer
= dns_answer_unref(q
->answer
);
793 q
->answer_dnssec_result
= _DNSSEC_RESULT_INVALID
;
794 q
->answer_authenticated
= false;
795 q
->answer_errno
= c
->error_code
;
798 SET_FOREACH(t
, c
->transactions
, i
) {
802 case DNS_TRANSACTION_SUCCESS
: {
803 /* We found a successfully reply, merge it into the answer */
804 r
= dns_answer_extend(&q
->answer
, t
->answer
);
808 q
->answer_rcode
= t
->answer_rcode
;
811 if (t
->answer_authenticated
) {
812 has_authenticated
= true;
813 dnssec_result_authenticated
= t
->answer_dnssec_result
;
815 has_non_authenticated
= true;
816 dnssec_result_non_authenticated
= t
->answer_dnssec_result
;
819 state
= DNS_TRANSACTION_SUCCESS
;
823 case DNS_TRANSACTION_NULL
:
824 case DNS_TRANSACTION_PENDING
:
825 case DNS_TRANSACTION_VALIDATING
:
826 case DNS_TRANSACTION_ABORTED
:
827 /* Ignore transactions that didn't complete */
831 /* Any kind of failure? Store the data away, if there's nothing stored yet. */
832 if (state
== DNS_TRANSACTION_SUCCESS
)
835 /* If there's already an authenticated negative reply stored, then prefer that over any unauthenticated one */
836 if (q
->answer_authenticated
&& !t
->answer_authenticated
)
839 q
->answer
= dns_answer_unref(q
->answer
);
840 q
->answer_rcode
= t
->answer_rcode
;
841 q
->answer_dnssec_result
= t
->answer_dnssec_result
;
842 q
->answer_authenticated
= t
->answer_authenticated
;
843 q
->answer_errno
= t
->answer_errno
;
850 if (state
== DNS_TRANSACTION_SUCCESS
) {
851 q
->answer_authenticated
= has_authenticated
&& !has_non_authenticated
;
852 q
->answer_dnssec_result
= q
->answer_authenticated
? dnssec_result_authenticated
: dnssec_result_non_authenticated
;
855 q
->answer_protocol
= c
->scope
->protocol
;
856 q
->answer_family
= c
->scope
->family
;
858 dns_search_domain_unref(q
->answer_search_domain
);
859 q
->answer_search_domain
= dns_search_domain_ref(c
->search_domain
);
861 r
= dns_query_synthesize_reply(q
, &state
);
865 dns_query_complete(q
, state
);
869 q
->answer_errno
= -r
;
870 dns_query_complete(q
, DNS_TRANSACTION_ERRNO
);
873 void dns_query_ready(DnsQuery
*q
) {
875 DnsQueryCandidate
*bad
= NULL
, *c
;
876 bool pending
= false;
879 assert(DNS_TRANSACTION_IS_LIVE(q
->state
));
881 /* Note that this call might invalidate the query. Callers
882 * should hence not attempt to access the query or transaction
883 * after calling this function, unless the block_ready
884 * counter was explicitly bumped before doing so. */
886 if (q
->block_ready
> 0)
889 LIST_FOREACH(candidates_by_query
, c
, q
->candidates
) {
890 DnsTransactionState state
;
892 state
= dns_query_candidate_state(c
);
895 case DNS_TRANSACTION_SUCCESS
:
896 /* One of the candidates is successful,
897 * let's use it, and copy its data out */
898 dns_query_accept(q
, c
);
901 case DNS_TRANSACTION_NULL
:
902 case DNS_TRANSACTION_PENDING
:
903 case DNS_TRANSACTION_VALIDATING
:
904 /* One of the candidates is still going on,
905 * let's maybe wait for it */
910 /* Any kind of failure */
919 dns_query_accept(q
, bad
);
922 static int dns_query_cname_redirect(DnsQuery
*q
, const DnsResourceRecord
*cname
) {
923 _cleanup_(dns_question_unrefp
) DnsQuestion
*nq_idna
= NULL
, *nq_utf8
= NULL
;
928 q
->n_cname_redirects
++;
929 if (q
->n_cname_redirects
> CNAME_MAX
)
932 r
= dns_question_cname_redirect(q
->question_idna
, cname
, &nq_idna
);
936 log_debug("Following CNAME/DNAME %s → %s.", dns_question_first_name(q
->question_idna
), dns_question_first_name(nq_idna
));
938 k
= dns_question_is_equal(q
->question_idna
, q
->question_utf8
);
942 /* Same question? Shortcut new question generation */
943 nq_utf8
= dns_question_ref(nq_idna
);
946 k
= dns_question_cname_redirect(q
->question_utf8
, cname
, &nq_utf8
);
950 log_debug("Following UTF8 CNAME/DNAME %s → %s.", dns_question_first_name(q
->question_utf8
), dns_question_first_name(nq_utf8
));
953 if (r
== 0 && k
== 0) /* No actual cname happened? */
956 if (q
->answer_protocol
== DNS_PROTOCOL_DNS
) {
957 /* Don't permit CNAME redirects from unicast DNS to LLMNR or MulticastDNS, so that global resources
958 * cannot invade the local namespace. The opposite way we permit: local names may redirect to global
961 q
->flags
&= ~(SD_RESOLVED_LLMNR
|SD_RESOLVED_MDNS
); /* mask away the local protocols */
964 /* Turn off searching for the new name */
965 q
->flags
|= SD_RESOLVED_NO_SEARCH
;
967 dns_question_unref(q
->question_idna
);
968 q
->question_idna
= TAKE_PTR(nq_idna
);
970 dns_question_unref(q
->question_utf8
);
971 q
->question_utf8
= TAKE_PTR(nq_utf8
);
973 dns_query_free_candidates(q
);
974 dns_query_reset_answer(q
);
976 q
->state
= DNS_TRANSACTION_NULL
;
981 int dns_query_process_cname(DnsQuery
*q
) {
982 _cleanup_(dns_resource_record_unrefp
) DnsResourceRecord
*cname
= NULL
;
983 DnsQuestion
*question
;
984 DnsResourceRecord
*rr
;
989 if (!IN_SET(q
->state
, DNS_TRANSACTION_SUCCESS
, DNS_TRANSACTION_NULL
))
990 return DNS_QUERY_NOMATCH
;
992 question
= dns_query_question_for_protocol(q
, q
->answer_protocol
);
994 DNS_ANSWER_FOREACH(rr
, q
->answer
) {
995 r
= dns_question_matches_rr(question
, rr
, DNS_SEARCH_DOMAIN_NAME(q
->answer_search_domain
));
999 return DNS_QUERY_MATCH
; /* The answer matches directly, no need to follow cnames */
1001 r
= dns_question_matches_cname_or_dname(question
, rr
, DNS_SEARCH_DOMAIN_NAME(q
->answer_search_domain
));
1004 if (r
> 0 && !cname
)
1005 cname
= dns_resource_record_ref(rr
);
1009 return DNS_QUERY_NOMATCH
; /* No match and no cname to follow */
1011 if (q
->flags
& SD_RESOLVED_NO_CNAME
)
1014 if (!q
->answer_authenticated
)
1015 q
->previous_redirect_unauthenticated
= true;
1017 /* OK, let's actually follow the CNAME */
1018 r
= dns_query_cname_redirect(q
, cname
);
1022 /* Let's see if the answer can already answer the new
1023 * redirected question */
1024 r
= dns_query_process_cname(q
);
1025 if (r
!= DNS_QUERY_NOMATCH
)
1028 /* OK, it cannot, let's begin with the new query */
1029 r
= dns_query_go(q
);
1033 return DNS_QUERY_RESTARTED
; /* We restarted the query for a new cname */
1036 static int on_bus_track(sd_bus_track
*t
, void *userdata
) {
1037 DnsQuery
*q
= userdata
;
1042 log_debug("Client of active query vanished, aborting query.");
1043 dns_query_complete(q
, DNS_TRANSACTION_ABORTED
);
1047 int dns_query_bus_track(DnsQuery
*q
, sd_bus_message
*m
) {
1053 if (!q
->bus_track
) {
1054 r
= sd_bus_track_new(sd_bus_message_get_bus(m
), &q
->bus_track
, on_bus_track
, q
);
1059 r
= sd_bus_track_add_sender(q
->bus_track
, m
);
1066 DnsQuestion
* dns_query_question_for_protocol(DnsQuery
*q
, DnsProtocol protocol
) {
1071 case DNS_PROTOCOL_DNS
:
1072 return q
->question_idna
;
1074 case DNS_PROTOCOL_MDNS
:
1075 case DNS_PROTOCOL_LLMNR
:
1076 return q
->question_utf8
;
1083 const char *dns_query_string(DnsQuery
*q
) {
1087 /* Returns a somewhat useful human-readable lookup key string for this query */
1089 if (q
->request_address_string
)
1090 return q
->request_address_string
;
1092 if (q
->request_address_valid
) {
1093 r
= in_addr_to_string(q
->request_family
, &q
->request_address
, &q
->request_address_string
);
1095 return q
->request_address_string
;
1098 name
= dns_question_first_name(q
->question_utf8
);
1102 return dns_question_first_name(q
->question_idna
);
1105 bool dns_query_fully_authenticated(DnsQuery
*q
) {
1108 return q
->answer_authenticated
&& !q
->previous_redirect_unauthenticated
;