1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
3 #include "alloc-util.h"
4 #include "dns-domain.h"
6 #include "hostname-util.h"
7 #include "local-addresses.h"
8 #include "resolved-dns-query.h"
9 #include "resolved-dns-synthesize.h"
10 #include "resolved-etc-hosts.h"
11 #include "string-util.h"
14 #define QUERIES_MAX 2048
15 #define AUXILIARY_QUERIES_MAX 64
17 static int dns_query_candidate_new(DnsQueryCandidate
**ret
, DnsQuery
*q
, DnsScope
*s
) {
24 c
= new(DnsQueryCandidate
, 1);
28 *c
= (DnsQueryCandidate
) {
33 LIST_PREPEND(candidates_by_query
, q
->candidates
, c
);
34 LIST_PREPEND(candidates_by_scope
, s
->query_candidates
, c
);
40 static void dns_query_candidate_stop(DnsQueryCandidate
*c
) {
45 while ((t
= set_steal_first(c
->transactions
))) {
46 set_remove(t
->notify_query_candidates
, c
);
47 set_remove(t
->notify_query_candidates_done
, c
);
48 dns_transaction_gc(t
);
52 DnsQueryCandidate
* dns_query_candidate_free(DnsQueryCandidate
*c
) {
57 dns_query_candidate_stop(c
);
59 set_free(c
->transactions
);
60 dns_search_domain_unref(c
->search_domain
);
63 LIST_REMOVE(candidates_by_query
, c
->query
->candidates
, c
);
66 LIST_REMOVE(candidates_by_scope
, c
->scope
->query_candidates
, c
);
71 static int dns_query_candidate_next_search_domain(DnsQueryCandidate
*c
) {
72 DnsSearchDomain
*next
= NULL
;
76 if (c
->search_domain
&& c
->search_domain
->linked
)
77 next
= c
->search_domain
->domains_next
;
79 next
= dns_scope_get_search_domains(c
->scope
);
82 if (!next
) /* We hit the end of the list */
85 if (!next
->route_only
)
88 /* Skip over route-only domains */
89 next
= next
->domains_next
;
92 dns_search_domain_unref(c
->search_domain
);
93 c
->search_domain
= dns_search_domain_ref(next
);
98 static int dns_query_candidate_add_transaction(DnsQueryCandidate
*c
, DnsResourceKey
*key
) {
99 _cleanup_(dns_transaction_gcp
) DnsTransaction
*t
= NULL
;
105 t
= dns_scope_find_transaction(c
->scope
, key
, true);
107 r
= dns_transaction_new(&t
, c
->scope
, key
);
110 } else if (set_contains(c
->transactions
, t
))
113 r
= set_ensure_allocated(&t
->notify_query_candidates_done
, NULL
);
117 r
= set_ensure_put(&t
->notify_query_candidates
, NULL
, c
);
121 r
= set_ensure_put(&c
->transactions
, NULL
, t
);
123 (void) set_remove(t
->notify_query_candidates
, c
);
127 t
->clamp_ttl
= c
->query
->clamp_ttl
;
132 static int dns_query_candidate_go(DnsQueryCandidate
*c
) {
139 /* Start the transactions that are not started yet */
140 SET_FOREACH(t
, c
->transactions
) {
141 if (t
->state
!= DNS_TRANSACTION_NULL
)
144 r
= dns_transaction_go(t
);
151 /* If there was nothing to start, then let's proceed immediately */
153 dns_query_candidate_notify(c
);
158 static DnsTransactionState
dns_query_candidate_state(DnsQueryCandidate
*c
) {
159 DnsTransactionState state
= DNS_TRANSACTION_NO_SERVERS
;
164 if (c
->error_code
!= 0)
165 return DNS_TRANSACTION_ERRNO
;
167 SET_FOREACH(t
, c
->transactions
) {
171 case DNS_TRANSACTION_NULL
:
172 /* If there's a NULL transaction pending, then
173 * this means not all transactions where
174 * started yet, and we were called from within
175 * the stackframe that is supposed to start
176 * remaining transactions. In this case,
177 * simply claim the candidate is pending. */
179 case DNS_TRANSACTION_PENDING
:
180 case DNS_TRANSACTION_VALIDATING
:
181 /* If there's one transaction currently in
182 * VALIDATING state, then this means there's
183 * also one in PENDING state, hence we can
184 * return PENDING immediately. */
185 return DNS_TRANSACTION_PENDING
;
187 case DNS_TRANSACTION_SUCCESS
:
192 if (state
!= DNS_TRANSACTION_SUCCESS
)
202 static int dns_query_candidate_setup_transactions(DnsQueryCandidate
*c
) {
203 DnsQuestion
*question
;
209 dns_query_candidate_stop(c
);
211 question
= dns_query_question_for_protocol(c
->query
, c
->scope
->protocol
);
213 /* Create one transaction per question key */
214 DNS_QUESTION_FOREACH(key
, question
) {
215 _cleanup_(dns_resource_key_unrefp
) DnsResourceKey
*new_key
= NULL
;
216 DnsResourceKey
*qkey
;
218 if (c
->search_domain
) {
219 r
= dns_resource_key_new_append_suffix(&new_key
, key
, c
->search_domain
->name
);
227 if (!dns_scope_good_key(c
->scope
, qkey
))
230 r
= dns_query_candidate_add_transaction(c
, qkey
);
240 dns_query_candidate_stop(c
);
244 void dns_query_candidate_notify(DnsQueryCandidate
*c
) {
245 DnsTransactionState state
;
250 state
= dns_query_candidate_state(c
);
252 if (DNS_TRANSACTION_IS_LIVE(state
))
255 if (state
!= DNS_TRANSACTION_SUCCESS
&& c
->search_domain
) {
257 r
= dns_query_candidate_next_search_domain(c
);
262 /* OK, there's another search domain to try, let's do so. */
264 r
= dns_query_candidate_setup_transactions(c
);
269 /* New transactions where queued. Start them and wait */
271 r
= dns_query_candidate_go(c
);
281 dns_query_ready(c
->query
);
285 log_warning_errno(r
, "Failed to follow search domains: %m");
287 dns_query_ready(c
->query
);
290 static void dns_query_stop(DnsQuery
*q
) {
291 DnsQueryCandidate
*c
;
295 q
->timeout_event_source
= sd_event_source_unref(q
->timeout_event_source
);
297 LIST_FOREACH(candidates_by_query
, c
, q
->candidates
)
298 dns_query_candidate_stop(c
);
301 static void dns_query_free_candidates(DnsQuery
*q
) {
304 while (q
->candidates
)
305 dns_query_candidate_free(q
->candidates
);
308 static void dns_query_reset_answer(DnsQuery
*q
) {
311 q
->answer
= dns_answer_unref(q
->answer
);
313 q
->answer_dnssec_result
= _DNSSEC_RESULT_INVALID
;
315 q
->answer_authenticated
= false;
316 q
->answer_protocol
= _DNS_PROTOCOL_INVALID
;
317 q
->answer_family
= AF_UNSPEC
;
318 q
->answer_search_domain
= dns_search_domain_unref(q
->answer_search_domain
);
321 DnsQuery
*dns_query_free(DnsQuery
*q
) {
325 while (q
->auxiliary_queries
)
326 dns_query_free(q
->auxiliary_queries
);
328 if (q
->auxiliary_for
) {
329 assert(q
->auxiliary_for
->n_auxiliary_queries
> 0);
330 q
->auxiliary_for
->n_auxiliary_queries
--;
331 LIST_REMOVE(auxiliary_queries
, q
->auxiliary_for
->auxiliary_queries
, q
);
334 dns_query_free_candidates(q
);
336 dns_question_unref(q
->question_idna
);
337 dns_question_unref(q
->question_utf8
);
339 dns_query_reset_answer(q
);
341 sd_bus_message_unref(q
->bus_request
);
342 sd_bus_track_unref(q
->bus_track
);
344 if (q
->varlink_request
) {
345 varlink_set_userdata(q
->varlink_request
, NULL
);
346 varlink_unref(q
->varlink_request
);
349 dns_packet_unref(q
->request_dns_packet
);
350 dns_packet_unref(q
->reply_dns_packet
);
352 if (q
->request_dns_stream
) {
353 /* Detach the stream from our query, in case something else keeps a reference to it. */
354 (void) set_remove(q
->request_dns_stream
->queries
, q
);
355 q
->request_dns_stream
= dns_stream_unref(q
->request_dns_stream
);
358 free(q
->request_address_string
);
361 LIST_REMOVE(queries
, q
->manager
->dns_queries
, q
);
362 q
->manager
->n_dns_queries
--;
371 DnsQuestion
*question_utf8
,
372 DnsQuestion
*question_idna
,
376 _cleanup_(dns_query_freep
) DnsQuery
*q
= NULL
;
380 char key_str
[DNS_RESOURCE_KEY_STRING_MAX
];
384 if (dns_question_size(question_utf8
) > 0) {
385 r
= dns_question_is_valid_for_query(question_utf8
);
394 /* If the IDNA and UTF8 questions are the same, merge their references */
395 r
= dns_question_is_equal(question_idna
, question_utf8
);
399 question_idna
= question_utf8
;
401 if (dns_question_size(question_idna
) > 0) {
402 r
= dns_question_is_valid_for_query(question_idna
);
412 if (!good
) /* don't allow empty queries */
415 if (m
->n_dns_queries
>= QUERIES_MAX
)
418 q
= new(DnsQuery
, 1);
423 .question_utf8
= dns_question_ref(question_utf8
),
424 .question_idna
= dns_question_ref(question_idna
),
427 .answer_dnssec_result
= _DNSSEC_RESULT_INVALID
,
428 .answer_protocol
= _DNS_PROTOCOL_INVALID
,
429 .answer_family
= AF_UNSPEC
,
432 /* First dump UTF8 question */
433 DNS_QUESTION_FOREACH(key
, question_utf8
)
434 log_debug("Looking up RR for %s.",
435 dns_resource_key_to_string(key
, key_str
, sizeof key_str
));
437 /* And then dump the IDNA question, but only what hasn't been dumped already through the UTF8 question. */
438 DNS_QUESTION_FOREACH(key
, question_idna
) {
439 r
= dns_question_contains(question_utf8
, key
);
445 log_debug("Looking up IDNA RR for %s.",
446 dns_resource_key_to_string(key
, key_str
, sizeof key_str
));
449 LIST_PREPEND(queries
, m
->dns_queries
, q
);
460 int dns_query_make_auxiliary(DnsQuery
*q
, DnsQuery
*auxiliary_for
) {
462 assert(auxiliary_for
);
464 /* Ensure that the query is not auxiliary yet, and
465 * nothing else is auxiliary to it either */
466 assert(!q
->auxiliary_for
);
467 assert(!q
->auxiliary_queries
);
469 /* Ensure that the unit we shall be made auxiliary for isn't
470 * auxiliary itself */
471 assert(!auxiliary_for
->auxiliary_for
);
473 if (auxiliary_for
->n_auxiliary_queries
>= AUXILIARY_QUERIES_MAX
)
476 LIST_PREPEND(auxiliary_queries
, auxiliary_for
->auxiliary_queries
, q
);
477 q
->auxiliary_for
= auxiliary_for
;
479 auxiliary_for
->n_auxiliary_queries
++;
483 void dns_query_complete(DnsQuery
*q
, DnsTransactionState state
) {
485 assert(!DNS_TRANSACTION_IS_LIVE(state
));
486 assert(DNS_TRANSACTION_IS_LIVE(q
->state
));
488 /* Note that this call might invalidate the query. Callers should hence not attempt to access the
489 * query or transaction after calling this function. */
498 static int on_query_timeout(sd_event_source
*s
, usec_t usec
, void *userdata
) {
499 DnsQuery
*q
= userdata
;
504 dns_query_complete(q
, DNS_TRANSACTION_TIMEOUT
);
508 static int dns_query_add_candidate(DnsQuery
*q
, DnsScope
*s
) {
509 _cleanup_(dns_query_candidate_freep
) DnsQueryCandidate
*c
= NULL
;
515 r
= dns_query_candidate_new(&c
, q
, s
);
519 /* If this a single-label domain on DNS, we might append a suitable search domain first. */
520 if (!FLAGS_SET(q
->flags
, SD_RESOLVED_NO_SEARCH
) &&
521 dns_scope_name_wants_search_domain(s
, dns_question_first_name(q
->question_idna
))) {
522 /* OK, we want a search domain now. Let's find one for this scope */
524 r
= dns_query_candidate_next_search_domain(c
);
529 r
= dns_query_candidate_setup_transactions(c
);
537 static int dns_query_synthesize_reply(DnsQuery
*q
, DnsTransactionState
*state
) {
538 _cleanup_(dns_answer_unrefp
) DnsAnswer
*answer
= NULL
;
544 /* Tries to synthesize localhost RR replies (and others) where appropriate. Note that this is done *after* the
545 * the normal lookup finished. The data from the network hence takes precedence over the data we
546 * synthesize. (But note that many scopes refuse to resolve certain domain names) */
549 DNS_TRANSACTION_RCODE_FAILURE
,
550 DNS_TRANSACTION_NO_SERVERS
,
551 DNS_TRANSACTION_TIMEOUT
,
552 DNS_TRANSACTION_ATTEMPTS_MAX_REACHED
,
553 DNS_TRANSACTION_NETWORK_DOWN
,
554 DNS_TRANSACTION_NOT_FOUND
))
557 r
= dns_synthesize_answer(
563 /* If we get ENXIO this tells us to generate NXDOMAIN unconditionally. */
565 dns_query_reset_answer(q
);
566 q
->answer_rcode
= DNS_RCODE_NXDOMAIN
;
567 q
->answer_protocol
= dns_synthesize_protocol(q
->flags
);
568 q
->answer_family
= dns_synthesize_family(q
->flags
);
569 q
->answer_authenticated
= true;
570 *state
= DNS_TRANSACTION_RCODE_FAILURE
;
577 dns_query_reset_answer(q
);
579 q
->answer
= TAKE_PTR(answer
);
580 q
->answer_rcode
= DNS_RCODE_SUCCESS
;
581 q
->answer_protocol
= dns_synthesize_protocol(q
->flags
);
582 q
->answer_family
= dns_synthesize_family(q
->flags
);
583 q
->answer_authenticated
= true;
585 *state
= DNS_TRANSACTION_SUCCESS
;
590 static int dns_query_try_etc_hosts(DnsQuery
*q
) {
591 _cleanup_(dns_answer_unrefp
) DnsAnswer
*answer
= NULL
;
596 /* Looks in /etc/hosts for matching entries. Note that this is done *before* the normal lookup is done. The
597 * data from /etc/hosts hence takes precedence over the network. */
599 r
= manager_etc_hosts_lookup(
606 dns_query_reset_answer(q
);
608 q
->answer
= TAKE_PTR(answer
);
609 q
->answer_rcode
= DNS_RCODE_SUCCESS
;
610 q
->answer_protocol
= dns_synthesize_protocol(q
->flags
);
611 q
->answer_family
= dns_synthesize_family(q
->flags
);
612 q
->answer_authenticated
= true;
617 int dns_query_go(DnsQuery
*q
) {
618 DnsScopeMatch found
= DNS_SCOPE_NO
;
619 DnsScope
*s
, *first
= NULL
;
620 DnsQueryCandidate
*c
;
625 if (q
->state
!= DNS_TRANSACTION_NULL
)
628 r
= dns_query_try_etc_hosts(q
);
632 dns_query_complete(q
, DNS_TRANSACTION_SUCCESS
);
636 LIST_FOREACH(scopes
, s
, q
->manager
->dns_scopes
) {
640 name
= dns_question_first_name(dns_query_question_for_protocol(q
, s
->protocol
));
644 match
= dns_scope_good_domain(s
, q
->ifindex
, q
->flags
, name
);
646 log_debug("Couldn't check if '%s' matches against scope, ignoring.", name
);
650 if (match
> found
) { /* Does this match better? If so, remember how well it matched, and the first one
651 * that matches this well */
657 if (found
== DNS_SCOPE_NO
) {
658 DnsTransactionState state
= DNS_TRANSACTION_NO_SERVERS
;
660 r
= dns_query_synthesize_reply(q
, &state
);
664 dns_query_complete(q
, state
);
668 r
= dns_query_add_candidate(q
, first
);
672 LIST_FOREACH(scopes
, s
, first
->scopes_next
) {
676 name
= dns_question_first_name(dns_query_question_for_protocol(q
, s
->protocol
));
680 match
= dns_scope_good_domain(s
, q
->ifindex
, q
->flags
, name
);
682 log_debug("Couldn't check if '%s' matches against scope, ignoring.", name
);
689 r
= dns_query_add_candidate(q
, s
);
694 dns_query_reset_answer(q
);
696 r
= sd_event_add_time_relative(
698 &q
->timeout_event_source
,
699 clock_boottime_or_monotonic(),
700 SD_RESOLVED_QUERY_TIMEOUT_USEC
,
701 0, on_query_timeout
, q
);
705 (void) sd_event_source_set_description(q
->timeout_event_source
, "query-timeout");
707 q
->state
= DNS_TRANSACTION_PENDING
;
710 /* Start the transactions */
711 LIST_FOREACH(candidates_by_query
, c
, q
->candidates
) {
712 r
= dns_query_candidate_go(c
);
729 static void dns_query_accept(DnsQuery
*q
, DnsQueryCandidate
*c
) {
730 DnsTransactionState state
= DNS_TRANSACTION_NO_SERVERS
;
731 bool has_authenticated
= false, has_non_authenticated
= false;
732 DnssecResult dnssec_result_authenticated
= _DNSSEC_RESULT_INVALID
, dnssec_result_non_authenticated
= _DNSSEC_RESULT_INVALID
;
739 r
= dns_query_synthesize_reply(q
, &state
);
743 dns_query_complete(q
, state
);
747 if (c
->error_code
!= 0) {
748 /* If the candidate had an error condition of its own, start with that. */
749 state
= DNS_TRANSACTION_ERRNO
;
750 q
->answer
= dns_answer_unref(q
->answer
);
752 q
->answer_dnssec_result
= _DNSSEC_RESULT_INVALID
;
753 q
->answer_authenticated
= false;
754 q
->answer_errno
= c
->error_code
;
757 SET_FOREACH(t
, c
->transactions
) {
761 case DNS_TRANSACTION_SUCCESS
: {
762 /* We found a successfully reply, merge it into the answer */
763 r
= dns_answer_extend(&q
->answer
, t
->answer
);
767 q
->answer_rcode
= t
->answer_rcode
;
770 if (t
->answer_authenticated
) {
771 has_authenticated
= true;
772 dnssec_result_authenticated
= t
->answer_dnssec_result
;
774 has_non_authenticated
= true;
775 dnssec_result_non_authenticated
= t
->answer_dnssec_result
;
778 state
= DNS_TRANSACTION_SUCCESS
;
782 case DNS_TRANSACTION_NULL
:
783 case DNS_TRANSACTION_PENDING
:
784 case DNS_TRANSACTION_VALIDATING
:
785 case DNS_TRANSACTION_ABORTED
:
786 /* Ignore transactions that didn't complete */
790 /* Any kind of failure? Store the data away, if there's nothing stored yet. */
791 if (state
== DNS_TRANSACTION_SUCCESS
)
794 /* If there's already an authenticated negative reply stored, then prefer that over any unauthenticated one */
795 if (q
->answer_authenticated
&& !t
->answer_authenticated
)
798 q
->answer
= dns_answer_unref(q
->answer
);
799 q
->answer_rcode
= t
->answer_rcode
;
800 q
->answer_dnssec_result
= t
->answer_dnssec_result
;
801 q
->answer_authenticated
= t
->answer_authenticated
;
802 q
->answer_errno
= t
->answer_errno
;
809 if (state
== DNS_TRANSACTION_SUCCESS
) {
810 q
->answer_authenticated
= has_authenticated
&& !has_non_authenticated
;
811 q
->answer_dnssec_result
= q
->answer_authenticated
? dnssec_result_authenticated
: dnssec_result_non_authenticated
;
814 q
->answer_protocol
= c
->scope
->protocol
;
815 q
->answer_family
= c
->scope
->family
;
817 dns_search_domain_unref(q
->answer_search_domain
);
818 q
->answer_search_domain
= dns_search_domain_ref(c
->search_domain
);
820 r
= dns_query_synthesize_reply(q
, &state
);
824 dns_query_complete(q
, state
);
828 q
->answer_errno
= -r
;
829 dns_query_complete(q
, DNS_TRANSACTION_ERRNO
);
832 void dns_query_ready(DnsQuery
*q
) {
834 DnsQueryCandidate
*bad
= NULL
, *c
;
835 bool pending
= false;
838 assert(DNS_TRANSACTION_IS_LIVE(q
->state
));
840 /* Note that this call might invalidate the query. Callers
841 * should hence not attempt to access the query or transaction
842 * after calling this function, unless the block_ready
843 * counter was explicitly bumped before doing so. */
845 if (q
->block_ready
> 0)
848 LIST_FOREACH(candidates_by_query
, c
, q
->candidates
) {
849 DnsTransactionState state
;
851 state
= dns_query_candidate_state(c
);
854 case DNS_TRANSACTION_SUCCESS
:
855 /* One of the candidates is successful,
856 * let's use it, and copy its data out */
857 dns_query_accept(q
, c
);
860 case DNS_TRANSACTION_NULL
:
861 case DNS_TRANSACTION_PENDING
:
862 case DNS_TRANSACTION_VALIDATING
:
863 /* One of the candidates is still going on,
864 * let's maybe wait for it */
869 /* Any kind of failure */
878 dns_query_accept(q
, bad
);
881 static int dns_query_cname_redirect(DnsQuery
*q
, const DnsResourceRecord
*cname
) {
882 _cleanup_(dns_question_unrefp
) DnsQuestion
*nq_idna
= NULL
, *nq_utf8
= NULL
;
887 q
->n_cname_redirects
++;
888 if (q
->n_cname_redirects
> CNAME_MAX
)
891 r
= dns_question_cname_redirect(q
->question_idna
, cname
, &nq_idna
);
895 log_debug("Following CNAME/DNAME %s → %s.", dns_question_first_name(q
->question_idna
), dns_question_first_name(nq_idna
));
897 k
= dns_question_is_equal(q
->question_idna
, q
->question_utf8
);
901 /* Same question? Shortcut new question generation */
902 nq_utf8
= dns_question_ref(nq_idna
);
905 k
= dns_question_cname_redirect(q
->question_utf8
, cname
, &nq_utf8
);
909 log_debug("Following UTF8 CNAME/DNAME %s → %s.", dns_question_first_name(q
->question_utf8
), dns_question_first_name(nq_utf8
));
912 if (r
== 0 && k
== 0) /* No actual cname happened? */
915 if (q
->answer_protocol
== DNS_PROTOCOL_DNS
)
916 /* Don't permit CNAME redirects from unicast DNS to LLMNR or MulticastDNS, so that global resources
917 * cannot invade the local namespace. The opposite way we permit: local names may redirect to global
919 q
->flags
&= ~(SD_RESOLVED_LLMNR
|SD_RESOLVED_MDNS
); /* mask away the local protocols */
921 /* Turn off searching for the new name */
922 q
->flags
|= SD_RESOLVED_NO_SEARCH
;
924 dns_question_unref(q
->question_idna
);
925 q
->question_idna
= TAKE_PTR(nq_idna
);
927 dns_question_unref(q
->question_utf8
);
928 q
->question_utf8
= TAKE_PTR(nq_utf8
);
930 dns_query_free_candidates(q
);
931 dns_query_reset_answer(q
);
933 q
->state
= DNS_TRANSACTION_NULL
;
938 int dns_query_process_cname(DnsQuery
*q
) {
939 _cleanup_(dns_resource_record_unrefp
) DnsResourceRecord
*cname
= NULL
;
940 DnsQuestion
*question
;
941 DnsResourceRecord
*rr
;
946 if (!IN_SET(q
->state
, DNS_TRANSACTION_SUCCESS
, DNS_TRANSACTION_NULL
))
947 return DNS_QUERY_NOMATCH
;
949 question
= dns_query_question_for_protocol(q
, q
->answer_protocol
);
951 DNS_ANSWER_FOREACH(rr
, q
->answer
) {
952 r
= dns_question_matches_rr(question
, rr
, DNS_SEARCH_DOMAIN_NAME(q
->answer_search_domain
));
956 return DNS_QUERY_MATCH
; /* The answer matches directly, no need to follow cnames */
958 r
= dns_question_matches_cname_or_dname(question
, rr
, DNS_SEARCH_DOMAIN_NAME(q
->answer_search_domain
));
962 cname
= dns_resource_record_ref(rr
);
966 return DNS_QUERY_NOMATCH
; /* No match and no cname to follow */
968 if (q
->flags
& SD_RESOLVED_NO_CNAME
)
971 if (!q
->answer_authenticated
)
972 q
->previous_redirect_unauthenticated
= true;
974 /* OK, let's actually follow the CNAME */
975 r
= dns_query_cname_redirect(q
, cname
);
979 /* Let's see if the answer can already answer the new
980 * redirected question */
981 r
= dns_query_process_cname(q
);
982 if (r
!= DNS_QUERY_NOMATCH
)
985 /* OK, it cannot, let's begin with the new query */
990 return DNS_QUERY_RESTARTED
; /* We restarted the query for a new cname */
993 DnsQuestion
* dns_query_question_for_protocol(DnsQuery
*q
, DnsProtocol protocol
) {
998 case DNS_PROTOCOL_DNS
:
999 return q
->question_idna
;
1001 case DNS_PROTOCOL_MDNS
:
1002 case DNS_PROTOCOL_LLMNR
:
1003 return q
->question_utf8
;
1010 const char *dns_query_string(DnsQuery
*q
) {
1014 /* Returns a somewhat useful human-readable lookup key string for this query */
1016 if (q
->request_address_string
)
1017 return q
->request_address_string
;
1019 if (q
->request_address_valid
) {
1020 r
= in_addr_to_string(q
->request_family
, &q
->request_address
, &q
->request_address_string
);
1022 return q
->request_address_string
;
1025 name
= dns_question_first_name(q
->question_utf8
);
1029 return dns_question_first_name(q
->question_idna
);
1032 bool dns_query_fully_authenticated(DnsQuery
*q
) {
1035 return q
->answer_authenticated
&& !q
->previous_redirect_unauthenticated
;