resolved: never route DNSSEC traffic to LLMNR/mDNS

LLMNR/mDNS don't support DNSSEC, hence there's no point in routing any
lookups asking for DNSSEC there.

This speeds up looking up DNSSEC RRs for top-level domains, since we
don't have to wait for LLMNR to complete.

diff --git a/src/resolve/resolved-dns-scope.c b/src/resolve/resolved-dns-scope.c
index cee93a2c04a79a7b2bdebee30a5e053d41cb6c21..d8e4f6fee6dfbf3bea3407134a279f3bb4f7b2f2 100644 (file)
--- a/src/resolve/resolved-dns-scope.c
+++ b/src/resolve/resolved-dns-scope.c
@@ -671,6 +671,10 @@ bool dns_scope_good_key(DnsScope *s, const DnsResourceKey *key) {
                 return !dns_name_is_root(name);
         }
 
+        /* Never route DNSSEC RR queries to LLMNR/mDNS scopes */
+        if (dns_type_is_dnssec(key->type))
+                return false;
+
         /* On mDNS and LLMNR, send A and AAAA queries only on the respective scopes */
 
         key_family = dns_type_to_af(key->type);