From: Lennart Poettering <lennart@poettering.net>
Date: Mon, 22 Feb 2021 20:32:13 +0000 (+0100)
Subject: resolved: don't follow CNAMEs in the stub anymore
X-Git-Tag: v248-rc1~3^2~5
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=2f4d8e577ca7bc51fb054b8c2c8dd57c2e188a41;p=thirdparty%2Fsystemd.git

resolved: don't follow CNAMEs in the stub anymore

CNAME following was broken by 775ae35403f8f3c01b7ac13387fe8aac1759993f
where we'd not properly collect RRs along the CNAME path. Good thing
though is that we don't have to anymore: since we nowadays propagate all
sections of the upstream replies into the cache and back to stub clients
all the information should already be available anyway, and there's no
need for us to collect it.

Fixes: #18690
---

diff --git a/src/resolve/resolved-dns-stub.c b/src/resolve/resolved-dns-stub.c
index 02ac29dbb9d..8f3349cbce7 100644
--- a/src/resolve/resolved-dns-stub.c
+++ b/src/resolve/resolved-dns-stub.c
@@ -684,27 +684,13 @@ static void dns_stub_query_complete(DnsQuery *q) {
                 }
         }
 
+        /* Note that we don't bother with following CNAMEs here. We propagate the authoritative/additional
+         * sections from the upstream answer however, hence if the upstream server collected that information
+         * already we don't have to collect it ourselves anymore. */
+
         switch (q->state) {
 
         case DNS_TRANSACTION_SUCCESS:
-                /* Follow CNAMEs, and accumulate answers. Except if DNSSEC is requested, then let the client do that. */
-                if (!DNS_PACKET_DO(q->request_packet)) {
-                        r = dns_query_process_cname(q);
-                        if (r == -ELOOP) { /* CNAME loop */
-                                (void) dns_stub_send_reply(q, DNS_RCODE_SERVFAIL);
-                                break;
-                        }
-                        if (r < 0) {
-                                log_debug_errno(r, "Failed to process CNAME: %m");
-                                break;
-                        }
-                        if (r == DNS_QUERY_RESTARTED)
-                                return;
-                }
-
-                (void) dns_stub_send_reply(q, q->answer_rcode);
-                break;
-
         case DNS_TRANSACTION_RCODE_FAILURE:
                 (void) dns_stub_send_reply(q, q->answer_rcode);
                 break;
@@ -843,7 +829,8 @@ static void dns_stub_process_query(Manager *m, DnsStubListenerExtra *l, DnsStrea
                 r = dns_query_new(m, &q, p->question, p->question, NULL, 0,
                                   SD_RESOLVED_PROTOCOLS_ALL|
                                   SD_RESOLVED_NO_SEARCH|
-                                  (DNS_PACKET_DO(p) ? SD_RESOLVED_NO_CNAME|SD_RESOLVED_REQUIRE_PRIMARY : 0)|
+                                  SD_RESOLVED_NO_CNAME|
+                                  (DNS_PACKET_DO(p) ? SD_RESOLVED_REQUIRE_PRIMARY : 0)|
                                   SD_RESOLVED_CLAMP_TTL);
         if (r < 0) {
                 log_error_errno(r, "Failed to generate query object: %m");