git.ipfire.org Git - thirdparty/systemd.git/commit - src/resolve/resolved-dns-question.c

author	Tom Gundersen <teg@jklm.no>
	Wed, 2 Dec 2015 17:46:32 +0000 (18:46 +0100)
committer	Tom Gundersen <teg@jklm.no>
	Thu, 10 Dec 2015 16:04:42 +0000 (17:04 +0100)
commit	5d27351f8546530cf779847b0b04b0172c09f9d0
tree	62e92deaf7a4a8c604d4c9905d3b2c1e87ba082e	tree \| snapshot
parent	553947b77c3232d5795cbb2cd1129e74cb11c86d	commit \| diff

resolved: cache - do negative caching only on the canonical name

Apart from dropping redundant information, this fixes an issue
where, due to broken DNS servers, we can only be certain of whether
an apparent NODATA response is in fact an NXDOMAIN response after
explicitly resolving the canonical name. This issue is outlined in
RFC2308. Moreover, by caching NXDOMAIN for an existing name, we
would mistakenly return NXDOMAIN for types which should not be
redirected. I.e., a query for AAAA on test-nx-1.jklm.no correctly
returns NXDOMAIN, but a query for CNAME should return the record
and a query for DNAME should return NODATA.

Note that this means we will not cache an NXDOMAIN response in the
presence of redirection, meaning one redundant roundtrip in case the
name is queried again.

src/resolve/resolved-dns-answer.c		diff \| blob \| blame \| history
src/resolve/resolved-dns-answer.h		diff \| blob \| blame \| history
src/resolve/resolved-dns-cache.c		diff \| blob \| blame \| history
src/resolve/resolved-dns-question.c		diff \| blob \| blame \| history
src/resolve/resolved-dns-rr.c		diff \| blob \| blame \| history
src/resolve/resolved-dns-rr.h		diff \| blob \| blame \| history
src/resolve/resolved-dns-transaction.c		diff \| blob \| blame \| history