]> git.ipfire.org Git - thirdparty/systemd.git/commit
projects / thirdparty / systemd.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 22f711b) | patch
resolved: rework how we allow allow queries to be dispatched to scopes
authorLennart Poettering <lennart@poettering.net>
Thu, 3 Dec 2015 17:26:12 +0000 (18:26 +0100)
committerLennart Poettering <lennart@poettering.net>
Thu, 3 Dec 2015 20:17:49 +0000 (21:17 +0100)
commit28b9b7640603f88cb49f95609331fa5072715f15
tree783bf5e750679fbb00fba97858d3d665c2992fbftree | snapshot
parent22f711bb6a1ca9ef20c1672a7fa077f5d3235d55commit | diff
resolved: rework how we allow allow queries to be dispatched to scopes

Previously, we'd never do any single-label or root domain lookups via
DNS, thus leaving single-label lookups to LLMNR and the search path
logic in order that single-label names don't leak too easily onto the
internet. With this change we open things up a bit, and only prohibit
A/AAAA lookups of single-label/root domains, but allow all other
lookups. This should provide similar protection, but allow us to resolve
DNSKEY+DS RRs for the top-level and root domains.

(This also simplifies handling of the search domain detection, and gets
rid of dns_scope_has_search_domains() in favour of
dns_scope_get_search_domains()).
src/resolve/resolved-dns-rr.c diff | blob | blame | history
src/resolve/resolved-dns-rr.h diff | blob | blame | history
src/resolve/resolved-dns-scope.c diff | blob | blame | history
src/resolve/resolved-dns-scope.h diff | blob | blame | history
Unnamed repository; edit this file 'description' to name the repository.