git.ipfire.org Git - thirdparty/systemd.git/commit

author	Benjamin Peterson <benjamin@python.org>
	Mon, 25 Sep 2023 14:23:27 +0000 (07:23 -0700)
committer	Lennart Poettering <lennart@poettering.net>
	Mon, 2 Oct 2023 14:47:36 +0000 (16:47 +0200)
commit	8ec951e8d5cdd3ad632b1cbd8bcbe21d68b17512
tree	15ddc9c0395a611665c5dd84d8cab4929cd440e8	tree \| snapshot
parent	015d19e3ac1886a15a0b3324a6a9196f4fd06e81	commit \| diff

resolve: tolerate merging a zero-ttl RR and a nonzero-ttl RR if not mDNS

resolved rejected RRsets containing a RR with a zero TTL and a RR with a nonzero TTL. In practice—see the linked issues—, this case triggered when an AF_UNSPEC query to a CNAMEd domain returned a zero TTL for the CNAME on one address family and a nonzero TTL for the CNAME on the other address family.

The zero-nonzero TTL check cites RFC 2181 § 5.2 in a comment. That section says DNS clients should reject any RRset containing differing TTLs, which the check only implements a very special case of. That the old behavior caused real-world false NXDOMAIN results is reason enough to completely ignore the RFC's recommendation. However, mDNS treats zero TTLs specially, so the error case needs to be kept for mDNS.

Fixes https://github.com/systemd/systemd/issues/22177
Fixes https://github.com/systemd/systemd/issues/20617
Fixes https://github.com/systemd/systemd/issues/19118

src/resolve/resolved-dns-answer.c		diff \| blob \| blame \| history
src/resolve/resolved-dns-answer.h		diff \| blob \| blame \| history
src/resolve/resolved-dns-packet.c		diff \| blob \| blame \| history
src/resolve/resolved-mdns.c		diff \| blob \| blame \| history