git.ipfire.org Git - thirdparty/systemd.git/commit

author	Lennart Poettering <lennart@poettering.net>
	Mon, 22 Mar 2021 17:27:46 +0000 (18:27 +0100)
committer	Lennart Poettering <lennart@poettering.net>
	Mon, 22 Mar 2021 17:40:06 +0000 (18:40 +0100)
commit	1a71fe4ee5248140f2395a7daedfad8f8b9ad291
tree	f52bfa45c081dab523921f411263fa8103d21a79	tree \| snapshot
parent	4cba52cc7a2191d0b38e605801c60d8648bc67e2	commit \| diff

resolved: don't accept responses to query unless they completely answer our questions

When we checking if the responses we collected for a DnsQuery are
sufficient to complete it we previously only check if one of the
collected response RRs matches at least one of the question RR keys.

This changes the logic to require that there must be at least one
response RR matched *each* of the question RR keys before considering
the answer complete.

Otherwise we might end up accepting an A reply as complete answer for an
A/AAAA query and vice versa, but we want to make sure we wait until we
get a reply on both types before returning this to the user in all
cases.

This has been broken for basically forever, but didn't surface until
b1eea703e01da1e280e179fb119449436a0c9b8e since until then we'd basically
ignore the auxiliary RRs included in CNAME/DNAME replies. Once that
commit was made we'd start using the auxiliary RRs included in
CNAME/DNAME replies but those typically included only A or only AAAA
which we then took for complete.

Fixe: #19049

src/resolve/resolved-dns-query.c		diff \| blob \| blame \| history
src/resolve/resolved-dns-query.h		diff \| blob \| blame \| history