From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Sun, 16 Feb 2025 12:16:31 +0000 (+0900)
Subject: resolve: if both A and AAAA are refused, do not resolve address when resolving service
X-Git-Tag: v258-rc1~1289^2~5
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9ec25fba5a421d0b59dda9a59aa5b1b5da9f3c37;p=thirdparty%2Fsystemd.git

resolve: if both A and AAAA are refused, do not resolve address when resolving service

Similarly, set NO_TXT flag if TXT is filtered.

Follow-up for 81ae2237c1792943a1ec712ae2e630bcc592175b.
Fixes https://github.com/systemd/systemd/pull/36353#issuecomment-2659558382.
---

diff --git a/src/resolve/resolved-dns-query.c b/src/resolve/resolved-dns-query.c
index 5698511b805..45223283196 100644
--- a/src/resolve/resolved-dns-query.c
+++ b/src/resolve/resolved-dns-query.c
@@ -1484,5 +1484,16 @@ int validate_and_mangle_query_flags(
         if (name && FLAGS_SET(ok, SD_RESOLVED_NO_SEARCH) && dns_name_dot_suffixed(name) > 0)
                 *flags |= SD_RESOLVED_NO_SEARCH;
 
+        /* If both A and AAAA are refused, set SD_RESOLVED_NO_ADDRESS flag if it is allowed. */
+        if (set_contains(manager->refuse_record_types, INT_TO_PTR(DNS_TYPE_A)) &&
+            set_contains(manager->refuse_record_types, INT_TO_PTR(DNS_TYPE_AAAA)) &&
+            FLAGS_SET(ok, SD_RESOLVED_NO_ADDRESS))
+                *flags |= SD_RESOLVED_NO_ADDRESS;
+
+        /* Similarly, if TXT is refused, set SD_RESOLVED_NO_TXT flag if it is allowed. */
+        if (set_contains(manager->refuse_record_types, INT_TO_PTR(DNS_TYPE_TXT)) &&
+            FLAGS_SET(ok, SD_RESOLVED_NO_TXT))
+                *flags |= SD_RESOLVED_NO_TXT;
+
         return 0;
 }