resolved: allow cache responses from local DNS servers

diff --git a/man/resolved.conf.xml b/man/resolved.conf.xml
index 35a5740c914a809e7b40850b70d6c2a3156c68fd..3fdf5de58b0f543526467e7e247e2af48dcfff4b 100644 (file)
--- a/man/resolved.conf.xml
+++ b/man/resolved.conf.xml
@@ -251,8 +251,16 @@
         request. Be aware that turning off caching comes at a performance penalty, which is particularly high
         when DNSSEC is used. If <literal>no-negative</literal>, only positive answers are cached.</para>
 
-        <para>Note that caching is turned off implicitly if the configured DNS server is on a host-local IP address
-        (such as 127.0.0.1 or ::1), in order to avoid duplicate local caching.</para></listitem>
+        <para>Note that caching is turned off by default for host-local DNS servers.
+        See <varname>CacheFromLocalhost=</varname> for details.</para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><varname>CacheFromLocalhost=</varname></term>
+        <listitem><para>Takes a boolean as argument. If <literal>no</literal> (the default), and response cames from
+        host-local IP address (such as 127.0.0.1 or ::1), the result wouldn't be cached in order to avoid
+        potential duplicate local caching.</para>
+        </listitem>
       </varlistentry>
 
       <varlistentry>

diff --git a/src/resolve/resolved-dns-packet.h b/src/resolve/resolved-dns-packet.h
index 7d6ee2bc4c11fb1a007cb4efe2d430ed7e73f7f9..0c804d6d2bef62d018d46e851481d09bde569267 100644 (file)
--- a/src/resolve/resolved-dns-packet.h
+++ b/src/resolve/resolved-dns-packet.h
@@ -221,14 +221,6 @@ void dns_packet_rewind(DnsPacket *p, size_t idx);
 int dns_packet_skip_question(DnsPacket *p);
 int dns_packet_extract(DnsPacket *p);
 
-static inline bool DNS_PACKET_SHALL_CACHE(DnsPacket *p) {
-        /* Never cache data originating from localhost, under the
-         * assumption, that it's coming from a locally DNS forwarder
-         * or server, that is caching on its own. */
-
-        return in_addr_is_localhost(p->family, &p->sender) == 0;
-}
-
 /* https://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml#dns-parameters-6 */
 enum {
         DNS_RCODE_SUCCESS = 0,

diff --git a/src/resolve/resolved-dns-transaction.c b/src/resolve/resolved-dns-transaction.c
index 1b8bead7c35a72dea7776e08a9911b30a77e4b63..7a2d8723a0d9c468bacce71838a62a07afc83f90 100644 (file)
--- a/src/resolve/resolved-dns-transaction.c
+++ b/src/resolve/resolved-dns-transaction.c
@@ -682,11 +682,9 @@ static void dns_transaction_cache_answer(DnsTransaction *t) {
         if (t->scope->manager->enable_cache == DNS_CACHE_MODE_NO)
                 return;
 
-        /* We never cache if this packet is from the local host, under
-         * the assumption that a locally running DNS server would
-         * cache this anyway, and probably knows better when to flush
-         * the cache then we could. */
-        if (!DNS_PACKET_SHALL_CACHE(t->received))
+        /* Packet from localhost? */
+        if (!t->scope->manager->cache_from_localhost &&
+            in_addr_is_localhost(t->received->family, &t->received->sender) != 0)
                 return;
 
         dns_cache_put(&t->scope->cache,

diff --git a/src/resolve/resolved-dns-transaction.h b/src/resolve/resolved-dns-transaction.h
index 88b0d8eab9fae3bf3a95353e2cdebec92664ae4f..7f0b8e784723b66a24134debf7c30ffa5bb4b7f5 100644 (file)
--- a/src/resolve/resolved-dns-transaction.h
+++ b/src/resolve/resolved-dns-transaction.h
@@ -2,6 +2,7 @@
 #pragma once
 
 #include "sd-event.h"
+#include "in-addr-util.h"
 
 typedef struct DnsTransaction DnsTransaction;
 typedef enum DnsTransactionState DnsTransactionState;

diff --git a/src/resolve/resolved-gperf.gperf b/src/resolve/resolved-gperf.gperf
index b54fa1ba99bbf38c195264190deaffadfccb5820..2da273ab1e660f35d6822fc6c283cef6b37d257c 100644 (file)
--- a/src/resolve/resolved-gperf.gperf
+++ b/src/resolve/resolved-gperf.gperf
@@ -30,3 +30,4 @@ Resolve.DNSStubListener,           config_parse_dns_stub_listener_mode,  0,
 Resolve.ReadEtcHosts,              config_parse_bool,                    0,                   offsetof(Manager, read_etc_hosts)
 Resolve.ResolveUnicastSingleLabel, config_parse_bool,                    0,                   offsetof(Manager, resolve_unicast_single_label)
 Resolve.DNSStubListenerExtra,      config_parse_dns_stub_listener_extra, 0,                   offsetof(Manager, dns_extra_stub_listeners)
+Resolve.CacheFromLocalhost,        config_parse_bool,                    0,                   offsetof(Manager, cache_from_localhost)

diff --git a/src/resolve/resolved-manager.h b/src/resolve/resolved-manager.h
index 20afab05fdf28d6843aca78dc80f0ce009f8a7e5..739683cbb5276812636004c63e8765e575583798 100644 (file)
--- a/src/resolve/resolved-manager.h
+++ b/src/resolve/resolved-manager.h
@@ -39,6 +39,7 @@ struct Manager {
         DnssecMode dnssec_mode;
         DnsOverTlsMode dns_over_tls_mode;
         DnsCacheMode enable_cache;
+        bool cache_from_localhost;
         DnsStubListenerMode dns_stub_listener_mode;
 
 #if ENABLE_DNS_OVER_TLS

diff --git a/src/resolve/resolved.conf.in b/src/resolve/resolved.conf.in
index 93279b3dff1a860e9acfd07c50d23f4765c1255f..e1d06c0fb19067290b4fbbc3fb2a7e41bf76d72a 100644 (file)
--- a/src/resolve/resolved.conf.in
+++ b/src/resolve/resolved.conf.in
@@ -24,6 +24,7 @@
 #MulticastDNS=@DEFAULT_MDNS_MODE@
 #LLMNR=@DEFAULT_LLMNR_MODE@
 #Cache=yes
+#CacheFromLocalhost=no
 #DNSStubListener=yes
 #DNSStubListenerExtra=
 #ReadEtcHosts=yes

diff --git a/test/fuzz/fuzz-unit-file/directives.service b/test/fuzz/fuzz-unit-file/directives.service
index 30ce98687a4a132d5a1d71568c5029246f6c036f..464496e25753607edb88bfcbfc07847f95682684 100644 (file)
--- a/test/fuzz/fuzz-unit-file/directives.service
+++ b/test/fuzz/fuzz-unit-file/directives.service
@@ -374,6 +374,7 @@ Bond=
 Bridge=
 Broadcast=
 Cache=
+CacheFromLocalhost=
 ClientIdentifier=
 ConfigureWithoutCarrier=
 CopyDSCP=