resolved: don't accept doing queries for invalid RR types

diff --git a/src/resolve/resolved-dns-transaction.c b/src/resolve/resolved-dns-transaction.c
index 00ecd3d11e62d14c3959a387442da4f67a769d24..1dcd2c78c0d068e9e37442542625088f57c8b0e8 100644 (file)
--- a/src/resolve/resolved-dns-transaction.c
+++ b/src/resolve/resolved-dns-transaction.c
@@ -106,6 +106,14 @@ int dns_transaction_new(DnsTransaction **ret, DnsScope *s, DnsResourceKey *key)
         assert(s);
         assert(key);
 
+        /* Don't allow looking up invalid or pseudo RRs */
+        if (IN_SET(key->type, DNS_TYPE_OPT, 0, DNS_TYPE_TSIG, DNS_TYPE_TKEY))
+                return -EINVAL;
+
+        /* We only support the IN class */
+        if (key->class != DNS_CLASS_IN)
+                return -EOPNOTSUPP;
+
         r = hashmap_ensure_allocated(&s->manager->dns_transactions, NULL);
         if (r < 0)
                 return r;