resolved: never respond to .alt pseudo-TLD.

From RFC 9476:

Because names beneath .alt are in an alternative namespace, they have no
significance in the regular DNS context. DNS stub and recursive
resolvers do not need to look them up in the DNS context.

See: https://datatracker.ietf.org/doc/html/rfc9476#name-the-alt-namespace

diff --git a/src/shared/dns-domain.c b/src/shared/dns-domain.c
index 7a2c5d60f47496a4e5af67af1e91c9ea0b796f36..60560654bd41c1e26627017a08f6eb4250a9529e 100644 (file)
--- a/src/shared/dns-domain.c
+++ b/src/shared/dns-domain.c
@@ -1413,5 +1413,9 @@ bool dns_name_dont_resolve(const char *name) {
         if (dns_name_endswith(name, "invalid") > 0)
                 return true;
 
+        /* Never respond to some of the domains listed in RFC9476 */
+        if (dns_name_endswith(name, "alt") > 0)
+                return true;
+
         return false;
 }

diff --git a/test/units/testsuite-75.sh b/test/units/testsuite-75.sh
index dbcb53d72b5edcfdb5736324f36d9e5caddb6b51..e039e4ebc20f734f4d2a8f6eeb09e9c3ac04c372 100755 (executable)
--- a/test/units/testsuite-75.sh
+++ b/test/units/testsuite-75.sh
@@ -317,6 +317,7 @@ FILTERED_NAMES=(
     "255.255.255.255.in-addr.arpa"
     "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa"
     "hello.invalid"
+    "hello.alt"
 )
 
 for name in "${FILTERED_NAMES[@]}"; do