resolved: maintain only a single list of "dont-resolve" domain names

Follow-up for: 46b53e8035fb60c9a7f26dd32d6689ab3b7da97c

diff --git a/src/resolve/resolved-dns-scope.c b/src/resolve/resolved-dns-scope.c
index 7fb571ee20cf14ef4456da08f68e4713377462c2..c3a2e2fc60519bcb1d1f13e963eca45d9a3644dc 100644 (file)
--- a/src/resolve/resolved-dns-scope.c
+++ b/src/resolve/resolved-dns-scope.c
@@ -624,14 +624,8 @@ DnsScopeMatch dns_scope_good_domain(
             dns_name_equal(domain, "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa") > 0)
                 return DNS_SCOPE_NO;
 
-        /* Never respond to some of the domains listed in RFC6303 */
-        if (dns_name_endswith(domain, "0.in-addr.arpa") > 0 ||
-            dns_name_equal(domain, "255.255.255.255.in-addr.arpa") > 0 ||
-            dns_name_equal(domain, "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa") > 0)
-                return DNS_SCOPE_NO;
-
-        /* Never respond to some of the domains listed in RFC6761 */
-        if (dns_name_endswith(domain, "invalid") > 0)
+        /* Never respond to some of the domains listed in RFC6303 + RFC6761 */
+        if (dns_name_dont_resolve(domain))
                 return DNS_SCOPE_NO;
 
         /* Never go to network for the _gateway or _outbound domain — they're something special, synthesized locally. */

diff --git a/src/resolve/resolved-dns-synthesize.c b/src/resolve/resolved-dns-synthesize.c
index 0914515fdfb29a8da00fe42e56f053596ab99174..9712322a0abccfb596a4dcaf8bb24672322fe8c2 100644 (file)
--- a/src/resolve/resolved-dns-synthesize.c
+++ b/src/resolve/resolved-dns-synthesize.c
@@ -397,11 +397,8 @@ int dns_synthesize_answer(
                 if (dns_name_is_empty(name)) {
                         /* Do nothing. */
 
-                } else if (dns_name_endswith(name, "0.in-addr.arpa") > 0 ||
-                           dns_name_equal(name, "255.255.255.255.in-addr.arpa") > 0 ||
-                           dns_name_equal(name, "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa") > 0 ||
-                           dns_name_endswith(name, "invalid") > 0) {
-
+                } else if (dns_name_dont_resolve(name)) {
+                        /* Synthesize NXDOMAIN for some of the domains in RFC6303 + RFC6761 */
                         nxdomain = true;
                         continue;
 

diff --git a/src/shared/dns-domain.c b/src/shared/dns-domain.c
index f54b187a1b9f2c842f39dc5ea2ae67eb93bcd7a9..48395fea24e507eb1f8af165e3b9d1bbaaa89849 100644 (file)
--- a/src/shared/dns-domain.c
+++ b/src/shared/dns-domain.c
@@ -1415,3 +1415,18 @@ int dns_name_dot_suffixed(const char *name) {
                         return false;
         }
 }
+
+bool dns_name_dont_resolve(const char *name) {
+
+        /* Never respond to some of the domains listed in RFC6303 */
+        if (dns_name_endswith(name, "0.in-addr.arpa") > 0 ||
+            dns_name_equal(name, "255.255.255.255.in-addr.arpa") > 0 ||
+            dns_name_equal(name, "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa") > 0)
+                return true;
+
+        /* Never respond to some of the domains listed in RFC6761 */
+        if (dns_name_endswith(name, "invalid") > 0)
+                return true;
+
+        return false;
+}

diff --git a/src/shared/dns-domain.h b/src/shared/dns-domain.h
index 24bf00bd58b79c076ad8694cd6ede2ed0f3c4eec..e5f3d4d9e729dd820baa4cfcc93231b742c94c9f 100644 (file)
--- a/src/shared/dns-domain.h
+++ b/src/shared/dns-domain.h
@@ -103,3 +103,5 @@ int dns_name_apply_idna(const char *name, char **ret);
 int dns_name_is_valid_or_address(const char *name);
 
 int dns_name_dot_suffixed(const char *name);
+
+bool dns_name_dont_resolve(const char *name);