resolve: synthesize empty domain only when A and/or AAAA key is requested

Follow-up for 3b2ac14ac45bef01cf489c3231b868936866444b (#22231).

Before this commit.
---
$ dig -t SRV '.'

; <<>> DiG 9.16.24-RH <<>> -t SRV .
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16836
;; flags: qr aa rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;.				IN	SRV

;; Query time: 1 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Fri Feb 04 12:01:09 JST 2022
;; MSG SIZE  rcvd: 28
---

After this commit.
---
$ dig -t SRV '.'

; <<>> DiG 9.16.24-RH <<>> -t SRV .
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19861
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;.				IN	SRV

;; AUTHORITY SECTION:
.			86394	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2022020302 1800 900 604800 86400

;; Query time: 20 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Fri Feb 04 12:00:12 JST 2022
;; MSG SIZE  rcvd: 103
---

Fixes #22401.

diff --git a/src/resolve/resolved-dns-scope.c b/src/resolve/resolved-dns-scope.c
index 69101fb5a2ba06fca229f62ee462d6c84b7ea281..16c5e0094cdd0e0f3746558917ed2ce6efbe0d77 100644 (file)
--- a/src/resolve/resolved-dns-scope.c
+++ b/src/resolve/resolved-dns-scope.c
@@ -626,10 +626,6 @@ DnsScopeMatch dns_scope_good_domain(
         if ((SD_RESOLVED_FLAGS_MAKE(s->protocol, s->family, false, false) & flags) == 0)
                 return DNS_SCOPE_NO;
 
-        /* Never resolve empty name. */
-        if (dns_name_is_empty(domain))
-                return DNS_SCOPE_NO;
-
         /* Never resolve any loopback hostname or IP address via DNS, LLMNR or mDNS. Instead, always rely on
          * synthesized RRs for these. */
         if (is_localhost(domain) ||
@@ -652,6 +648,22 @@ DnsScopeMatch dns_scope_good_domain(
                 DnsScopeMatch m;
                 int n_best = -1;
 
+                if (dns_name_is_empty(domain)) {
+                        DnsResourceKey *t;
+                        bool found = false;
+
+                        /* Refuse empty name if only A and/or AAAA records are requested. */
+
+                        DNS_QUESTION_FOREACH(t, question)
+                                if (!IN_SET(t->type, DNS_TYPE_A, DNS_TYPE_AAAA)) {
+                                        found = true;
+                                        break;
+                                }
+
+                        if (!found)
+                                return DNS_SCOPE_NO;
+                }
+
                 /* Never route things to scopes that lack DNS servers */
                 if (!dns_scope_get_dns_server(s))
                         return DNS_SCOPE_NO;