From: Lennart Poettering <lennart@poettering.net>
Date: Thu, 3 Dec 2015 20:03:00 +0000 (+0100)
Subject: resolved: when synthesizing NODATA from cached NSEC bitmaps, honour CNAME/DNAME
X-Git-Tag: v229~235^2~2
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=3ba27cd339d2de53fa34c1ec7242da50a1c047b7;p=thirdparty%2Fsystemd.git

resolved: when synthesizing NODATA from cached NSEC bitmaps, honour CNAME/DNAME

When an RR type is not set in an NSEC, then the CNAME/DNAME types might
still be, hence check them too.

Otherwise we might end up refusing resolving of CNAME'd RRs if we cached
an NSEC before.
---

diff --git a/src/resolve/resolved-dns-cache.c b/src/resolve/resolved-dns-cache.c
index 3abb0374b69..241187dd51d 100644
--- a/src/resolve/resolved-dns-cache.c
+++ b/src/resolve/resolved-dns-cache.c
@@ -636,7 +636,9 @@ int dns_cache_lookup(DnsCache *c, DnsResourceKey *key, int *rcode, DnsAnswer **r
                 *ret = NULL;
                 *rcode = DNS_RCODE_SUCCESS;
 
-                return !bitmap_isset(nsec->nsec.types, key->type);
+                return !bitmap_isset(nsec->nsec.types, key->type) &&
+                       !bitmap_isset(nsec->nsec.types, DNS_TYPE_CNAME) &&
+                       !bitmap_isset(nsec->nsec.types, DNS_TYPE_DNAME);
         }
 
         log_debug("%s cache hit for %s",