From: Tad Fisher <tadfisher@gmail.com>
Date: Fri, 6 Oct 2023 20:52:07 +0000 (-0700)
Subject: resolve: use exact-match domain as routing domain for single-labels
X-Git-Tag: v255-rc2~106
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=4ca7c94e1646d180dfa56d3dc0d0f338ff49d2ae;p=thirdparty%2Fsystemd.git

resolve: use exact-match domain as routing domain for single-labels

With ResolveUnicastSingleLabel=yes, a scope's search domains are affixed to the
query even when a routing domain matches the single-label query name,
preventing the use of dotless single-label domains entirely.

This changes dns_scope_name_wants_search_domain() to return false when the
scope contains an exact match of the single-label name in the query, allowing
lookups for dotless domains with ResolveUnicastSingleLabel enabled.
---

diff --git a/src/resolve/resolved-dns-scope.c b/src/resolve/resolved-dns-scope.c
index cd5945eb000..d9d8acfd25e 100644
--- a/src/resolve/resolved-dns-scope.c
+++ b/src/resolve/resolved-dns-scope.c
@@ -1365,7 +1365,17 @@ bool dns_scope_name_wants_search_domain(DnsScope *s, const char *name) {
         if (s->protocol != DNS_PROTOCOL_DNS)
                 return false;
 
-        return dns_name_is_single_label(name);
+        if (!dns_name_is_single_label(name))
+                return false;
+
+        /* If we allow single-label domain lookups on unicast DNS, and this scope has a search domain that matches
+         * _exactly_ this name, then do not use search domains. */
+        if (s->manager->resolve_unicast_single_label)
+                LIST_FOREACH(domains, d, dns_scope_get_search_domains(s))
+                        if (dns_name_equal(name, d->name) > 0)
+                                return false;
+
+        return true;
 }
 
 bool dns_scope_network_good(DnsScope *s) {