From: Lennart Poettering Date: Tue, 3 Nov 2020 19:07:02 +0000 (+0100) Subject: resolved: never route DNSSEC traffic to LLMNR/mDNS X-Git-Tag: v248-rc1~150 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=73b6fc7770556ed08477bef7e2cd05a45986356d;p=thirdparty%2Fsystemd.git resolved: never route DNSSEC traffic to LLMNR/mDNS LLMNR/mDNS don't support DNSSEC, hence there's no point in routing any lookups asking for DNSSEC there. This speeds up looking up DNSSEC RRs for top-level domains, since we don't have to wait for LLMNR to complete. --- diff --git a/src/resolve/resolved-dns-scope.c b/src/resolve/resolved-dns-scope.c index cee93a2c04a..d8e4f6fee6d 100644 --- a/src/resolve/resolved-dns-scope.c +++ b/src/resolve/resolved-dns-scope.c @@ -671,6 +671,10 @@ bool dns_scope_good_key(DnsScope *s, const DnsResourceKey *key) { return !dns_name_is_root(name); } + /* Never route DNSSEC RR queries to LLMNR/mDNS scopes */ + if (dns_type_is_dnssec(key->type)) + return false; + /* On mDNS and LLMNR, send A and AAAA queries only on the respective scopes */ key_family = dns_type_to_af(key->type);