From: Bertrand Jacquin Date: Wed, 27 Sep 2023 18:39:52 +0000 (+0100) Subject: resolved: never respond to .alt pseudo-TLD. X-Git-Tag: v255-rc1~404 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=bdf58b47c3ef599a188c7c19a30d98de6d88da23;p=thirdparty%2Fsystemd.git resolved: never respond to .alt pseudo-TLD. From RFC 9476: Because names beneath .alt are in an alternative namespace, they have no significance in the regular DNS context. DNS stub and recursive resolvers do not need to look them up in the DNS context. See: https://datatracker.ietf.org/doc/html/rfc9476#name-the-alt-namespace --- diff --git a/src/shared/dns-domain.c b/src/shared/dns-domain.c index 7a2c5d60f47..60560654bd4 100644 --- a/src/shared/dns-domain.c +++ b/src/shared/dns-domain.c @@ -1413,5 +1413,9 @@ bool dns_name_dont_resolve(const char *name) { if (dns_name_endswith(name, "invalid") > 0) return true; + /* Never respond to some of the domains listed in RFC9476 */ + if (dns_name_endswith(name, "alt") > 0) + return true; + return false; } diff --git a/test/units/testsuite-75.sh b/test/units/testsuite-75.sh index dbcb53d72b5..e039e4ebc20 100755 --- a/test/units/testsuite-75.sh +++ b/test/units/testsuite-75.sh @@ -317,6 +317,7 @@ FILTERED_NAMES=( "255.255.255.255.in-addr.arpa" "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" "hello.invalid" + "hello.alt" ) for name in "${FILTERED_NAMES[@]}"; do