From: Lennart Poettering Date: Thu, 3 Feb 2022 16:16:11 +0000 (+0100) Subject: resolved: maintain only a single list of "dont-resolve" domain names X-Git-Tag: v251-rc1~359^2 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=f4526f82c9871196a03ab6ba3c6776b250796302;p=thirdparty%2Fsystemd.git resolved: maintain only a single list of "dont-resolve" domain names Follow-up for: 46b53e8035fb60c9a7f26dd32d6689ab3b7da97c --- diff --git a/src/resolve/resolved-dns-scope.c b/src/resolve/resolved-dns-scope.c index 7fb571ee20c..c3a2e2fc605 100644 --- a/src/resolve/resolved-dns-scope.c +++ b/src/resolve/resolved-dns-scope.c @@ -624,14 +624,8 @@ DnsScopeMatch dns_scope_good_domain( dns_name_equal(domain, "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa") > 0) return DNS_SCOPE_NO; - /* Never respond to some of the domains listed in RFC6303 */ - if (dns_name_endswith(domain, "0.in-addr.arpa") > 0 || - dns_name_equal(domain, "255.255.255.255.in-addr.arpa") > 0 || - dns_name_equal(domain, "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa") > 0) - return DNS_SCOPE_NO; - - /* Never respond to some of the domains listed in RFC6761 */ - if (dns_name_endswith(domain, "invalid") > 0) + /* Never respond to some of the domains listed in RFC6303 + RFC6761 */ + if (dns_name_dont_resolve(domain)) return DNS_SCOPE_NO; /* Never go to network for the _gateway or _outbound domain — they're something special, synthesized locally. */ diff --git a/src/resolve/resolved-dns-synthesize.c b/src/resolve/resolved-dns-synthesize.c index 0914515fdfb..9712322a0ab 100644 --- a/src/resolve/resolved-dns-synthesize.c +++ b/src/resolve/resolved-dns-synthesize.c @@ -397,11 +397,8 @@ int dns_synthesize_answer( if (dns_name_is_empty(name)) { /* Do nothing. */ - } else if (dns_name_endswith(name, "0.in-addr.arpa") > 0 || - dns_name_equal(name, "255.255.255.255.in-addr.arpa") > 0 || - dns_name_equal(name, "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa") > 0 || - dns_name_endswith(name, "invalid") > 0) { - + } else if (dns_name_dont_resolve(name)) { + /* Synthesize NXDOMAIN for some of the domains in RFC6303 + RFC6761 */ nxdomain = true; continue; diff --git a/src/shared/dns-domain.c b/src/shared/dns-domain.c index f54b187a1b9..48395fea24e 100644 --- a/src/shared/dns-domain.c +++ b/src/shared/dns-domain.c @@ -1415,3 +1415,18 @@ int dns_name_dot_suffixed(const char *name) { return false; } } + +bool dns_name_dont_resolve(const char *name) { + + /* Never respond to some of the domains listed in RFC6303 */ + if (dns_name_endswith(name, "0.in-addr.arpa") > 0 || + dns_name_equal(name, "255.255.255.255.in-addr.arpa") > 0 || + dns_name_equal(name, "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa") > 0) + return true; + + /* Never respond to some of the domains listed in RFC6761 */ + if (dns_name_endswith(name, "invalid") > 0) + return true; + + return false; +} diff --git a/src/shared/dns-domain.h b/src/shared/dns-domain.h index 24bf00bd58b..e5f3d4d9e72 100644 --- a/src/shared/dns-domain.h +++ b/src/shared/dns-domain.h @@ -103,3 +103,5 @@ int dns_name_apply_idna(const char *name, char **ret); int dns_name_is_valid_or_address(const char *name); int dns_name_dot_suffixed(const char *name); + +bool dns_name_dont_resolve(const char *name);