Merge pull request #22414 from yuwata/resolve-synthesize-empty-domain-follow-up

resolve: follow-up for synthesizing empty name
2026-03-06 15:02:31 -08:00 · 2022-02-23 09:10:49 +01:00
parent 8ac9ec4d5c 30fa3aa1fa
commit 5bb309722d
3 changed files with 39 additions and 32 deletions
--- a/src/resolve/resolved-dns-query.c
+++ b/src/resolve/resolved-dns-query.c
@@ -737,18 +737,9 @@ int dns_query_go(DnsQuery *q) {

        LIST_FOREACH(scopes, s, q->manager->dns_scopes) {
                DnsScopeMatch match;
-                const char *name;
-
-                name = dns_question_first_name(dns_query_question_for_protocol(q, s->protocol));
-                if (!name)
-                        continue;
-
-                match = dns_scope_good_domain(s, q->ifindex, q->flags, name);
-                if (match < 0) {
-                        log_debug("Couldn't check if '%s' matches against scope, ignoring.", name);
-                        continue;
-                }

+                match = dns_scope_good_domain(s, q);
+                assert(match >= 0);
                if (match > found) { /* Does this match better? If so, remember how well it matched, and the first one
                                      * that matches this well */
                        found = match;
@@ -773,18 +764,9 @@ int dns_query_go(DnsQuery *q) {

        LIST_FOREACH(scopes, s, first->scopes_next) {
                DnsScopeMatch match;
-                const char *name;
-
-                name = dns_question_first_name(dns_query_question_for_protocol(q, s->protocol));
-                if (!name)
-                        continue;
-
-                match = dns_scope_good_domain(s, q->ifindex, q->flags, name);
-                if (match < 0) {
-                        log_debug("Couldn't check if '%s' matches against scope, ignoring.", name);
-                        continue;
-                }

+                match = dns_scope_good_domain(s, q);
+                assert(match >= 0);
                if (match < found)
                        continue;

--- a/src/resolve/resolved-dns-scope.c
+++ b/src/resolve/resolved-dns-scope.c
@@ -584,11 +584,13 @@ static DnsScopeMatch match_subnet_reverse_lookups(

 DnsScopeMatch dns_scope_good_domain(
                DnsScope *s,
-                int ifindex,
-                uint64_t flags,
-                const char *domain) {
+                DnsQuery *q) {

+        DnsQuestion *question;
        DnsSearchDomain *d;
+        const char *domain;
+        uint64_t flags;
+        int ifindex;

        /* This returns the following return values:
         *
@@ -602,7 +604,18 @@ DnsScopeMatch dns_scope_good_domain(
         */

        assert(s);
-        assert(domain);
+        assert(q);
+
+        question = dns_query_question_for_protocol(q, s->protocol);
+        if (!question)
+                return DNS_SCOPE_NO;
+
+        domain = dns_question_first_name(question);
+        if (!domain)
+                return DNS_SCOPE_NO;
+
+        ifindex = q->ifindex;
+        flags = q->flags;

        /* Checks if the specified domain is something to look up on this scope. Note that this accepts
         * non-qualified hostnames, i.e. those without any search path suffixed. */
@@ -613,10 +626,6 @@ DnsScopeMatch dns_scope_good_domain(
        if ((SD_RESOLVED_FLAGS_MAKE(s->protocol, s->family, false, false) & flags) == 0)
                return DNS_SCOPE_NO;

-        /* Never resolve empty name. */
-        if (dns_name_is_empty(domain))
-                return DNS_SCOPE_NO;
-
        /* Never resolve any loopback hostname or IP address via DNS, LLMNR or mDNS. Instead, always rely on
         * synthesized RRs for these. */
        if (is_localhost(domain) ||
@@ -639,6 +648,22 @@ DnsScopeMatch dns_scope_good_domain(
                DnsScopeMatch m;
                int n_best = -1;

+                if (dns_name_is_empty(domain)) {
+                        DnsResourceKey *t;
+                        bool found = false;
+
+                        /* Refuse empty name if only A and/or AAAA records are requested. */
+
+                        DNS_QUESTION_FOREACH(t, question)
+                                if (!IN_SET(t->type, DNS_TYPE_A, DNS_TYPE_AAAA)) {
+                                        found = true;
+                                        break;
+                                }
+
+                        if (!found)
+                                return DNS_SCOPE_NO;
+                }
+
                /* Never route things to scopes that lack DNS servers */
                if (!dns_scope_get_dns_server(s))
                        return DNS_SCOPE_NO;
--- a/src/resolve/resolved-dns-scope.h
+++ b/src/resolve/resolved-dns-scope.h
@@ -10,7 +10,7 @@ typedef struct DnsScope DnsScope;
 #include "resolved-dns-cache.h"
 #include "resolved-dns-dnssec.h"
 #include "resolved-dns-packet.h"
-
+#include "resolved-dns-query.h"
 #include "resolved-dns-search-domain.h"
 #include "resolved-dns-server.h"
 #include "resolved-dns-stream.h"
@@ -76,7 +76,7 @@ int dns_scope_emit_udp(DnsScope *s, int fd, int af, DnsPacket *p);
 int dns_scope_socket_tcp(DnsScope *s, int family, const union in_addr_union *address, DnsServer *server, uint16_t port, union sockaddr_union *ret_socket_address);
 int dns_scope_socket_udp(DnsScope *s, DnsServer *server);

-DnsScopeMatch dns_scope_good_domain(DnsScope *s, int ifindex, uint64_t flags, const char *domain);
+DnsScopeMatch dns_scope_good_domain(DnsScope *s, DnsQuery *q);
 bool dns_scope_good_key(DnsScope *s, const DnsResourceKey *key);

 DnsServer *dns_scope_get_dns_server(DnsScope *s);