resolved: never respond to .alt pseudo-TLD.

From RFC 9476: Because names beneath .alt are in an alternative namespace, they have no significance in the regular DNS context. DNS stub and recursive resolvers do not need to look them up in the DNS context. See: https://datatracker.ietf.org/doc/html/rfc9476#name-the-alt-namespace
2026-03-06 15:02:31 -08:00 · 2023-09-27 19:39:52 +01:00
parent b92abd712e
commit bdf58b47c3
2 changed files with 5 additions and 0 deletions
--- a/src/shared/dns-domain.c
+++ b/src/shared/dns-domain.c
@@ -1413,5 +1413,9 @@ bool dns_name_dont_resolve(const char *name) {
        if (dns_name_endswith(name, "invalid") > 0)
                return true;

+        /* Never respond to some of the domains listed in RFC9476 */
+        if (dns_name_endswith(name, "alt") > 0)
+                return true;
+
        return false;
 }
--- a/test/units/testsuite-75.sh
+++ b/test/units/testsuite-75.sh
@@ -317,6 +317,7 @@ FILTERED_NAMES=(
    "255.255.255.255.in-addr.arpa"
    "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa"
    "hello.invalid"
+    "hello.alt"
 )

 for name in "${FILTERED_NAMES[@]}"; do