mirror of
https://github.com/systemd/systemd-stable.git
synced 2025-01-25 06:03:40 +03:00
resolved: partially revert 5eefe54
Quoting @teg: "Contrary to what the comment said, we always verify redirect chains in full, and cache all the CNAME records. There is therefore no need to do extra negative caching along a CNAME chain." This simply steals @teg's commit since we'll touch the SOA matching case in a later patch, and rather want this bit gone, so that we don't have to "fix" it, only to remove it later on.
This commit is contained in:
parent
c52a97b896
commit
0bb4749d1f
@ -489,31 +489,6 @@ int dns_cache_put(
|
||||
if (r == 0)
|
||||
return 0;
|
||||
|
||||
/* Also, if the requested key is an alias, the negative response should
|
||||
be cached for each name in the redirect chain. Any CNAME record in
|
||||
the response is from the redirection chain, though only the final one
|
||||
is guaranteed to be included. This means that we cannot verify the
|
||||
chain and that we need to cache them all as it may be incomplete. */
|
||||
for (i = 0; i < answer->n_rrs; i++) {
|
||||
DnsResourceRecord *answer_rr = answer->items[i].rr;
|
||||
|
||||
if (answer_rr->key->type == DNS_TYPE_CNAME) {
|
||||
_cleanup_(dns_resource_key_unrefp) DnsResourceKey *canonical_key = NULL;
|
||||
|
||||
canonical_key = dns_resource_key_new_redirect(key, answer_rr);
|
||||
if (!canonical_key)
|
||||
goto fail;
|
||||
|
||||
/* Let's not add negative cache entries for records outside the current zone. */
|
||||
if (!dns_answer_match_soa(canonical_key, soa->key))
|
||||
continue;
|
||||
|
||||
r = dns_cache_put_negative(c, canonical_key, rcode, authenticated, timestamp, MIN(soa->soa.minimum, soa->ttl), owner_family, owner_address);
|
||||
if (r < 0)
|
||||
goto fail;
|
||||
}
|
||||
}
|
||||
|
||||
r = dns_cache_put_negative(c, key, rcode, authenticated, timestamp, MIN(soa->soa.minimum, soa->ttl), owner_family, owner_address);
|
||||
if (r < 0)
|
||||
goto fail;
|
||||
|
Loading…
x
Reference in New Issue
Block a user