1
0
mirror of https://github.com/systemd/systemd.git synced 2024-12-27 07:22:31 +03:00

resolved: partially revert 5eefe54

Quoting @teg:

"Contrary to what the comment said, we always verify redirect chains in
full, and cache all the CNAME records. There is therefore no need to
do extra negative caching along a CNAME chain."

This simply steals @teg's commit since we'll touch the SOA matching case
in a later patch, and rather want this bit gone, so that we don't have
to "fix" it, only to remove it later on.
This commit is contained in:
Lennart Poettering 2015-12-09 17:32:47 +01:00
parent c52a97b896
commit 0bb4749d1f

View File

@ -489,31 +489,6 @@ int dns_cache_put(
if (r == 0)
return 0;
/* Also, if the requested key is an alias, the negative response should
be cached for each name in the redirect chain. Any CNAME record in
the response is from the redirection chain, though only the final one
is guaranteed to be included. This means that we cannot verify the
chain and that we need to cache them all as it may be incomplete. */
for (i = 0; i < answer->n_rrs; i++) {
DnsResourceRecord *answer_rr = answer->items[i].rr;
if (answer_rr->key->type == DNS_TYPE_CNAME) {
_cleanup_(dns_resource_key_unrefp) DnsResourceKey *canonical_key = NULL;
canonical_key = dns_resource_key_new_redirect(key, answer_rr);
if (!canonical_key)
goto fail;
/* Let's not add negative cache entries for records outside the current zone. */
if (!dns_answer_match_soa(canonical_key, soa->key))
continue;
r = dns_cache_put_negative(c, canonical_key, rcode, authenticated, timestamp, MIN(soa->soa.minimum, soa->ttl), owner_family, owner_address);
if (r < 0)
goto fail;
}
}
r = dns_cache_put_negative(c, key, rcode, authenticated, timestamp, MIN(soa->soa.minimum, soa->ttl), owner_family, owner_address);
if (r < 0)
goto fail;