diff --git a/src/resolve/resolved-dns-stub.c b/src/resolve/resolved-dns-stub.c index 02ac29dbb9d..8f3349cbce7 100644 --- a/src/resolve/resolved-dns-stub.c +++ b/src/resolve/resolved-dns-stub.c @@ -684,27 +684,13 @@ static void dns_stub_query_complete(DnsQuery *q) { } } + /* Note that we don't bother with following CNAMEs here. We propagate the authoritative/additional + * sections from the upstream answer however, hence if the upstream server collected that information + * already we don't have to collect it ourselves anymore. */ + switch (q->state) { case DNS_TRANSACTION_SUCCESS: - /* Follow CNAMEs, and accumulate answers. Except if DNSSEC is requested, then let the client do that. */ - if (!DNS_PACKET_DO(q->request_packet)) { - r = dns_query_process_cname(q); - if (r == -ELOOP) { /* CNAME loop */ - (void) dns_stub_send_reply(q, DNS_RCODE_SERVFAIL); - break; - } - if (r < 0) { - log_debug_errno(r, "Failed to process CNAME: %m"); - break; - } - if (r == DNS_QUERY_RESTARTED) - return; - } - - (void) dns_stub_send_reply(q, q->answer_rcode); - break; - case DNS_TRANSACTION_RCODE_FAILURE: (void) dns_stub_send_reply(q, q->answer_rcode); break; @@ -843,7 +829,8 @@ static void dns_stub_process_query(Manager *m, DnsStubListenerExtra *l, DnsStrea r = dns_query_new(m, &q, p->question, p->question, NULL, 0, SD_RESOLVED_PROTOCOLS_ALL| SD_RESOLVED_NO_SEARCH| - (DNS_PACKET_DO(p) ? SD_RESOLVED_NO_CNAME|SD_RESOLVED_REQUIRE_PRIMARY : 0)| + SD_RESOLVED_NO_CNAME| + (DNS_PACKET_DO(p) ? SD_RESOLVED_REQUIRE_PRIMARY : 0)| SD_RESOLVED_CLAMP_TTL); if (r < 0) { log_error_errno(r, "Failed to generate query object: %m");