resolved: decrease mdns/llmnr priority for the reverse mapping domains

Previously all queries to the reverse mapping domains (in-addr.arpa and ip6.arpa) were considered to be in-scope for mdns and llmnr at the same priority as DNS. This caused sd-resolved to ignore NXDOMAIN responses from dns in favor of lengthy timeouts. This narrows the scope of mdns and llmnr so they are not invariably considered as fallbacks for these domains. Now, mdns/llmnr on a link will only be used as a fallback when there is no suitable DNS scope, and when that link is DefaultRoute.
2025-03-19 22:50:17 +03:00 · 2024-03-05 18:05:57 -07:00 · 2024-03-05 18:05:57 -07:00 · da920fe176
commit da920fe176
parent 74d142ff3a
2 changed files with 4 additions and 2 deletions
--- a/src/resolve/resolved-dns-scope.c
+++ b/src/resolve/resolved-dns-scope.c
@ -608,6 +608,7 @@ DnsScopeMatch dns_scope_good_domain(
        /* This returns the following return values:
         *
         *    DNS_SCOPE_NO         → This scope is not suitable for lookups of this domain, at all
+         *    DNS_SCOPE_LAST_RESORT→ This scope is not suitable, unless we have no alternative
         *    DNS_SCOPE_MAYBE      → This scope is suitable, but only if nothing else wants it
         *    DNS_SCOPE_YES_BASE+n → This scope is suitable, and 'n' suffix labels match
         *
@ -766,7 +767,7 @@ DnsScopeMatch dns_scope_good_domain(

                if ((s->family == AF_INET && dns_name_endswith(domain, "in-addr.arpa") > 0) ||
                    (s->family == AF_INET6 && dns_name_endswith(domain, "ip6.arpa") > 0))
-                        return DNS_SCOPE_MAYBE;
+                        return DNS_SCOPE_LAST_RESORT;

                if ((dns_name_endswith(domain, "local") > 0 && /* only resolve names ending in .local via mDNS */
                     dns_name_equal(domain, "local") == 0 &&   /* but not the single-label "local" name itself */
@ -789,7 +790,7 @@ DnsScopeMatch dns_scope_good_domain(

                if ((s->family == AF_INET && dns_name_endswith(domain, "in-addr.arpa") > 0) ||
                    (s->family == AF_INET6 && dns_name_endswith(domain, "ip6.arpa") > 0))
-                        return DNS_SCOPE_MAYBE;
+                        return DNS_SCOPE_LAST_RESORT;

                if ((dns_name_is_single_label(domain) && /* only resolve single label names via LLMNR */
                     dns_name_equal(domain, "local") == 0 && /* don't resolve "local" with LLMNR, it's the top-level domain of mDNS after all, see above */
--- a/src/resolve/resolved-dns-scope.h
+++ b/src/resolve/resolved-dns-scope.h
@ -18,6 +18,7 @@ typedef struct DnsScope DnsScope;

 typedef enum DnsScopeMatch {
        DNS_SCOPE_NO,
+        DNS_SCOPE_LAST_RESORT,
        DNS_SCOPE_MAYBE,
        DNS_SCOPE_YES_BASE, /* Add the number of matching labels to this */
        DNS_SCOPE_YES_END = DNS_SCOPE_YES_BASE + DNS_N_LABELS_MAX,