diff options
| author | Ronan Pigott <ronan@rjp.ie> | 2024-04-29 11:17:23 +0200 |
|---|---|---|
| committer | Luca Boccassi <luca.boccassi@gmail.com> | 2024-04-29 19:04:11 +0200 |
| commit | d840783db5208219c78d73b9b46ef5daae9fea0a (patch) | |
| tree | fc8178f43fe0ea392ba4991c68a14bef9438d10e /src/resolve | |
| parent | meson: copy prefix mapping CFLAGS when building BPF objects (diff) | |
| download | systemd-d840783db5208219c78d73b9b46ef5daae9fea0a.tar.xz systemd-d840783db5208219c78d73b9b46ef5daae9fea0a.zip | |
resolved: always progress DS queries
If we request a DS and the resolver offers an unsigned SOA, a new
auxiliary transaction for the DS will be rejected as a loop, and we
might not make any progress toward finding the DS we need. Let's ensure
that we at least always check the parent in this case.
Fixes: 47690634f157 ("resolved: don't request the SOA for every dns label")
Diffstat (limited to 'src/resolve')
| -rw-r--r-- | src/resolve/resolved-dns-transaction.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/src/resolve/resolved-dns-transaction.c b/src/resolve/resolved-dns-transaction.c index f6ce3e38db..b2817031b5 100644 --- a/src/resolve/resolved-dns-transaction.c +++ b/src/resolve/resolved-dns-transaction.c @@ -2618,6 +2618,10 @@ int dns_transaction_request_dnssec_keys(DnsTransaction *t) { return r; if (r == 0) continue; + + /* If we were looking for the DS RR, don't request it again. */ + if (dns_transaction_key(t)->type == DNS_TYPE_DS) + continue; } r = dnssec_has_rrsig(t->answer, rr->key); |