resolve: also compare port and SNI in dns_server_find()

5 files changed, 13 insertions, 6 deletions

diff --git a/src/resolve/resolved-conf.c b/src/resolve/resolved-conf.c
index 5df39b1b89..6b99271245 100644
--- a/src/resolve/resolved-conf.c
+++ b/src/resolve/resolved-conf.c
@@ -41,6 +41,9 @@ static int manager_add_dns_server_by_string(Manager *m, DnsServerType type, cons
         if (r < 0)
                 return r;
 
+        if (IN_SET(port, 53, 853))
+                port = 0;
+
         /* Silently filter out 0.0.0.0 and 127.0.0.53 (our own stub DNS listener) */
         if (!dns_server_address_valid(family, &address))
                 return 0;
@@ -51,7 +54,7 @@ static int manager_add_dns_server_by_string(Manager *m, DnsServerType type, cons
                 port = 0;
 
         /* Filter out duplicates */
-        s = dns_server_find(manager_get_first_dns_server(m, type), family, &address, ifindex);
+        s = dns_server_find(manager_get_first_dns_server(m, type), family, &address, port, ifindex, server_name);
         if (s) {
                 /*
                  * Drop the marker. This is used to find the servers
diff --git a/src/resolve/resolved-dns-server.c b/src/resolve/resolved-dns-server.c
index b4f2a8c97f..1bd9c6fcbd 100644
--- a/src/resolve/resolved-dns-server.c
+++ b/src/resolve/resolved-dns-server.c
@@ -666,11 +666,15 @@ void dns_server_mark_all(DnsServer *first) {
         dns_server_mark_all(first->servers_next);
 }
 
-DnsServer *dns_server_find(DnsServer *first, int family, const union in_addr_union *in_addr, int ifindex) {
+DnsServer *dns_server_find(DnsServer *first, int family, const union in_addr_union *in_addr, uint16_t port, int ifindex, const char *name) {
         DnsServer *s;
 
         LIST_FOREACH(servers, s, first)
-                if (s->family == family && in_addr_equal(family, &s->address, in_addr) > 0 && s->ifindex == ifindex)
+                if (s->family == family &&
+                    in_addr_equal(family, &s->address, in_addr) > 0 &&
+                    s->port == port &&
+                    s->ifindex == ifindex &&
+                    streq_ptr(s->server_name, name))
                         return s;
 
         return NULL;
diff --git a/src/resolve/resolved-dns-server.h b/src/resolve/resolved-dns-server.h
index 126a52ae6f..4109c29452 100644
--- a/src/resolve/resolved-dns-server.h
+++ b/src/resolve/resolved-dns-server.h
@@ -131,7 +131,7 @@ bool dns_server_dnssec_supported(DnsServer *server);
 
 void dns_server_warn_downgrade(DnsServer *server);
 
-DnsServer *dns_server_find(DnsServer *first, int family, const union in_addr_union *in_addr, int ifindex);
+DnsServer *dns_server_find(DnsServer *first, int family, const union in_addr_union *in_addr, uint16_t port, int ifindex, const char *name);
 
 void dns_server_unlink_all(DnsServer *first);
 void dns_server_unlink_marked(DnsServer *first);
diff --git a/src/resolve/resolved-link-bus.c b/src/resolve/resolved-link-bus.c
index 62afe698c6..1694b1aa5a 100644
--- a/src/resolve/resolved-link-bus.c
+++ b/src/resolve/resolved-link-bus.c
@@ -281,7 +281,7 @@ int bus_link_method_set_dns_servers(sd_bus_message *message, void *userdata, sd_
         for (i = 0; i < n; i++) {
                 DnsServer *s;
 
-                s = dns_server_find(l->dns_servers, dns[i].family, &dns[i].address, 0);
+                s = dns_server_find(l->dns_servers, dns[i].family, &dns[i].address, 0, 0, NULL);
                 if (s)
                         dns_server_move_back_and_unmark(s);
                 else {
diff --git a/src/resolve/resolved-link.c b/src/resolve/resolved-link.c
index 95f64700b6..3679ca0703 100644
--- a/src/resolve/resolved-link.c
+++ b/src/resolve/resolved-link.c
@@ -263,7 +263,7 @@ static int link_update_dns_server_one(Link *l, const char *name) {
         if (r < 0)
                 return r;
 
-        s = dns_server_find(l->dns_servers, family, &a, 0);
+        s = dns_server_find(l->dns_servers, family, &a, 0, 0, NULL);
         if (s) {
                 dns_server_move_back_and_unmark(s);
                 return 0;