morgan/systemd
1
0
Fork 0
mirror of https://github.com/morgan9e/systemd synced 2026-04-15 00:47:10 +09:00
Code Issues Packages Projects Releases Wiki Activity

resolved: make resolved authoritative in resolveing our local host name

Browse Source 
This is a kinda a follow-up for ce266330fc: it
makes resolved authoritative on our local hostname, and never contacts
DNS anymore for it.

We effectively already were authoritative for it, except if the user
queried for other RR types than just A/AAAA. This closes the gap and
refuses routing other RR type queries to DNS.

Fixes: #23662
This commit is contained in:
Lennart Poettering
2024-03-05 13:48:59 +01:00
parent 4b91896226
commit 6399be223b
5 changed files with 30 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
docs/ENVIRONMENT.md
View File

@@ -357,7 +357,8 @@ All tools:
`systemd-resolved`:
* `$SYSTEMD_RESOLVED_SYNTHESIZE_HOSTNAME` — if set to "0", `systemd-resolved`
won't synthesize system hostname on both regular and reverse lookups.
won't synthesize A/AAAA/PTR RRs for the system hostname on either regular nor
reverse lookups.
`systemd-sysext`:

4
src/resolve/resolved-dns-query.c
View File

@@ -672,6 +672,8 @@ static int dns_query_synthesize_reply(DnsQuery *q, DnsTransactionState *state) {
q->answer_query_flags = SD_RESOLVED_AUTHENTICATED|SD_RESOLVED_CONFIDENTIAL|SD_RESOLVED_SYNTHETIC;
*state = DNS_TRANSACTION_RCODE_FAILURE;
log_debug("Found synthetic NXDOMAIN response.");
return 0;
}
if (r <= 0)
@@ -687,6 +689,8 @@ static int dns_query_synthesize_reply(DnsQuery *q, DnsTransactionState *state) {
*state = DNS_TRANSACTION_SUCCESS;
log_debug("Found synthetic success response.");
return 1;
}

5
src/resolve/resolved-dns-scope.c
View File

@@ -12,6 +12,7 @@
#include "random-util.h"
#include "resolved-dnssd.h"
#include "resolved-dns-scope.h"
#include "resolved-dns-synthesize.h"
#include "resolved-dns-zone.h"
#include "resolved-llmnr.h"
#include "resolved-mdns.h"
@@ -653,6 +654,10 @@ DnsScopeMatch dns_scope_good_domain(
is_dns_proxy_stub_hostname(domain))
return DNS_SCOPE_NO;
/* Don't look up the local host name via the network, unless user turned of local synthesis of it */
if (manager_is_own_hostname(s->manager, domain) && shall_synthesize_own_hostname_rrs())
return DNS_SCOPE_NO;
/* Never send SOA or NS or DNSSEC request to LLMNR, where they make little sense. */
r = dns_question_types_suitable_for_protocol(question, s->protocol);
if (r <= 0)

19
src/resolve/resolved-dns-synthesize.c
View File

@@ -439,6 +439,20 @@ static int synthesize_gateway_ptr(
return answer_add_addresses_ptr(answer, "_gateway", addresses, n, af, address);
}
bool shall_synthesize_own_hostname_rrs(void) {
static int cached = -1;
int r;
if (cached >= 0)
return cached;
r = secure_getenv_bool("SYSTEMD_RESOLVED_SYNTHESIZE_HOSTNAME");
if (r < 0 && r != -ENXIO)
log_debug_errno(r, "Failed to parse $SYSTEMD_RESOLVED_SYNTHESIZE_HOSTNAME: %m");
return (cached = r != 0);
}
int dns_synthesize_answer(
Manager *m,
DnsQuestion *q,
@@ -479,8 +493,9 @@ int dns_synthesize_answer(
} else if (manager_is_own_hostname(m, name)) {
if (getenv_bool("SYSTEMD_RESOLVED_SYNTHESIZE_HOSTNAME") == 0)
if (!shall_synthesize_own_hostname_rrs())
continue;
r = synthesize_system_hostname_rr(m, key, ifindex, &answer);
if (r < 0)
return log_error_errno(r, "Failed to synthesize system hostname RRs: %m");
@@ -530,7 +545,7 @@ int dns_synthesize_answer(
} else if (dns_name_address(name, &af, &address) > 0) {
int v, w, u;
if (getenv_bool("SYSTEMD_RESOLVED_SYNTHESIZE_HOSTNAME") == 0)
if (!shall_synthesize_own_hostname_rrs())
continue;
v = synthesize_system_hostname_ptr(m, af, &address, ifindex, &answer);

2
src/resolve/resolved-dns-synthesize.h
View File

@@ -9,3 +9,5 @@ int dns_synthesize_family(uint64_t flags);
DnsProtocol dns_synthesize_protocol(uint64_t flags);
int dns_synthesize_answer(Manager *m, DnsQuestion *q, int ifindex, DnsAnswer **ret);
bool shall_synthesize_own_hostname_rrs(void);