blob: 978c26ff15f436b379970cf939e398bacc363247 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
|
https://github.com/systemd/systemd/issues/32531
https://github.com/systemd/systemd/commit/d840783db5208219c78d73b9b46ef5daae9fea0a
https://github.com/systemd/systemd-stable/commit/52c17febf14c866d9808d1804f13ac98d76e665b
From 52c17febf14c866d9808d1804f13ac98d76e665b Mon Sep 17 00:00:00 2001
From: Ronan Pigott <ronan@rjp.ie>
Date: Mon, 29 Apr 2024 02:17:23 -0700
Subject: [PATCH] resolved: always progress DS queries
If we request a DS and the resolver offers an unsigned SOA, a new
auxiliary transaction for the DS will be rejected as a loop, and we
might not make any progress toward finding the DS we need. Let's ensure
that we at least always check the parent in this case.
Fixes: 47690634f157 ("resolved: don't request the SOA for every dns label")
(cherry picked from commit d840783db5208219c78d73b9b46ef5daae9fea0a)
--- a/src/resolve/resolved-dns-transaction.c
+++ b/src/resolve/resolved-dns-transaction.c
@@ -2545,6 +2545,10 @@ int dns_transaction_request_dnssec_keys(DnsTransaction *t) {
return r;
if (r == 0)
continue;
+
+ /* If we were looking for the DS RR, don't request it again. */
+ if (dns_transaction_key(t)->type == DNS_TYPE_DS)
+ continue;
}
r = dnssec_has_rrsig(t->answer, rr->key);
|
