resolved: only cache answer RRs, never additional or authoritative RRs of responses

diff --git a/src/resolve/resolved-dns-cache.c b/src/resolve/resolved-dns-cache.c
index 8c859d19b5fed0c23687cb1cf21bc7e616c6bd36..c9711674529f888c0b53f7ce1b1bfa83cf4054d9 100644 (file)
--- a/src/resolve/resolved-dns-cache.c
+++ b/src/resolve/resolved-dns-cache.c
@@ -337,7 +337,7 @@ static int dns_cache_put_negative(DnsCache *c, DnsResourceKey *key, int rcode, u
         return 0;
 }
 
         return 0;
 }
 

-int dns_cache_put(DnsCache *c, DnsQuestion *q, int rcode, DnsAnswer *answer, usec_t timestamp) {
+int dns_cache_put(DnsCache *c, DnsQuestion *q, int rcode, DnsAnswer *answer, unsigned max_rrs, usec_t timestamp) {

         unsigned i;
         int r;
 
         unsigned i;
         int r;
 


@@ -365,7 +365,7 @@ int dns_cache_put(DnsCache *c, DnsQuestion *q, int rcode, DnsAnswer *answer, use
                 timestamp = now(CLOCK_MONOTONIC);
 
         /* Second, add in positive entries for all contained RRs */
                 timestamp = now(CLOCK_MONOTONIC);
 
         /* Second, add in positive entries for all contained RRs */

-        for (i = 0; i < answer->n_rrs; i++) {
+        for (i = 0; i < MIN(max_rrs, answer->n_rrs); i++) {

                 r = dns_cache_put_positive(c, answer->rrs[i], timestamp);
                 if (r < 0)
                         goto fail;
                 r = dns_cache_put_positive(c, answer->rrs[i], timestamp);
                 if (r < 0)
                         goto fail;

diff --git a/src/resolve/resolved-dns-cache.h b/src/resolve/resolved-dns-cache.h
index 590cf691b3e75c2d6b03847fa5037ac3b72a2358..d88d1d0e1510cb14221288df983ea012ff65135e 100644 (file)
--- a/src/resolve/resolved-dns-cache.h
+++ b/src/resolve/resolved-dns-cache.h
@@ -40,5 +40,5 @@ typedef struct DnsCache {
 void dns_cache_flush(DnsCache *c);
 void dns_cache_prune(DnsCache *c);
 
 void dns_cache_flush(DnsCache *c);
 void dns_cache_prune(DnsCache *c);
 

-int dns_cache_put(DnsCache *c, DnsQuestion *q, int rcode, DnsAnswer *answer, usec_t timestamp);
+int dns_cache_put(DnsCache *c, DnsQuestion *q, int rcode, DnsAnswer *answer, unsigned max_rrs, usec_t timestamp);

 int dns_cache_lookup(DnsCache *c, DnsQuestion *q, int *rcode, DnsAnswer **answer);
 int dns_cache_lookup(DnsCache *c, DnsQuestion *q, int *rcode, DnsAnswer **answer);

diff --git a/src/resolve/resolved-dns-query.c b/src/resolve/resolved-dns-query.c
index 271b8fd9c901ead0538d2bd0ea385e4c0bbc9468..85702515285f1325b86b2acf1b804f10eb81ef0b 100644 (file)
--- a/src/resolve/resolved-dns-query.c
+++ b/src/resolve/resolved-dns-query.c
@@ -344,7 +344,8 @@ void dns_query_transaction_process_reply(DnsQueryTransaction *t, DnsPacket *p) {
                 return;
         }
 
                 return;
         }
 

-        dns_cache_put(&t->scope->cache, p->question, DNS_PACKET_RCODE(p), p->answer, 0);
+        /* According to RFC 4795, section 2.9. only the RRs from the answer section shall be cached */
+        dns_cache_put(&t->scope->cache, p->question, DNS_PACKET_RCODE(p), p->answer, DNS_PACKET_ANCOUNT(p), 0);

 
         if (DNS_PACKET_RCODE(p) == DNS_RCODE_SUCCESS)
                 dns_query_transaction_complete(t, DNS_QUERY_SUCCESS);
 
         if (DNS_PACKET_RCODE(p) == DNS_RCODE_SUCCESS)
                 dns_query_transaction_complete(t, DNS_QUERY_SUCCESS);