Pi-Hole/dnsmasq
1
0
Fork 0
mirror of https://github.com/pi-hole/dnsmasq.git synced 2025-12-19 10:18:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Don't cache DNS data from non-recursive nameservers.

Browse Source
This commit is contained in:
Simon Kelley
2012-04-09 18:00:08 +01:00
parent 83e854e359
commit 1023dcbc9e
2 changed files with 14 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
src/rfc1035.c
View File

@@ -1003,10 +1003,16 @@ int extract_addresses(struct dns_header *header, size_t qlen, char *name, time_t
}
}
/* Don't put stuff from a truncated packet into the cache,
also don't cache replies where DNSSEC validation was turned off, either
the upstream server told us so, or the original query specified it. */
if (!(header->hb3 & HB3_TC) && !(header->hb4 & HB4_CD) && !checking_disabled)
/* Don't put stuff from a truncated packet into the cache.
Don't cache replies where DNSSEC validation was turned off, either
the upstream server told us so, or the original query specified it.
Don't cache replies from non-recursive nameservers, since we may get a
reply containing a CNAME but not its target, even though the target
does exist. */
if (!(header->hb3 & HB3_TC) &&
!(header->hb4 & HB4_CD) &&
(header->hb4 & HB4_RA) &&
!checking_disabled)
cache_end_insert();
return 0;