From ec8f3e65c19e8dee114e31759d447926d3ebd7cf Mon Sep 17 00:00:00 2001 From: Simon Kelley Date: Mon, 23 Jun 2025 21:48:29 +0100 Subject: [PATCH] Tweak domain-specific servers and DNSSEC code to treat servers for plain names (server=//1.2.3.4) as domain-specific. This means that if we fail to get a DS record for such a query, it gets given the benefit of the doubt. Updates 57f0489f384193f7c962fb2a20c9e2e867f86039 --- src/domain-match.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/src/domain-match.c b/src/domain-match.c index 181c833..fa8484a 100644 --- a/src/domain-match.c +++ b/src/domain-match.c @@ -244,7 +244,10 @@ int lookup_domain(char *domain, int flags, int *lowout, int *highout) if (nodots && (daemon->serverarray[daemon->serverarraysz-1]->flags & SERV_FOR_NODOTS) && (nlow == nhigh || daemon->serverarray[nlow]->domain_len == 0)) - filter_servers(daemon->serverarraysz-1, flags, &nlow, &nhigh); + { + filter_servers(daemon->serverarraysz-1, flags, &nlow, &nhigh); + qlen = 0; + } if (lowout) *lowout = nlow; @@ -343,7 +346,8 @@ int filter_servers(int seed, int flags, int *lowout, int *highout) else { /* If we want a server for a particular domain, and this one isn't, return nothing. */ - if (nlow < daemon->serverarraysz && nlow != nhigh && (flags & F_DOMAINSRV) && daemon->serverarray[nlow]->domain_len == 0) + if (nlow < daemon->serverarraysz && nlow != nhigh && (flags & F_DOMAINSRV) && + daemon->serverarray[nlow]->domain_len == 0 && !(daemon->serverarray[nlow]->flags & SERV_FOR_NODOTS)) nlow = nhigh; } }