mirror of
https://github.com/systemd/systemd
synced 2024-10-04 15:21:01 +00:00
resolved: allow cache responses from local DNS servers
This commit is contained in:
parent
2bb703e440
commit
6d8325f66a
|
@ -251,8 +251,16 @@
|
|||
request. Be aware that turning off caching comes at a performance penalty, which is particularly high
|
||||
when DNSSEC is used. If <literal>no-negative</literal>, only positive answers are cached.</para>
|
||||
|
||||
<para>Note that caching is turned off implicitly if the configured DNS server is on a host-local IP address
|
||||
(such as 127.0.0.1 or ::1), in order to avoid duplicate local caching.</para></listitem>
|
||||
<para>Note that caching is turned off by default for host-local DNS servers.
|
||||
See <varname>CacheFromLocalhost=</varname> for details.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><varname>CacheFromLocalhost=</varname></term>
|
||||
<listitem><para>Takes a boolean as argument. If <literal>no</literal> (the default), and response cames from
|
||||
host-local IP address (such as 127.0.0.1 or ::1), the result wouldn't be cached in order to avoid
|
||||
potential duplicate local caching.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
|
|
|
@ -221,14 +221,6 @@ void dns_packet_rewind(DnsPacket *p, size_t idx);
|
|||
int dns_packet_skip_question(DnsPacket *p);
|
||||
int dns_packet_extract(DnsPacket *p);
|
||||
|
||||
static inline bool DNS_PACKET_SHALL_CACHE(DnsPacket *p) {
|
||||
/* Never cache data originating from localhost, under the
|
||||
* assumption, that it's coming from a locally DNS forwarder
|
||||
* or server, that is caching on its own. */
|
||||
|
||||
return in_addr_is_localhost(p->family, &p->sender) == 0;
|
||||
}
|
||||
|
||||
/* https://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml#dns-parameters-6 */
|
||||
enum {
|
||||
DNS_RCODE_SUCCESS = 0,
|
||||
|
|
|
@ -682,11 +682,9 @@ static void dns_transaction_cache_answer(DnsTransaction *t) {
|
|||
if (t->scope->manager->enable_cache == DNS_CACHE_MODE_NO)
|
||||
return;
|
||||
|
||||
/* We never cache if this packet is from the local host, under
|
||||
* the assumption that a locally running DNS server would
|
||||
* cache this anyway, and probably knows better when to flush
|
||||
* the cache then we could. */
|
||||
if (!DNS_PACKET_SHALL_CACHE(t->received))
|
||||
/* Packet from localhost? */
|
||||
if (!t->scope->manager->cache_from_localhost &&
|
||||
in_addr_is_localhost(t->received->family, &t->received->sender) != 0)
|
||||
return;
|
||||
|
||||
dns_cache_put(&t->scope->cache,
|
||||
|
|
|
@ -2,6 +2,7 @@
|
|||
#pragma once
|
||||
|
||||
#include "sd-event.h"
|
||||
#include "in-addr-util.h"
|
||||
|
||||
typedef struct DnsTransaction DnsTransaction;
|
||||
typedef enum DnsTransactionState DnsTransactionState;
|
||||
|
|
|
@ -30,3 +30,4 @@ Resolve.DNSStubListener, config_parse_dns_stub_listener_mode, 0,
|
|||
Resolve.ReadEtcHosts, config_parse_bool, 0, offsetof(Manager, read_etc_hosts)
|
||||
Resolve.ResolveUnicastSingleLabel, config_parse_bool, 0, offsetof(Manager, resolve_unicast_single_label)
|
||||
Resolve.DNSStubListenerExtra, config_parse_dns_stub_listener_extra, 0, offsetof(Manager, dns_extra_stub_listeners)
|
||||
Resolve.CacheFromLocalhost, config_parse_bool, 0, offsetof(Manager, cache_from_localhost)
|
||||
|
|
|
@ -39,6 +39,7 @@ struct Manager {
|
|||
DnssecMode dnssec_mode;
|
||||
DnsOverTlsMode dns_over_tls_mode;
|
||||
DnsCacheMode enable_cache;
|
||||
bool cache_from_localhost;
|
||||
DnsStubListenerMode dns_stub_listener_mode;
|
||||
|
||||
#if ENABLE_DNS_OVER_TLS
|
||||
|
|
|
@ -24,6 +24,7 @@
|
|||
#MulticastDNS=@DEFAULT_MDNS_MODE@
|
||||
#LLMNR=@DEFAULT_LLMNR_MODE@
|
||||
#Cache=yes
|
||||
#CacheFromLocalhost=no
|
||||
#DNSStubListener=yes
|
||||
#DNSStubListenerExtra=
|
||||
#ReadEtcHosts=yes
|
||||
|
|
|
@ -374,6 +374,7 @@ Bond=
|
|||
Bridge=
|
||||
Broadcast=
|
||||
Cache=
|
||||
CacheFromLocalhost=
|
||||
ClientIdentifier=
|
||||
ConfigureWithoutCarrier=
|
||||
CopyDSCP=
|
||||
|
|
Loading…
Reference in a new issue