resolved: add option to disable caching (#3592)

In some cases, caching DNS results locally is not desirable, a it makes DNS cache poisoning attacks a tad easier and also allows users on the system to determine whether or not a particular domain got visited by another user. Thus provide a new "Cache" resolved.conf option to disable it.
author: Martin Pitt <martin.pitt@ubuntu.com> 2016-06-24 07:54:28 +0200
committer: GitHub <noreply@github.com> 2016-06-24 07:54:28 +0200
commit: ceeddf79b8464469a5307a1030862c7c4fe289e9 (patch)
tree: 4ad0a49ca457e8e53789c3aea41c6284ab3ff277 /src/resolve/resolved-dns-transaction.c
parent: a2c28c645160b4e9377db4cb40cb9f22141f2dd3 (diff)
download: systemd-ceeddf79b8464469a5307a1030862c7c4fe289e9.tar.gz
1 files changed, 4 insertions, 0 deletions
diff --git a/src/resolve/resolved-dns-transaction.c b/src/resolve/resolved-dns-transaction.c
index 09f60d3e76..06e7145422 100644
--- a/src/resolve/resolved-dns-transaction.c
+++ b/src/resolve/resolved-dns-transaction.c
@@ -590,6 +590,10 @@ static void dns_transaction_cache_answer(DnsTransaction *t) {
         if (!IN_SET(t->scope->protocol, DNS_PROTOCOL_DNS, DNS_PROTOCOL_LLMNR))
                 return;
 
+        /* Caching disabled? */
+        if (!t->scope->manager->enable_cache)
+                return;
+
         /* We never cache if this packet is from the local host, under
          * the assumption that a locally running DNS server would
          * cache this anyway, and probably knows better when to flush
author	Martin Pitt <martin.pitt@ubuntu.com>	2016-06-24 07:54:28 +0200
committer	GitHub <noreply@github.com>	2016-06-24 07:54:28 +0200
commit	ceeddf79b8464469a5307a1030862c7c4fe289e9 (patch)
tree	4ad0a49ca457e8e53789c3aea41c6284ab3ff277 /src/resolve/resolved-dns-transaction.c
parent	a2c28c645160b4e9377db4cb40cb9f22141f2dd3 (diff)
download	systemd-ceeddf79b8464469a5307a1030862c7c4fe289e9.tar.gz