resolved: always progress DS queries

If we request a DS and the resolver offers an unsigned SOA, a new auxiliary transaction for the DS will be rejected as a loop, and we might not make any progress toward finding the DS we need. Let's ensure that we at least always check the parent in this case. Fixes: 4769063 ("resolved: don't request the SOA for every dns label") (cherry picked from commit d840783) (cherry picked from commit 52c17fe)
bluca · May 9, 2024 · 16c79fe · 16c79fe
1 parent cf84d7f
commit 16c79fe
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/src/resolve/resolved-dns-transaction.c b/src/resolve/resolved-dns-transaction.c
@@ -2525,6 +2525,10 @@ int dns_transaction_request_dnssec_keys(DnsTransaction *t) {
                                         return r;
                                 if (r == 0)
                                         continue;
+
+                                /* If we were looking for the DS RR, don't request it again. */
+                                if (dns_transaction_key(t)->type == DNS_TYPE_DS)
+                                        continue;
                         }
 
                         r = dnssec_has_rrsig(t->answer, rr->key);