resolved: when synthesizing NODATA from cached NSEC bitmaps, honour CNAME/DNAME

When an RR type is not set in an NSEC, then the CNAME/DNAME types might
still be, hence check them too.

Otherwise we might end up refusing resolving of CNAME'd RRs if we cached
an NSEC before.

diff --git a/src/resolve/resolved-dns-cache.c b/src/resolve/resolved-dns-cache.c
index 3abb037..241187d 100644 (file)
--- a/src/resolve/resolved-dns-cache.c
+++ b/src/resolve/resolved-dns-cache.c
@@ -636,7 +636,9 @@ int dns_cache_lookup(DnsCache *c, DnsResourceKey *key, int *rcode, DnsAnswer **r
                 *ret = NULL;
                 *rcode = DNS_RCODE_SUCCESS;
 
-                return !bitmap_isset(nsec->nsec.types, key->type);
+                return !bitmap_isset(nsec->nsec.types, key->type) &&
+                       !bitmap_isset(nsec->nsec.types, DNS_TYPE_CNAME) &&
+                       !bitmap_isset(nsec->nsec.types, DNS_TYPE_DNAME);
         }
 
         log_debug("%s cache hit for %s",