From 63b121913043ab10639b355dae29acc9855678cd Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Fri, 8 Jun 2018 12:04:49 +0200
Subject: [PATCH] resolved: whenever a link starts/stops being relevant flush
 global DNS caches

Let's add some protection for split horizon setups, where different
zones are visible on the same global DNS servers depending on where you
come from.

Fixes: #9196
---
 src/resolve/resolved-link.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/resolve/resolved-link.c b/src/resolve/resolved-link.c
index a0eedd8..ccce2fd 100644
--- a/src/resolve/resolved-link.c
+++ b/src/resolve/resolved-link.c
@@ -115,6 +115,11 @@ void link_allocate_scopes(Link *l) {
 
                 dns_server_reset_features_all(l->manager->fallback_dns_servers);
                 dns_server_reset_features_all(l->manager->dns_servers);
+
+                /* Also, flush the global unicast scope, to deal with split horizon setups, where talking through one
+                 * interface reveals different DNS zones than through others. */
+                if (l->manager->unicast_scope)
+                        dns_cache_flush(&l->manager->unicast_scope->cache);
         }
 
         /* And now, allocate all scopes that makes sense now if we didn't have them yet, and drop those which we don't
-- 
2.7.4