From d6c69f6bdba8e2a138faa6c422f5fd29545f1f06 Mon Sep 17 00:00:00 2001
From: Simon Kelley <simon@thekelleys.org.uk>
Date: Tue, 6 Sep 2022 15:35:54 +0100
Subject: [PATCH] Free sockets awaiting upstream DNS replies ASAP.

Once we have a good answer, close the socket so that the fd can
be reused during DNSSEC validation and we don't have to read and
discard more replies from other servers.
---
 src/forward.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/forward.c b/src/forward.c
index e8249a6..f90be2f 100644
--- a/src/forward.c
+++ b/src/forward.c
@@ -1144,6 +1144,13 @@ void reply_query(int fd, time_t now)
     }
 
   forward->sentto = server;
+
+  /* We have a good answer, and will now validate it or return it. 
+     It may be some time before this the validation completes, but we don't need
+     any more answers, so close the socket(s) on which we were expecting
+     answers, to conserve file descriptors, and to save work reading and
+     discarding answers for other upstreams. */
+  free_rfds(&forward->rfds);
   
 #ifdef HAVE_DNSSEC
   if ((forward->sentto->flags & SERV_DO_DNSSEC) && 
-- 
2.25.1