39 lines
1.4 KiB
Diff
39 lines
1.4 KiB
Diff
From 04cc2ae1a605c9b9d346d010178abf597fd0fe77 Mon Sep 17 00:00:00 2001
|
|
From: Simon Kelley <simon@thekelleys.org.uk>
|
|
Date: Fri, 19 Aug 2022 13:28:00 +0100
|
|
Subject: [PATCH] Fix logic when a SERVFAIL reply is received after good replt
|
|
for DNSSEC.
|
|
|
|
If we get a SERVFAIL or REFUSED answer to a DNSSEC query for which
|
|
we already have a good answer, just ignore it.
|
|
---
|
|
src/forward.c | 9 ++++++---
|
|
1 file changed, 6 insertions(+), 3 deletions(-)
|
|
|
|
diff --git a/src/forward.c b/src/forward.c
|
|
index f90be2f..8562b2d 100644
|
|
--- a/src/forward.c
|
|
+++ b/src/forward.c
|
|
@@ -1073,12 +1073,15 @@ void reply_query(int fd, time_t now)
|
|
size_t nn = 0;
|
|
|
|
#ifdef HAVE_DNSSEC
|
|
- /* DNSSEC queries have a copy of the original query stashed.
|
|
- The query MAY have got a good answer, and be awaiting
|
|
+ /* The query MAY have got a good answer, and be awaiting
|
|
the results of further queries, in which case
|
|
The Stash contains something else and we don't need to retry anyway. */
|
|
- if ((forward->flags & (FREC_DNSKEY_QUERY | FREC_DS_QUERY)) && !forward->blocking_query)
|
|
+ if (forward->blocking_query)
|
|
+ return;
|
|
+
|
|
+ if (forward->flags & (FREC_DNSKEY_QUERY | FREC_DS_QUERY))
|
|
{
|
|
+ /* DNSSEC queries have a copy of the original query stashed. */
|
|
blockdata_retrieve(forward->stash, forward->stash_len, (void *)header);
|
|
nn = forward->stash_len;
|
|
udp_size = daemon->edns_pktsz;
|
|
--
|
|
2.25.1
|
|
|