Pi-Hole/dnsmasq
1
0
Fork 0
mirror of https://github.com/pi-hole/dnsmasq.git synced 2025-12-19 18:28:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix logic when a SERVFAIL reply is received after good replt for DNSSEC.

Browse Source 
If we get a SERVFAIL or REFUSED answer to a DNSSEC query for which
we already have a good answer, just ignore it.
This commit is contained in:
Simon Kelley
2022-08-19 13:28:00 +01:00
parent 32588c755a
commit 04cc2ae1a6
1 changed files with 6 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
src/forward.c
View File

@@ -1073,12 +1073,15 @@ void reply_query(int fd, time_t now)
size_t nn = 0; size_t nn = 0;
#ifdef HAVE_DNSSEC #ifdef HAVE_DNSSEC
/* DNSSEC queries have a copy of the original query stashed. /* The query MAY have got a good answer, and be awaiting
The query MAY have got a good answer, and be awaiting
the results of further queries, in which case the results of further queries, in which case
The Stash contains something else and we don't need to retry anyway. */ The Stash contains something else and we don't need to retry anyway. */
if ((forward->flags & (FREC_DNSKEY_QUERY | FREC_DS_QUERY)) && !forward->blocking_query) if (forward->blocking_query)
return;
if (forward->flags & (FREC_DNSKEY_QUERY | FREC_DS_QUERY))
{ {
/* DNSSEC queries have a copy of the original query stashed. */
blockdata_retrieve(forward->stash, forward->stash_len, (void *)header); blockdata_retrieve(forward->stash, forward->stash_len, (void *)header);
nn = forward->stash_len; nn = forward->stash_len;
udp_size = daemon->edns_pktsz; udp_size = daemon->edns_pktsz;