From 9396752c115b3ab733fa476b30da73237e12e7ba Mon Sep 17 00:00:00 2001 From: Hans Dedecker Date: Tue, 27 Jun 2017 22:08:47 +0100 Subject: [PATCH] Try other servers if first returns REFUSED when --strict-order active. If a DNS server replies REFUSED for a given DNS query in strict order mode no failover to the next DNS server is triggered as the failover logic only covers non strict mode. As a result the client will be returned the REFUSED reply without first falling back to the secondary DNS server(s). Make failover support work as well for strict mode config in case REFUSED is replied by deleting the strict order check and rely only on forwardall being equal to 0 which is the case in non strict mode when a single server has been contacted or when strict order mode has been configured. --- CHANGELOG | 4 ++++ src/forward.c | 1 - 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/CHANGELOG b/CHANGELOG index 9494c83..3a640f3 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -13,7 +13,11 @@ version 2.78 ff325644c7afae2588583f935f4ea9b9694eb52e. Thanks to John Fitzgibbon for the diagnosis and patch. + Try other servers if first returns REFUSED when + --strict-order active. Thanks to Hans Dedecker + for the patch + version 2.77 Generate an error when configured with a CNAME loop, rather than a crash. Thanks to George Metz for diff --git a/src/forward.c b/src/forward.c index 4a3f831..f22556a 100644 --- a/src/forward.c +++ b/src/forward.c @@ -790,7 +790,6 @@ void reply_query(int fd, int family, time_t now) /* Note: if we send extra options in the EDNS0 header, we can't recreate the query from the reply. */ if (RCODE(header) == REFUSED && - !option_bool(OPT_ORDER) && forward->forwardall == 0 && !(forward->flags & FREC_HAS_EXTRADATA)) /* for broken servers, attempt to send to another one. */