From 961daf8f921503457d1f539f79b3a2def7d479e2 Mon Sep 17 00:00:00 2001
From: Simon Kelley <simon@thekelleys.org.uk>
Date: Tue, 6 Apr 2021 23:52:09 +0100
Subject: [PATCH] Handle resource exhaustion of struct frec_src same as struct
 frec.

Ie, by returning REFUSED response and (rate-limited) logging.
---
 src/forward.c | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/src/forward.c b/src/forward.c
index 5ff4e86..2d13de5 100644
--- a/src/forward.c
+++ b/src/forward.c
@@ -352,9 +352,19 @@ static int forward_query(int udpfd, union mysockaddr *udpaddr,
 	      daemon->free_frec_src->next = NULL;
 	    }
 	  
-	  /* If we've been spammed with many duplicates, just drop the query. */
+	  /* If we've been spammed with many duplicates, return REFUSED. */
 	  if (!daemon->free_frec_src)
-	    return 0;
+	    {
+	      static time_t last_log = 0;
+
+	      if ((int)difftime(now, last_log) > 5)
+		{
+		  last_log = now;
+		  my_syslog(LOG_WARNING, _("Maximum number of concurrent DNS queries reached (max: %d)"), daemon->ftabsize);
+		}
+	      
+	      goto frec_err;
+	    }
 	  
 	  src = daemon->free_frec_src;
 	  daemon->free_frec_src = src->next;
@@ -630,6 +640,7 @@ static int forward_query(int udpfd, union mysockaddr *udpaddr,
     }	  
   
   /* could not send on, return empty answer or address if known for whole domain */
+ frec_err:
   if (udpfd != -1)
     {
       plen = setup_reply(header, plen, addrp, flags, daemon->local_ttl);