diff options
author | Simon Kelley <simon@thekelleys.org.uk> | 2022-08-19 13:28:00 +0100 |
---|---|---|
committer | Simon Kelley <simon@thekelleys.org.uk> | 2022-09-06 18:31:59 +0100 |
commit | 04cc2ae1a605c9b9d346d010178abf597fd0fe77 (patch) | |
tree | 9ea71673aac5d7fa06b8dc375569b32300cf89bb | |
parent | 32588c755a238834876c688d6862300458cd8d5e (diff) | |
download | dnsmasq-04cc2ae1a605c9b9d346d010178abf597fd0fe77.tar.gz |
Fix logic when a SERVFAIL reply is received after good replt for DNSSEC.
If we get a SERVFAIL or REFUSED answer to a DNSSEC query for which
we already have a good answer, just ignore it.
-rw-r--r-- | src/forward.c | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/src/forward.c b/src/forward.c index f90be2f..8562b2d 100644 --- a/src/forward.c +++ b/src/forward.c @@ -1073,12 +1073,15 @@ void reply_query(int fd, time_t now) size_t nn = 0; #ifdef HAVE_DNSSEC - /* DNSSEC queries have a copy of the original query stashed. - The query MAY have got a good answer, and be awaiting + /* The query MAY have got a good answer, and be awaiting the results of further queries, in which case The Stash contains something else and we don't need to retry anyway. */ - if ((forward->flags & (FREC_DNSKEY_QUERY | FREC_DS_QUERY)) && !forward->blocking_query) + if (forward->blocking_query) + return; + + if (forward->flags & (FREC_DNSKEY_QUERY | FREC_DS_QUERY)) { + /* DNSSEC queries have a copy of the original query stashed. */ blockdata_retrieve(forward->stash, forward->stash_len, (void *)header); nn = forward->stash_len; udp_size = daemon->edns_pktsz; |