From 51967f9807665dae403f1497b827165c5fa1084b Mon Sep 17 00:00:00 2001 From: Simon Kelley Date: Tue, 25 Mar 2014 21:07:00 +0000 Subject: SERVFAIL is an expected error return, don't try all servers. --- src/forward.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/src/forward.c b/src/forward.c index 7e87733..d9a41ba 100644 --- a/src/forward.c +++ b/src/forward.c @@ -751,7 +751,7 @@ void reply_query(int fd, int family, time_t now) if ((forward->sentto->flags & SERV_TYPE) == 0) { - if (RCODE(header) == SERVFAIL || RCODE(header) == REFUSED) + if (RCODE(header) == REFUSED) server = NULL; else { @@ -774,8 +774,7 @@ void reply_query(int fd, int family, time_t now) we get a good reply from another server. Kill it when we've had replies from all to avoid filling the forwarding table when everything is broken */ - if (forward->forwardall == 0 || --forward->forwardall == 1 || - (RCODE(header) != REFUSED && RCODE(header) != SERVFAIL)) + if (forward->forwardall == 0 || --forward->forwardall == 1 || RCODE(header) != SERVFAIL) { int check_rebind = 0, no_cache_dnssec = 0, cache_secure = 0; @@ -788,7 +787,7 @@ void reply_query(int fd, int family, time_t now) no_cache_dnssec = 1; #ifdef HAVE_DNSSEC - if (option_bool(OPT_DNSSEC_VALID) && !(forward->flags & FREC_CHECKING_DISABLED)) + if (server && option_bool(OPT_DNSSEC_VALID) && !(forward->flags & FREC_CHECKING_DISABLED)) { int status; -- cgit v1.2.1