diff options
author | Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk> | 2017-02-02 16:07:03 +0000 |
---|---|---|
committer | Jo-Philipp Wich <jo@mein.io> | 2017-02-05 22:26:23 +0100 |
commit | 3bef96ef18a6fb20401313dfa6e88057d56b16ad (patch) | |
tree | e551f8222db13d1a12e07c3e6f9758c6982efc80 /package/network/services/dnsmasq/patches/220-try-all-servers-on-fail.patch | |
parent | f9f6a21c81c0a695edae24e29f938ae077d94cb3 (diff) | |
download | upstream-3bef96ef18a6fb20401313dfa6e88057d56b16ad.tar.gz upstream-3bef96ef18a6fb20401313dfa6e88057d56b16ad.tar.bz2 upstream-3bef96ef18a6fb20401313dfa6e88057d56b16ad.zip |
dnsmasq: update to dnsmasq 2.77test1
Bump to dnsmasq 2.77test1 - this includes a number of fixes since 2.76
and allows dropping of 2 LEDE carried patches.
Notable fix in rrfilter code when talking to Nominum's DNS servers
especially with DNSSEC.
A patch to switch dnsmasq back to 'soft fail' for SERVFAIL responses
from dns servers is also included. This mean dnsmasq tries all
configured servers before giving up.
A 'localise queries' enhancement has also been backported (it will
appear in test2/rc'n') this is especially important if using the
recently imported to LEDE 'use dnsmasq standalone' feature 9525743c
I have been following dnsmasq HEAD ever since 2.76 release.
Compile & Run tested: ar71xx, Archer C7 v2
Tested-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
Diffstat (limited to 'package/network/services/dnsmasq/patches/220-try-all-servers-on-fail.patch')
-rw-r--r-- | package/network/services/dnsmasq/patches/220-try-all-servers-on-fail.patch | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/package/network/services/dnsmasq/patches/220-try-all-servers-on-fail.patch b/package/network/services/dnsmasq/patches/220-try-all-servers-on-fail.patch new file mode 100644 index 0000000000..501eefebb5 --- /dev/null +++ b/package/network/services/dnsmasq/patches/220-try-all-servers-on-fail.patch @@ -0,0 +1,30 @@ +From 94a8815892f538b334d640012eebcafc2c7fa284 Mon Sep 17 00:00:00 2001 +From: Martin Wetterwald <martin.wetterwald@corp.ovh.com> +Date: Thu, 27 Oct 2016 12:17:03 +0200 +Subject: [PATCH] Consider SERVFAIL as a non-successful response + +Treat Servfail as a recoverable error instead of a hard error. + +A misconfigured dns forwarder upstream can return a Servfail faster than +a correctly configured one. + +In the case of a dnssec misbehaving, it will misbehave on all correctly +configured upstreams. In the case of a normal DNS query, the original +behavior of dnsmasq here was more robust. + +--- + src/forward.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/src/forward.c ++++ b/src/forward.c +@@ -853,7 +853,8 @@ void reply_query(int fd, int family, tim + we get a good reply from another server. Kill it when we've + had replies from all to avoid filling the forwarding table when + everything is broken */ +- if (forward->forwardall == 0 || --forward->forwardall == 1 || RCODE(header) != REFUSED) ++ if (forward->forwardall == 0 || --forward->forwardall == 1 ++ || (RCODE(header) != REFUSED && RCODE(header) != SERVFAIL)) + { + int check_rebind = 0, no_cache_dnssec = 0, cache_secure = 0, bogusanswer = 0; + |