From 18e02fa20c949e17ff77d821e464a44640ca4c52 Mon Sep 17 00:00:00 2001 From: Kevin Darbyshire-Bryant Date: Mon, 10 Dec 2018 09:53:51 +0000 Subject: Revert "dnsmasq: follow upstream dnsmasq pre-v2.81" This reverts commit a6a8fe0be5cd2edb1560bfc3f3094c3d34f2d2b0. buildbot found an error option.c: In function 'dhcp_context_free': option.c:1042:15: error: 'struct dhcp_context' has no member named 'template_interface' free(ctx->template_interface); revert for the moment Signed-off-by: Kevin Darbyshire-Bryant --- ...-68f6312d4bae30b78daafcd6f51dc441b8685b1e.patch | 41 ---------------------- 1 file changed, 41 deletions(-) delete mode 100644 package/network/services/dnsmasq/patches/0009-Revert-68f6312d4bae30b78daafcd6f51dc441b8685b1e.patch (limited to 'package/network/services/dnsmasq/patches/0009-Revert-68f6312d4bae30b78daafcd6f51dc441b8685b1e.patch') diff --git a/package/network/services/dnsmasq/patches/0009-Revert-68f6312d4bae30b78daafcd6f51dc441b8685b1e.patch b/package/network/services/dnsmasq/patches/0009-Revert-68f6312d4bae30b78daafcd6f51dc441b8685b1e.patch deleted file mode 100644 index ff9ddd842c..0000000000 --- a/package/network/services/dnsmasq/patches/0009-Revert-68f6312d4bae30b78daafcd6f51dc441b8685b1e.patch +++ /dev/null @@ -1,41 +0,0 @@ -From 122392e0b352507cabb9e982208d35d2e56902e0 Mon Sep 17 00:00:00 2001 -From: Simon Kelley -Date: Wed, 31 Oct 2018 22:24:02 +0000 -Subject: [PATCH 09/11] Revert 68f6312d4bae30b78daafcd6f51dc441b8685b1e - -The above is intended to increase robustness, but actually does the -opposite. The problem is that by ignoring SERVFAIL messages and hoping -for a better answer from another of the servers we've forwarded to, -we become vulnerable in the case that one or more of the configured -servers is down or not responding. - -Consider the case that a domain is indeed BOGUS, and we've send the -query to n servers. With 68f6312d4bae30b78daafcd6f51dc441b8685b1e -we ignore the first n-1 SERVFAIL replies, and only return the -final n'th answer to the client. Now, if one of the servers we are -forwarding to is down, then we won't get all n replies, and the -client will never get an answer! This is a far more likely scenario -than a temporary SERVFAIL from only one of a set of notionally identical -servers, so, on the ground of robustness, we have to believe -any SERVFAIL answers we get, and return them to the client. - -The client could be using the same recursive servers we are, -so it should, in theory, retry on SERVFAIL anyway. - -Signed-off-by: Kevin Darbyshire-Bryant ---- - src/forward.c | 3 +-- - 1 file changed, 1 insertion(+), 2 deletions(-) - ---- a/src/forward.c -+++ b/src/forward.c -@@ -957,8 +957,7 @@ void reply_query(int fd, int family, tim - we get a good reply from another server. Kill it when we've - had replies from all to avoid filling the forwarding table when - everything is broken */ -- if (forward->forwardall == 0 || --forward->forwardall == 1 || -- (RCODE(header) != REFUSED && RCODE(header) != SERVFAIL)) -+ if (forward->forwardall == 0 || --forward->forwardall == 1 || RCODE(header) != REFUSED) - { - int check_rebind = 0, no_cache_dnssec = 0, cache_secure = 0, bogusanswer = 0; - -- cgit v1.2.3