blob: 501eefebb557f0539a09c0b03b4a29637df06c3d (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
|
From 94a8815892f538b334d640012eebcafc2c7fa284 Mon Sep 17 00:00:00 2001
From: Martin Wetterwald <martin.wetterwald@corp.ovh.com>
Date: Thu, 27 Oct 2016 12:17:03 +0200
Subject: [PATCH] Consider SERVFAIL as a non-successful response
Treat Servfail as a recoverable error instead of a hard error.
A misconfigured dns forwarder upstream can return a Servfail faster than
a correctly configured one.
In the case of a dnssec misbehaving, it will misbehave on all correctly
configured upstreams. In the case of a normal DNS query, the original
behavior of dnsmasq here was more robust.
---
src/forward.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/src/forward.c
+++ b/src/forward.c
@@ -853,7 +853,8 @@ void reply_query(int fd, int family, tim
we get a good reply from another server. Kill it when we've
had replies from all to avoid filling the forwarding table when
everything is broken */
- if (forward->forwardall == 0 || --forward->forwardall == 1 || RCODE(header) != REFUSED)
+ if (forward->forwardall == 0 || --forward->forwardall == 1
+ || (RCODE(header) != REFUSED && RCODE(header) != SERVFAIL))
{
int check_rebind = 0, no_cache_dnssec = 0, cache_secure = 0, bogusanswer = 0;
|
