[Dnsmasq-discuss] [PATCH v2] fix dns failover in strict mode when DNS server returns REFUSED
Simon Kelley
simon at thekelleys.org.uk
Tue Jun 27 22:19:16 BST 2017
Patch applied.
Cheers,
Simon.
On 26/06/17 15:13, Hans Dedecker wrote:
> If a DNS server replies REFUSED for a given DNS query in strict order mode
> no failover to the next DNS server is triggered as the failover logic only
> covers non strict mode.
> As a result the client will be returned the REFUSED reply without first
> falling back to the secondary DNS server(s).
>
> Make failover support work as well for strict mode config in case REFUSED is
> replied by deleting the strict order check and rely only on forwardall being
> equal to 0 which is the case in non strict mode when a single server has been
> contacted or when strict order mode has been configured.
>
> Signed-off-by: Hans Dedecker <dedeckeh at gmail.com>
> Signed-off-by: Mi Feng <bear.mif at gmail.com>
> ---
> v1 -> v2: leave out OPT_ORDER check completely
>
> src/forward.c | 1 -
> 1 file changed, 1 deletion(-)
>
> diff --git a/src/forward.c b/src/forward.c
> index 4a3f831..f22556a 100644
> --- a/src/forward.c
> +++ b/src/forward.c
> @@ -790,7 +790,6 @@ void reply_query(int fd, int family, time_t now)
> /* Note: if we send extra options in the EDNS0 header, we can't recreate
> the query from the reply. */
> if (RCODE(header) == REFUSED &&
> - !option_bool(OPT_ORDER) &&
> forward->forwardall == 0 &&
> !(forward->flags & FREC_HAS_EXTRADATA))
> /* for broken servers, attempt to send to another one. */
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20170627/b1ee6639/attachment.sig>
More information about the Dnsmasq-discuss
mailing list