KumiSystems/openwrtv3
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
openwrtv3/package/network/services/dnsmasq/patches/220-try-all-servers-on-fail.patch
Kevin Darbyshire-Bryant 3bef96ef18 dnsmasq: update to dnsmasq 2.77test1 
Bump to dnsmasq 2.77test1 - this includes a number of fixes since 2.76
and allows dropping of 2 LEDE carried patches.

Notable fix in rrfilter code when talking to Nominum's DNS servers
especially with DNSSEC.

A patch to switch dnsmasq back to 'soft fail' for SERVFAIL responses
from dns servers is also included.  This mean dnsmasq tries all
configured servers before giving up.

A 'localise queries' enhancement has also been backported (it will
appear in test2/rc'n') this is especially important if using the
recently imported to LEDE 'use dnsmasq standalone' feature 9525743c

I have been following dnsmasq HEAD ever since 2.76 release.
Compile & Run tested: ar71xx, Archer C7 v2

Tested-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
2017-02-05 22:26:23 +01:00

30 lines
1.2 KiB
Diff
Raw Blame History

From 94a8815892f538b334d640012eebcafc2c7fa284 Mon Sep 17 00:00:00 2001
From: Martin Wetterwald <martin.wetterwald@corp.ovh.com>
Date: Thu, 27 Oct 2016 12:17:03 +0200
Subject: [PATCH] Consider SERVFAIL as a non-successful response
Treat Servfail as a recoverable error instead of a hard error.
A misconfigured dns forwarder upstream can return a Servfail faster than
a correctly configured one.
In the case of a dnssec misbehaving, it will misbehave on all correctly
configured upstreams. In the case of a normal DNS query, the original
behavior of dnsmasq here was more robust.
---
src/forward.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/src/forward.c
+++ b/src/forward.c
@@ -853,7 +853,8 @@ void reply_query(int fd, int family, tim
we get a good reply from another server. Kill it when we've
had replies from all to avoid filling the forwarding table when
everything is broken */
- if (forward->forwardall == 0 || --forward->forwardall == 1 || RCODE(header) != REFUSED)
+ if (forward->forwardall == 0 || --forward->forwardall == 1
+ || (RCODE(header) != REFUSED && RCODE(header) != SERVFAIL))
{
int check_rebind = 0, no_cache_dnssec = 0, cache_secure = 0, bogusanswer = 0;
Reference in a new issue View git blame Copy permalink