diff options
author | Matthias Andree <mandree@FreeBSD.org> | 2022-09-26 16:18:48 +0000 |
---|---|---|
committer | Matthias Andree <mandree@FreeBSD.org> | 2022-09-26 16:20:57 +0000 |
commit | 7bf80ce8165de85b5c550ea7aba984c6093a9496 (patch) | |
tree | 2b47b9250adc857388641fbfb000f3bfce388454 | |
parent | 5c93e51f3373dc480fa8fd58c68fd9e34197c9dd (diff) | |
download | ports-7bf80ce8165de85b5c550ea7aba984c6093a9496.tar.gz ports-7bf80ce8165de85b5c550ea7aba984c6093a9496.zip |
dns/dnsmasq*: update to v2.87
and set dnsmasq-devel port to IGNORE.
Changelog:
https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=blob_plain;f=CHANGELOG;hb=v2.87
https://www.mail-archive.com/dnsmasq-discuss@lists.thekelleys.org.uk/msg16445.html
MFH: 2022Q3
-rw-r--r-- | dns/dnsmasq-devel/Makefile | 2 | ||||
-rw-r--r-- | dns/dnsmasq/Makefile | 4 | ||||
-rw-r--r-- | dns/dnsmasq/distinfo | 6 | ||||
-rw-r--r-- | dns/dnsmasq/files/patch-CVE-2022-0934 | 175 | ||||
-rw-r--r-- | dns/dnsmasq/files/patch-ag-document-2.86--address | 40 | ||||
-rw-r--r-- | dns/dnsmasq/files/patch-src_network.c | 81 | ||||
-rw-r--r-- | dns/dnsmasq/files/patch-zg-089a11f3400485f215f5e29c77e41d7730f2c806 | 36 | ||||
-rw-r--r-- | dns/dnsmasq/files/patch-zg-2561f9fe0eb9c0be1df48da1e2bd3d3feaa138c2 | 63 | ||||
-rw-r--r-- | dns/dnsmasq/files/patch-zg-ed96efd865132dd9aa256c7873c6cdd5e985ee23 | 95 |
9 files changed, 6 insertions, 496 deletions
diff --git a/dns/dnsmasq-devel/Makefile b/dns/dnsmasq-devel/Makefile index 764495598932..0a6eabf5df60 100644 --- a/dns/dnsmasq-devel/Makefile +++ b/dns/dnsmasq-devel/Makefile @@ -14,7 +14,7 @@ MAINTAINER= mandree@FreeBSD.org COMMENT= Lightweight DNS forwarder, DHCP, and TFTP server WWW= https://www.thekelleys.org.uk/dnsmasq/doc.html -#IGNORE= please use dns/dnsmasq, which is newer # re-enable after 2.87 release +IGNORE= please use dns/dnsmasq, which is newer # re-enable after 2.87 release DEPRECATED= Short-lived test branch, to be removed after v2.87 release LICENSE= GPLv2 diff --git a/dns/dnsmasq/Makefile b/dns/dnsmasq/Makefile index a47070f508b8..cd02ae85102c 100644 --- a/dns/dnsmasq/Makefile +++ b/dns/dnsmasq/Makefile @@ -1,7 +1,7 @@ PORTNAME= dnsmasq -DISTVERSION= 2.86 +DISTVERSION= 2.87 # Leave the PORTREVISION in even if 0 to avoid accidental PORTEPOCH bumps: -PORTREVISION= 4 +PORTREVISION= 0 PORTEPOCH= 1 CATEGORIES= dns MASTER_SITES= https://www.thekelleys.org.uk/dnsmasq/ \ diff --git a/dns/dnsmasq/distinfo b/dns/dnsmasq/distinfo index 0ff4fb7359ee..20fad2432312 100644 --- a/dns/dnsmasq/distinfo +++ b/dns/dnsmasq/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1631169589 -SHA256 (dnsmasq-2.86.tar.xz) = 28d52cfc9e2004ac4f85274f52b32e1647b4dbc9761b82e7de1e41c49907eb08 -SIZE (dnsmasq-2.86.tar.xz) = 531404 +TIMESTAMP = 1664208536 +SHA256 (dnsmasq-2.87.tar.xz) = 0228c0364a7f2356fd7e7f1549937cbf3099a78d3b2eb1ba5bb0c31e2b89de7a +SIZE (dnsmasq-2.87.tar.xz) = 540528 diff --git a/dns/dnsmasq/files/patch-CVE-2022-0934 b/dns/dnsmasq/files/patch-CVE-2022-0934 deleted file mode 100644 index c063e15b2e34..000000000000 --- a/dns/dnsmasq/files/patch-CVE-2022-0934 +++ /dev/null @@ -1,175 +0,0 @@ -From dcc62a514092c8afeab4e502db9e65f03c2e1d47 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com> -Date: Tue, 22 Feb 2022 00:45:01 +0100 -Subject: [PATCH] Change message type by dedicated function - -Long-term pointer to beginning of message does not work well. I case -outpacket is reallocated in any new_opt6() section, original outmsgtypep -pointer becomes invalid. Instead of using that pointer use dedicated -function, which will change just the first byte of the message. - -This makes sure correct beginning of packet is always used. ---- - src/dnsmasq.h | 1 + - src/outpacket.c | 11 +++++++++++ - src/rfc3315.c | 29 ++++++++++++++--------------- - 3 files changed, 26 insertions(+), 15 deletions(-) - -diff --git a/src/dnsmasq.h b/src/dnsmasq.h -index 51a1aa6..c1c75c1 100644 ---- a/src/dnsmasq.h -+++ b/src/dnsmasq.h -@@ -1736,6 +1736,7 @@ void put_opt6_long(unsigned int val); - void put_opt6_short(unsigned int val); - void put_opt6_char(unsigned int val); - void put_opt6_string(char *s); -+void put_msgtype6(unsigned int val); - #endif - - /* radv.c */ -diff --git a/src/outpacket.c b/src/outpacket.c -index abb3a3a..f322811 100644 ---- a/src/outpacket.c -+++ b/src/outpacket.c -@@ -115,4 +115,15 @@ void put_opt6_string(char *s) - put_opt6(s, strlen(s)); - } - -+void put_msgtype6(unsigned int val) -+{ -+ if (outpacket_counter == 0) -+ put_opt6_char(val); -+ else -+ { -+ unsigned char *p = daemon->outpacket.iov_base; -+ *p = val; -+ } -+} -+ - #endif -diff --git a/src/rfc3315.c b/src/rfc3315.c -index cee8382..baeb51e 100644 ---- a/src/rfc3315.c -+++ b/src/rfc3315.c -@@ -110,7 +110,6 @@ static int dhcp6_maybe_relay(struct state *state, void *inbuff, size_t sz, - void *end = inbuff + sz; - void *opts = inbuff + 34; - int msg_type = *((unsigned char *)inbuff); -- unsigned char *outmsgtypep; - void *opt; - struct dhcp_vendor *vendor; - -@@ -192,9 +191,9 @@ static int dhcp6_maybe_relay(struct state *state, void *inbuff, size_t sz, - return 0; - - /* copy header stuff into reply message and set type to reply */ -- if (!(outmsgtypep = put_opt6(inbuff, 34))) -+ if (!put_opt6(inbuff, 34)) - return 0; -- *outmsgtypep = DHCP6RELAYREPL; -+ put_msgtype6(DHCP6RELAYREPL); - - /* look for relay options and set tags if found. */ - for (vendor = daemon->dhcp_vendors; vendor; vendor = vendor->next) -@@ -267,7 +266,7 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_ - struct dhcp_netid *tagif; - struct dhcp_config *config = NULL; - struct dhcp_netid known_id, iface_id, v6_id; -- unsigned char *outmsgtypep; -+ unsigned char *xid; - struct dhcp_vendor *vendor; - struct dhcp_context *context_tmp; - struct dhcp_mac *mac_opt; -@@ -297,10 +296,10 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_ - state->tags = &v6_id; - - /* copy over transaction-id, and save pointer to message type */ -- if (!(outmsgtypep = put_opt6(inbuff, 4))) -+ if (!(xid = put_opt6(inbuff, 4))) - return 0; - start_opts = save_counter(-1); -- state->xid = outmsgtypep[3] | outmsgtypep[2] << 8 | outmsgtypep[1] << 16; -+ state->xid = xid[3] | xid[2] << 8 | xid[1] << 16; - - /* We're going to be linking tags from all context we use. - mark them as unused so we don't link one twice and break the list */ -@@ -347,7 +346,7 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_ - (msg_type == DHCP6REQUEST || msg_type == DHCP6RENEW || msg_type == DHCP6RELEASE || msg_type == DHCP6DECLINE)) - - { -- *outmsgtypep = DHCP6REPLY; -+ put_msgtype6(DHCP6REPLY); - o1 = new_opt6(OPTION6_STATUS_CODE); - put_opt6_short(DHCP6USEMULTI); - put_opt6_string("Use multicast"); -@@ -619,11 +618,11 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_ - struct dhcp_netid *solicit_tags; - struct dhcp_context *c; - -- *outmsgtypep = DHCP6ADVERTISE; -+ put_msgtype6(DHCP6ADVERTISE); - - if (opt6_find(state->packet_options, state->end, OPTION6_RAPID_COMMIT, 0)) - { -- *outmsgtypep = DHCP6REPLY; -+ put_msgtype6(DHCP6REPLY); - state->lease_allocate = 1; - o = new_opt6(OPTION6_RAPID_COMMIT); - end_opt6(o); -@@ -809,7 +808,7 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_ - int start = save_counter(-1); - - /* set reply message type */ -- *outmsgtypep = DHCP6REPLY; -+ put_msgtype6(DHCP6REPLY); - state->lease_allocate = 1; - - log6_quiet(state, "DHCPREQUEST", NULL, ignore ? _("ignored") : NULL); -@@ -924,7 +923,7 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_ - int address_assigned = 0; - - /* set reply message type */ -- *outmsgtypep = DHCP6REPLY; -+ put_msgtype6(DHCP6REPLY); - - log6_quiet(state, msg_type == DHCP6RENEW ? "DHCPRENEW" : "DHCPREBIND", NULL, NULL); - -@@ -1057,7 +1056,7 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_ - int good_addr = 0; - - /* set reply message type */ -- *outmsgtypep = DHCP6REPLY; -+ put_msgtype6(DHCP6REPLY); - - log6_quiet(state, "DHCPCONFIRM", NULL, NULL); - -@@ -1121,7 +1120,7 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_ - log6_quiet(state, "DHCPINFORMATION-REQUEST", NULL, ignore ? _("ignored") : state->hostname); - if (ignore) - return 0; -- *outmsgtypep = DHCP6REPLY; -+ put_msgtype6(DHCP6REPLY); - tagif = add_options(state, 1); - break; - } -@@ -1130,7 +1129,7 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_ - case DHCP6RELEASE: - { - /* set reply message type */ -- *outmsgtypep = DHCP6REPLY; -+ put_msgtype6(DHCP6REPLY); - - log6_quiet(state, "DHCPRELEASE", NULL, NULL); - -@@ -1195,7 +1194,7 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_ - case DHCP6DECLINE: - { - /* set reply message type */ -- *outmsgtypep = DHCP6REPLY; -+ put_msgtype6(DHCP6REPLY); - - log6_quiet(state, "DHCPDECLINE", NULL, NULL); - --- -2.34.1 - diff --git a/dns/dnsmasq/files/patch-ag-document-2.86--address b/dns/dnsmasq/files/patch-ag-document-2.86--address deleted file mode 100644 index a1bb3f6cc5a2..000000000000 --- a/dns/dnsmasq/files/patch-ag-document-2.86--address +++ /dev/null @@ -1,40 +0,0 @@ ---- ./CHANGELOG.orig 2022-02-06 11:07:17 UTC -+++ ./CHANGELOG -@@ -5,6 +5,14 @@ version 2.87 - Replace --address=/#/..... functionality which got - missed in the 2.86 domain search rewrite. - -+ Note in manpage the change in behaviour of -address. This behaviour -+ actually changed in v2.86, but was undocumented there. From 2.86 on, -+ (eg) --address=/example.com/1.2.3.4 ONLY applies to A queries. All other -+ types of query will be sent upstream. Pre 2.86, that would catch the -+ whole example.com domain and queries for other types would get -+ a local NODATA answer. The pre-2.86 behaviour is still available, -+ by configuring --address=/example.com/1.2.3.4 --local=/example.com/ -+ - - version 2.86 - Handle DHCPREBIND requests in the DHCPv6 server code. ---- ./man/dnsmasq.8.orig 2021-09-08 20:21:22 UTC -+++ ./man/dnsmasq.8 -@@ -515,7 +515,7 @@ is exactly equivalent to - .TP - .B \-A, --address=/<domain>[/<domain>...]/[<ipaddr>] - Specify an IP address to return for any host in the given domains. --Queries in the domains are never forwarded and always replied to -+A (or AAAA) queries in the domains are never forwarded and always replied to - with the specified IP address which may be IPv4 or IPv6. To give - both IPv4 and IPv6 addresses for a domain, use repeated \fB--address\fP flags. - To include multiple IP addresses for a single query, use -@@ -537,6 +537,11 @@ address of 0.0.0.0 and its IPv6 equivalent of :: so - its subdomains. This is partly syntactic sugar for \fB--address=/example.com/0.0.0.0\fP - and \fB--address=/example.com/::\fP but is also more efficient than including both - as separate configuration lines. Note that NULL addresses normally work in the same way as localhost, so beware that clients looking up these names are likely to end up talking to themselves. -+ -+Note that the behaviour for queries which don't match the specified address literal changed in version 2.86. -+Previous versions, configured with (eg) --address=/example.com/1.2.3.4 and then queried for a RR type other than -+A would return a NoData answer. From 2.86, the query is sent upstream. To restore the pre-2.86 behaviour, -+use the configuration --address=/example.com/1.2.3.4 --local=/example.com/ - .TP - .B --ipset=/<domain>[/<domain>...]/<ipset>[,<ipset>...] - Places the resolved IP addresses of queries for one or more domains in diff --git a/dns/dnsmasq/files/patch-src_network.c b/dns/dnsmasq/files/patch-src_network.c deleted file mode 100644 index 53b6545ddff4..000000000000 --- a/dns/dnsmasq/files/patch-src_network.c +++ /dev/null @@ -1,81 +0,0 @@ -From 26bbf5a314d833beaf0f147d24409969f05f3dba Mon Sep 17 00:00:00 2001 -From: Simon Kelley <simon@thekelleys.org.uk> -Date: Thu, 23 Sep 2021 10:54:46 +0100 -Subject: [PATCH] Fix --address=/#/...... which was lost in 2.86 - -A victim of the domain-search rewrite. Apologies. ---- - CHANGELOG | 8 ++++++++ - src/network.c | 3 ++- - src/option.c | 17 ++++++++++++----- - 3 files changed, 22 insertions(+), 6 deletions(-) - -diff --git a/CHANGELOG b/CHANGELOG -index 5e54df9..8652dd8 100644 ---- a/CHANGELOG -+++ b/CHANGELOG -@@ -1,3 +1,11 @@ -+version 2.87 -+ Allow arbitrary prefix lengths in --rev-server and -+ --domain=....,local -+ -+ Replace --address=/#/..... functionality which got -+ missed in the 2.86 domain search rewrite. -+ -+ - version 2.86 - Handle DHCPREBIND requests in the DHCPv6 server code. - Thanks to Aichun Li for spotting this omission, and the initial -diff --git a/src/network.c b/src/network.c -index 296c7bd..3c1c176 100644 ---- a/src/network.c -+++ b/src/network.c -@@ -1626,7 +1626,8 @@ void check_servers(int no_loop_check) - continue; - - if ((serv->flags & SERV_LITERAL_ADDRESS) && -- !(serv->flags & (SERV_6ADDR | SERV_4ADDR | SERV_ALL_ZEROS))) -+ !(serv->flags & (SERV_6ADDR | SERV_4ADDR | SERV_ALL_ZEROS)) && -+ strlen(serv->domain)) - { - count--; - if (++locals <= LOCALS_LOGGED) -diff --git a/src/option.c b/src/option.c -index e64c3ab..54d89aa 100644 ---- a/src/option.c -+++ b/src/option.c -@@ -2764,7 +2764,7 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma - - if (!arg || !*arg) - flags = SERV_LITERAL_ADDRESS; -- else if (option == 'A') -+ else if (option != 'S') - { - /* # as literal address means return zero address for 4 and 6 */ - if (strcmp(arg, "#") == 0) -@@ -2788,11 +2788,18 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma - while (1) - { - /* server=//1.2.3.4 is special. */ -- if (strlen(domain) == 0 && lastdomain) -- flags |= SERV_FOR_NODOTS; -- else -- flags &= ~SERV_FOR_NODOTS; -+ if (lastdomain) -+ { -+ if (strlen(domain) == 0) -+ flags |= SERV_FOR_NODOTS; -+ else -+ flags &= ~SERV_FOR_NODOTS; - -+ /* address=/#/ matches the same as without domain */ -+ if (option != 'S' && domain[0] == '#' && domain[1] == 0) -+ domain[0] = 0; -+ } -+ - if (!add_update_server(flags, &serv_addr, &source_addr, interface, domain, &addr)) - ret_err(gen_err); - --- -2.20.1 - diff --git a/dns/dnsmasq/files/patch-zg-089a11f3400485f215f5e29c77e41d7730f2c806 b/dns/dnsmasq/files/patch-zg-089a11f3400485f215f5e29c77e41d7730f2c806 deleted file mode 100644 index 5f9ec816b4b1..000000000000 --- a/dns/dnsmasq/files/patch-zg-089a11f3400485f215f5e29c77e41d7730f2c806 +++ /dev/null @@ -1,36 +0,0 @@ -From 089a11f3400485f215f5e29c77e41d7730f2c806 Mon Sep 17 00:00:00 2001 -From: DL6ER <dl6er@dl6er.de> -Date: Tue, 5 Oct 2021 10:15:21 +0200 -Subject: [PATCH] --local should behave as --server, not as --address according - to the man page - -Signed-off-by: DL6ER <dl6er@dl6er.de> ---- - src/option.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/option.c b/src/option.c -index 5307f01..dc1efd3 100644 ---- a/src/option.c -+++ b/src/option.c -@@ -2758,7 +2758,7 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma - - if (!arg || !*arg) - flags = SERV_LITERAL_ADDRESS; -- else if (option != 'S') -+ else if (option == 'A') - { - /* # as literal address means return zero address for 4 and 6 */ - if (strcmp(arg, "#") == 0) -@@ -2790,7 +2790,7 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma - flags &= ~SERV_FOR_NODOTS; - - /* address=/#/ matches the same as without domain */ -- if (option != 'S' && domain[0] == '#' && domain[1] == 0) -+ if (option == 'A' && domain[0] == '#' && domain[1] == 0) - domain[0] = 0; - } - --- -2.20.1 - diff --git a/dns/dnsmasq/files/patch-zg-2561f9fe0eb9c0be1df48da1e2bd3d3feaa138c2 b/dns/dnsmasq/files/patch-zg-2561f9fe0eb9c0be1df48da1e2bd3d3feaa138c2 deleted file mode 100644 index 7de1f6d44912..000000000000 --- a/dns/dnsmasq/files/patch-zg-2561f9fe0eb9c0be1df48da1e2bd3d3feaa138c2 +++ /dev/null @@ -1,63 +0,0 @@ -From 2561f9fe0eb9c0be1df48da1e2bd3d3feaa138c2 Mon Sep 17 00:00:00 2001 -From: Simon Kelley <simon@thekelleys.org.uk> -Date: Mon, 27 Sep 2021 22:37:02 +0100 -Subject: [PATCH] Fix confusion in DNS retries and --strict-order. - -Behaviour to stop infinite loops when all servers return REFUSED -was wrongly activated on client retries, resulting in -incorrect REFUSED replies to client retries. - -Thanks to Johannes Stezenbach for finding the problem. ---- - src/forward.c | 20 ++++++++++++++++---- - 1 file changed, 16 insertions(+), 4 deletions(-) - -diff --git a/src/forward.c b/src/forward.c -index b921168..ceecfcd 100644 ---- a/src/forward.c -+++ b/src/forward.c -@@ -173,7 +173,7 @@ static int forward_query(int udpfd, union mysockaddr *udpaddr, - unsigned int gotname = extract_request(header, plen, daemon->namebuff, NULL); - void *hash = hash_questions(header, plen, daemon->namebuff); - unsigned char *oph = find_pseudoheader(header, plen, NULL, NULL, NULL, NULL); -- int old_src = 0; -+ int old_src = 0, old_reply = 0; - int first, last, start = 0; - int subnet, cacheable, forwarded = 0; - size_t edns0_len; -@@ -199,7 +199,10 @@ static int forward_query(int udpfd, union mysockaddr *udpaddr, - Similarly FREC_NO_CACHE is never set in flags, so a query which is - contigent on a particular source address EDNS0 option will never be matched. */ - if (forward) -- old_src = 1; -+ { -+ old_src = 1; -+ old_reply = 1; -+ } - else if ((forward = lookup_frec_by_query(hash, fwd_flags, - FREC_CHECKING_DISABLED | FREC_AD_QUESTION | FREC_DO_QUESTION | - FREC_HAS_PHEADER | FREC_DNSKEY_QUERY | FREC_DS_QUERY | FREC_NO_CACHE))) -@@ -376,9 +379,18 @@ static int forward_query(int udpfd, union mysockaddr *udpaddr, - /* In strict order mode, there must be a server later in the list - left to send to, otherwise without the forwardall mechanism, - code further on will cycle around the list forwever if they -- all return REFUSED. If at the last, give up. */ -+ all return REFUSED. If at the last, give up. -+ Note that we can get here EITHER because a client retried, -+ or an upstream server returned REFUSED. The above only -+ applied in the later case. For client retries, -+ keep tyring the last server.. */ - if (++start == last) -- goto reply; -+ { -+ if (old_reply) -+ goto reply; -+ else -+ start--; -+ } - } - } - } --- -2.20.1 - diff --git a/dns/dnsmasq/files/patch-zg-ed96efd865132dd9aa256c7873c6cdd5e985ee23 b/dns/dnsmasq/files/patch-zg-ed96efd865132dd9aa256c7873c6cdd5e985ee23 deleted file mode 100644 index f042376ad019..000000000000 --- a/dns/dnsmasq/files/patch-zg-ed96efd865132dd9aa256c7873c6cdd5e985ee23 +++ /dev/null @@ -1,95 +0,0 @@ -From ed96efd865132dd9aa256c7873c6cdd5e985ee23 Mon Sep 17 00:00:00 2001 -From: Simon Kelley <simon@thekelleys.org.uk> -Date: Wed, 1 Dec 2021 16:34:41 +0000 -Subject: [PATCH] Fix confusion with log-IDs and DNS retries. - -The IDs logged when --log-queries=extra is in effect -can be wrong in three cases. - -1) When query is retried in response to a a SERVFAIL or REFUSED -answer from upstream. In this case the ID of an unrelated query will -appear in the answer log lines. - -2) When the same query arrives from two clients. The query is -sent upstream once, as designed, and the result returned to both clients, -as designed, but the reply to the first client gets the log-ID of the -second query in error. - -3) When a query arrives, is sent upstream, and the reply comes back, -but the transaction is blocked awaiting a DNSSEC query needed to validate -the reply. If the client retries the query in this state, the blocking -DNSSEC query will be resent, as designed, but that send will be logged with -the ID of the original, currently blocked, query. - -Thanks to Dominik Derigs for his analysis of this problem. ---- - src/forward.c | 18 +++++++++++------- - 1 file changed, 11 insertions(+), 7 deletions(-) - -diff --git a/src/forward.c b/src/forward.c -index 5c0173c..163da09 100644 ---- a/src/forward.c -+++ b/src/forward.c -@@ -215,7 +215,11 @@ static int forward_query(int udpfd, union mysockaddr *udpaddr, - break; - - if (src) -- old_src = 1; -+ { -+ old_src = 1; -+ /* If a query is retried, use the log_id for the retry when logging the answer. */ -+ src->log_id = daemon->log_id; -+ } - else - { - /* Existing query, but from new source, just add this -@@ -286,6 +290,7 @@ static int forward_query(int udpfd, union mysockaddr *udpaddr, - goto reply; - /* table full - flags == 0, return REFUSED */ - -+ forward->frec_src.log_id = daemon->log_id; - forward->frec_src.source = *udpaddr; - forward->frec_src.orig_id = ntohs(header->id); - forward->frec_src.dest = *dst_addr; -@@ -329,7 +334,6 @@ static int forward_query(int udpfd, union mysockaddr *udpaddr, - } - else - { -- /* retry on existing query, from original source. Send to all available servers */ - #ifdef HAVE_DNSSEC - /* If we've already got an answer to this query, but we're awaiting keys for validation, - there's no point retrying the query, retry the key query instead...... */ -@@ -340,7 +344,10 @@ static int forward_query(int udpfd, union mysockaddr *udpaddr, - - while (forward->blocking_query) - forward = forward->blocking_query; -- -+ -+ /* log_id should match previous DNSSEC query. */ -+ daemon->log_display_id = forward->frec_src.log_id; -+ - blockdata_retrieve(forward->stash, forward->stash_len, (void *)header); - plen = forward->stash_len; - /* get query for logging. */ -@@ -383,7 +390,7 @@ static int forward_query(int udpfd, union mysockaddr *udpaddr, - Note that we can get here EITHER because a client retried, - or an upstream server returned REFUSED. The above only - applied in the later case. For client retries, -- keep tyring the last server.. */ -+ keep trying the last server.. */ - if (++start == last) - { - if (old_reply) -@@ -402,9 +409,6 @@ static int forward_query(int udpfd, union mysockaddr *udpaddr, - forward->flags |= FREC_TEST_PKTSZ; - } - -- /* If a query is retried, use the log_id for the retry when logging the answer. */ -- forward->frec_src.log_id = daemon->log_id; -- - /* We may be resending a DNSSEC query here, for which the below processing is not necessary. */ - if (!is_dnssec) - { --- -2.20.1 - |