Package: bind9 / 1:9.16.50-1~deb11u2

0016-Clear-DNS_FETCHOPT_TRYSTALE_ONTIMEOUT.patch Patch series | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
 
From: Mark Andrews <marka@isc.org>
Date: Wed, 3 Apr 2024 17:37:14 +1100
Subject: Clear DNS_FETCHOPT_TRYSTALE_ONTIMEOUT

When calling dns_resolver_createfetch in resolver.c with a callback
of resume_dslookup, clear DNS_FETCHOPT_TRYSTALE_ONTIMEOUT from
options as DNS_EVENT_TRYSTALE is not an expected event type and
triggers a REQUIRE.

(cherry picked from commit 6faea6da3d646557d234d63ddd5d524d222e8082)
---
 lib/dns/resolver.c | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c
index 0952624..4c62132 100644
--- a/lib/dns/resolver.c
+++ b/lib/dns/resolver.c
@@ -7621,6 +7621,7 @@ resume_dslookup(isc_task_t *task, isc_event_t *event) {
 	dns_rdataset_t nameservers;
 	dns_fixedname_t fixed;
 	dns_name_t *domain;
+	unsigned int options;
 
 	REQUIRE(event->ev_type == DNS_EVENT_FETCHDONE);
 	fevent = (dns_fetchevent_t *)event;
@@ -7730,9 +7731,10 @@ resume_dslookup(isc_task_t *task, isc_event_t *event) {
 
 		FCTXTRACE("continuing to look for parent's NS records");
 
+		options = fctx->options & ~DNS_FETCHOPT_TRYSTALE_ONTIMEOUT;
 		result = dns_resolver_createfetch(
 			fctx->res, &fctx->nsname, dns_rdatatype_ns, domain,
-			nsrdataset, NULL, NULL, 0, fctx->options, 0, NULL, task,
+			nsrdataset, NULL, NULL, 0, options, 0, NULL, task,
 			resume_dslookup, fctx, &fctx->nsrrset, NULL,
 			&fctx->nsfetch);
 		/*
@@ -10059,7 +10061,7 @@ static void
 rctx_chaseds(respctx_t *rctx, dns_message_t *message,
 	     dns_adbaddrinfo_t *addrinfo, isc_result_t result) {
 	fetchctx_t *fctx = rctx->fctx;
-	unsigned int n;
+	unsigned int n, options;
 
 	add_bad(fctx, message, addrinfo, result, rctx->broken_type);
 	fctx_cancelqueries(fctx, true, false);
@@ -10071,10 +10073,11 @@ rctx_chaseds(respctx_t *rctx, dns_message_t *message,
 
 	FCTXTRACE("suspending DS lookup to find parent's NS records");
 
+	options = fctx->options & ~DNS_FETCHOPT_TRYSTALE_ONTIMEOUT;
 	result = dns_resolver_createfetch(
 		fctx->res, &fctx->nsname, dns_rdatatype_ns, NULL, NULL, NULL,
-		NULL, 0, fctx->options, 0, NULL, rctx->task, resume_dslookup,
-		fctx, &fctx->nsrrset, NULL, &fctx->nsfetch);
+		NULL, 0, options, 0, NULL, rctx->task, resume_dslookup, fctx,
+		&fctx->nsrrset, NULL, &fctx->nsfetch);
 	if (result != ISC_R_SUCCESS) {
 		if (result == DNS_R_DUPLICATE) {
 			result = DNS_R_SERVFAIL;