Fix wrong reply to simple name when --domain-needed set and no servers configured.

Also return REFUSED and not SERVFAIL when out of memory. Thanks to Allain Legacy for problem report.

Fix wrong reply to simple name when --domain-needed set and no servers configured.
Also return REFUSED and not SERVFAIL when out of memory. Thanks to Allain Legacy for problem report.
d05dd58d · Simon Kelley · f7443d76 · d05dd58d · d05dd58d · d05dd58d
Commit d05dd58d authored Jan 19, 2016 by Simon Kelley
Hide whitespace changes
Inline Side-by-side

Showing with 17 additions and 9 deletions

CHANGELOG CHANGELOG +9 -0

src/forward.c src/forward.c +7 -6

src/rfc1035.c src/rfc1035.c +1 -3

No files found.
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -22,6 +22,15 @@ version 2.76
 	    reading a hosts-file fails. Thanks to André Glüpker 
 	    for the patch.
+	    Fix wrong answer to simple name query when --domain-needed
+	    set, but no upstream servers configured. Dnsmasq returned
+	    REFUSED, in this case, when it should be the same as when
+	    upstream servers are configured - NOERROR. Thanks to 
+	    Allain Legacy for spotting the problem.
+	    Return REFUSED when running out of forwarding table slots,
+	    not SERVFAIL.
 version 2.75
            Fix reversion on 2.74 which caused 100% CPU use when a 

--- a/src/forward.c
+++ b/src/forward.c
@@ -249,9 +249,7 @@ static int forward_query(int udpfd, union mysockaddr *udpaddr,
 (void)do_bit;
  /* may be no servers available. */
-  if (!daemon->servers)
+  if (forward || (hash && (forward = lookup_frec_by_sender(ntohs(header->id), udpaddr, hash))))
-    forward = NULL;
-  else if (forward || (hash && (forward = lookup_frec_by_sender(ntohs(header->id), udpaddr, hash))))
    {
      /* If we didn't get an answer advertising a maximal packet in EDNS,
 	 fall back to 1280, which should work everywhere on IPv6.
@@ -334,9 +332,9 @@ static int forward_query(int udpfd, union mysockaddr *udpaddr,
 #endif
      type &= ~SERV_DO_DNSSEC;      
-      if (!flags && !(forward = get_new_frec(now, NULL, 0)))
+      if (daemon->servers && !flags)
-	/* table full - server failure. */
+	forward = get_new_frec(now, NULL, 0);
-	flags = F_NEG;
+      /* table full - flags == 0, return REFUSED */
      if (forward)
 	{
@@ -1621,6 +1619,9 @@ unsigned char *tcp_request(int confd, time_t now,
  unsigned int mark = 0;
  int have_mark = 0;
+  (void)mark;
+  (void)have_mark;
  if (getpeername(confd, (struct sockaddr *)&peer_addr, &peer_len) == -1)
    return packet;

--- a/src/rfc1035.c
+++ b/src/rfc1035.c
@@ -896,9 +896,7 @@ size_t setup_reply(struct dns_header *header, size_t qlen,
  header->nscount = htons(0);
  header->arcount = htons(0);
  header->ancount = htons(0); /* no answers unless changed below */
-  if (flags == F_NEG)
+  if (flags == F_NOERR)
-    SET_RCODE(header, SERVFAIL); /* couldn't get memory */
-  else if (flags == F_NOERR)
    SET_RCODE(header, NOERROR); /* empty domain */
  else if (flags == F_NXDOMAIN)
    SET_RCODE(header, NXDOMAIN);