New source port for DNSSEC-originated queries.

f1668d27 · Simon Kelley · 7d7b7b31 · f1668d27
Commit f1668d27 authored Jan 08, 2014 by Simon Kelley
Show whitespace changes
Inline Side-by-side

Showing with 23 additions and 15 deletions

src/forward.c src/forward.c +23 -15

No files found.
--- a/src/forward.c
+++ b/src/forward.c
@@ -718,6 +718,10 @@ void reply_query(int fd, int family, time_t now)
 		  new->next = next;
 		  new->stash = NULL;
 		  new->blocking_query = NULL;
+		  new->rfd4 = NULL;
+#ifdef HAVE_IPV6
+		  new->rfd6 = NULL;
+#endif
 		  new->flags &= ~(FREC_DNSKEY_QUERY | FREC_DS_QUERY);
 		  
 		  if ((forward->stash = blockdata_alloc((char *)header, n)))
@@ -751,25 +755,29 @@ void reply_query(int fd, int family, time_t now)
 		      if (server->sfd)
 			fd = server->sfd->fd;
 		      else
+			{
+			  fd = -1;
 #ifdef HAVE_IPV6
-			/* Note that we use the same random port for the DNSSEC stuff */
 			  if (server->addr.sa.sa_family == AF_INET6)
 			    {
+			      if (new->rfd6 || (new->rfd6 = allocate_rfd(AF_INET6)))
 				fd = new->rfd6->fd;
-			    new->rfd6->refcount++;
 			    }
 			  else
 #endif
 			    {
+			      if (new->rfd4 || (new->rfd4 = allocate_rfd(AF_INET)))
 				fd = new->rfd4->fd;
-			    new->rfd4->refcount++;
+			    }
 			}
 		      
-		      /* Send DNSSEC query to same server as original query */
+		      if (fd != -1)
+			{
 			  while (sendto(fd, (char *)header, nn, 0, &server->addr.sa, sa_len(&server->addr)) == -1 && retry_send()); 
 			  server->queries++;
 			}
 		    }
+		}
 	     
 	      return;
 	    }