rpms/unbound
7
0
Fork 0
Code Issues Pull Requests Releases Activity

- Fix #4188: IPv6 forwarders without ipv6 result in SERVFAIL, fixes

Browse Source 
qname minimisation with a forwarder when connectivity has issues
      from rejecting responses.

Resolves: rhbz#1633874
This commit is contained in:
Petr Menšík 2018-10-01 19:23:54 +02:00
parent 787382dfd5
commit b3942245cb
2 changed files with 47 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
unbound-1.8.0-rh1633874.patch Normal file
View File

@ -0,0 +1,39 @@
From 9be04e6fac3f4ee8fa08d3671dac41d2156d2ced Mon Sep 17 00:00:00 2001
From: Wouter Wijngaards <wouter@nlnetlabs.nl>
Date: Thu, 27 Sep 2018 08:19:29 +0000
Subject: [PATCH] - Fix #4188: IPv6 forwarders without ipv6 result in SERVFAIL,
fixes qname minimisation with a forwarder when connectivity has issues
from rejecting responses.
git-svn-id: file:///svn/unbound/trunk@4916 be551aaa-1e26-0410-a405-d3ace91eadb9
---
iterator/iterator.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/iterator/iterator.c b/iterator/iterator.c
index 7baf92b7..2f26bd33 100644
--- a/iterator/iterator.c
+++ b/iterator/iterator.c
@@ -2174,7 +2174,8 @@ processQueryTargets(struct module_qstate* qstate, struct iter_qstate* iq,
return 0;
}
- if(iq->minimisation_state == INIT_MINIMISE_STATE) {
+ if(iq->minimisation_state == INIT_MINIMISE_STATE
+ && !(iq->chase_flags & BIT_RD)) {
/* (Re)set qinfo_out to (new) delegation point, except when
* qinfo_out is already a subdomain of dp. This happens when
* increasing by more than one label at once (QNAMEs with more
@@ -2715,7 +2716,8 @@ processQueryResponse(struct module_qstate* qstate, struct iter_qstate* iq,
sock_list_insert(&qstate->reply_origin,
&qstate->reply->addr, qstate->reply->addrlen,
qstate->region);
- if(iq->minimisation_state != DONOT_MINIMISE_STATE) {
+ if(iq->minimisation_state != DONOT_MINIMISE_STATE
+ && !(iq->chase_flags & BIT_RD)) {
if(FLAGS_GET_RCODE(iq->response->rep->flags) !=
LDNS_RCODE_NOERROR) {
if(qstate->env->cfg->qname_minimisation_strict)
--
2.14.4

9
unbound.spec
View File

@ -34,7 +34,7 @@
Summary: Validating, recursive, and caching DNS(SEC) resolver Summary: Validating, recursive, and caching DNS(SEC) resolver
Name: unbound Name: unbound
Version: 1.8.0 Version: 1.8.0
Release: 1%{?extra_version:.%{extra_version}}%{?dist} Release: 2%{?extra_version:.%{extra_version}}%{?dist}
License: BSD License: BSD
Url: https://www.unbound.net/ Url: https://www.unbound.net/
Source: https://www.unbound.net/downloads/%{name}-%{version}%{?extra_version}.tar.gz Source: https://www.unbound.net/downloads/%{name}-%{version}%{?extra_version}.tar.gz
@ -55,6 +55,8 @@ Source15: unbound-anchor.timer
Source16: unbound-munin.README Source16: unbound-munin.README
Source17: unbound-anchor.service Source17: unbound-anchor.service
Patch1: unbound-1.8.0-rh1633874.patch
BuildRequires: gcc, make BuildRequires: gcc, make
BuildRequires: flex, openssl-devel BuildRequires: flex, openssl-devel
BuildRequires: libevent-devel expat-devel BuildRequires: libevent-devel expat-devel
@ -150,6 +152,8 @@ Python 3 modules and extensions for unbound
pushd %{pkgname} pushd %{pkgname}
%patch1 -p1 -b .rh1633874
# only for snapshots # only for snapshots
# autoreconf -iv # autoreconf -iv
@ -420,6 +424,9 @@ popd
%attr(0644,root,root) %config %{_sysconfdir}/%{name}/root.key %attr(0644,root,root) %config %{_sysconfdir}/%{name}/root.key
%changelog %changelog
* Mon Oct 01 2018 Petr Menšík <pemensik@redhat.com> - 1.8.0-2
- Skip ipv6 forwarders without ipv6 support (#1633874)
* Wed Sep 19 2018 Petr Menšík <pemensik@redhat.com> - 1.8.0-1 * Wed Sep 19 2018 Petr Menšík <pemensik@redhat.com> - 1.8.0-1
- Rebase to 1.8.0 - Rebase to 1.8.0