From: Otto Moerbeek Date: Wed, 17 Sep 2025 11:00:02 +0000 (+0200) Subject: rec: only store IP (and no port) as local address in cookie store X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=46ecf0326b58093b84fe94e609c67b6b76a89758;p=thirdparty%2Fpdns.git rec: only store IP (and no port) as local address in cookie store Otherwise binding a local TCP port will fail, as the stored port is likely still in use do to connections lingering. Observed when forcing DoT to specific nameservers that support cookies. In many cases the effect was: see the bind call failing and go to the next nameserver, that's likely why it was noticed before. Signed-off-by: Otto Moerbeek --- diff --git a/pdns/recursordist/lwres.cc b/pdns/recursordist/lwres.cc index 2147f17ce..39cf345f1 100644 --- a/pdns/recursordist/lwres.cc +++ b/pdns/recursordist/lwres.cc @@ -395,10 +395,10 @@ static bool tcpconnect(const OptLog& log, const ComboAddress& remote, const std: // Bind to the same address the cookie is associated with (RFC 9018 section 3 last paragraph) ComboAddress localip = localBind ? *localBind : pdns::getQueryLocalAddress(remote.sin4.sin_family, 0); if (localBind) { - VLOG(log, "Connecting TCP to " << remote.toString() << " with specific local address " << localip.toString() << endl); + VLOG(log, "Connecting TCP to " << remote.toStringWithPortExcept(53) << " with specific local address " << localip.toString() << endl); } else { - VLOG(log, "Connecting TCP to " << remote.toString() << " with no specific local address" << endl); + VLOG(log, "Connecting TCP to " << remote.toStringWithPortExcept(53) << " with no specific local address" << endl); } try { @@ -545,6 +545,7 @@ static std::pair incomingCookie(const OptLog& log, const VLOG(log, "Client cookie from " << address.toString() << " matched! Storing with localAddress " << localip.toString() << endl); ++t_Counters.at(rec::Counter::cookieMatched); found->d_localaddress = localip; + found->d_localaddress.setPort(0); found->d_cookie = received; if (found->getSupport() == CookieEntry::Support::Probing) { ++t_Counters.at(rec::Counter::cookieProbeSupported);