From: Christopher Faulet <cfaulet@haproxy.com>
Date: Tue, 23 Feb 2021 11:22:29 +0000 (+0100)
Subject: BUG/MINOR: resolvers: Only renew TTL for SRV records with an additional record
X-Git-Tag: v2.4-dev10~54
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=a331a1e8eb2ad4750711a477ca3e22d940495faf;p=thirdparty%2Fhaproxy.git

BUG/MINOR: resolvers: Only renew TTL for SRV records with an additional record

If no additional record is associated to a SRV record, its TTL must not be
renewed. Otherwise the entry never expires. Thus once announced a first
time, the entry remains blocked on the same IP/port except if a new announce
replaces the old one.

Now, the TTL is updated if a SRV record is received while a matching
existing one is found with an additional record or when an new additional
record is assigned to an existing SRV record.

This patch should be backported as far as 2.2.
---

diff --git a/src/resolvers.c b/src/resolvers.c
index 8f23785542..a64896eb25 100644
--- a/src/resolvers.c
+++ b/src/resolvers.c
@@ -1046,7 +1046,8 @@ static int resolv_validate_dns_response(unsigned char *resp, unsigned char *bufe
 		}
 
 		if (found == 1) {
-			tmp_record->last_seen = now.tv_sec;
+			if (tmp_record->type != DNS_RTYPE_SRV || tmp_record->ar_item != NULL)
+				tmp_record->last_seen = now.tv_sec;
 			pool_free(resolv_answer_item_pool, answer_record);
 			answer_record = NULL;
 		}
@@ -1238,6 +1239,7 @@ static int resolv_validate_dns_response(unsigned char *resp, unsigned char *bufe
 					if (tmp_record->ar_item)
 						pool_free(resolv_answer_item_pool, tmp_record->ar_item);
 					tmp_record->ar_item = answer_record;
+					tmp_record->last_seen = answer_record->last_seen;
 					answer_record = NULL;
 					break;
 				}