From 46ecf0326b58093b84fe94e609c67b6b76a89758 Mon Sep 17 00:00:00 2001 From: Otto Moerbeek Date: Wed, 17 Sep 2025 13:00:02 +0200 Subject: [PATCH] rec: only store IP (and no port) as local address in cookie store Otherwise binding a local TCP port will fail, as the stored port is likely still in use do to connections lingering. Observed when forcing DoT to specific nameservers that support cookies. In many cases the effect was: see the bind call failing and go to the next nameserver, that's likely why it was noticed before. Signed-off-by: Otto Moerbeek --- pdns/recursordist/lwres.cc | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/pdns/recursordist/lwres.cc b/pdns/recursordist/lwres.cc index 2147f17ce..39cf345f1 100644 --- a/pdns/recursordist/lwres.cc +++ b/pdns/recursordist/lwres.cc @@ -395,10 +395,10 @@ static bool tcpconnect(const OptLog& log, const ComboAddress& remote, const std: // Bind to the same address the cookie is associated with (RFC 9018 section 3 last paragraph) ComboAddress localip = localBind ? *localBind : pdns::getQueryLocalAddress(remote.sin4.sin_family, 0); if (localBind) { - VLOG(log, "Connecting TCP to " << remote.toString() << " with specific local address " << localip.toString() << endl); + VLOG(log, "Connecting TCP to " << remote.toStringWithPortExcept(53) << " with specific local address " << localip.toString() << endl); } else { - VLOG(log, "Connecting TCP to " << remote.toString() << " with no specific local address" << endl); + VLOG(log, "Connecting TCP to " << remote.toStringWithPortExcept(53) << " with no specific local address" << endl); } try { @@ -545,6 +545,7 @@ static std::pair incomingCookie(const OptLog& log, const VLOG(log, "Client cookie from " << address.toString() << " matched! Storing with localAddress " << localip.toString() << endl); ++t_Counters.at(rec::Counter::cookieMatched); found->d_localaddress = localip; + found->d_localaddress.setPort(0); found->d_cookie = received; if (found->getSupport() == CookieEntry::Support::Probing) { ++t_Counters.at(rec::Counter::cookieProbeSupported); -- 2.47.3