SERVFAIL is an expected error return, don't try all servers.

author Simon Kelley <simon@thekelleys.org.uk>

Tue, 25 Mar 2014 21:07:00 +0000 (21:07 +0000)

committer Simon Kelley <simon@thekelleys.org.uk>

Tue, 25 Mar 2014 21:07:00 +0000 (21:07 +0000)
author Simon Kelley <simon@thekelleys.org.uk>
Tue, 25 Mar 2014 21:07:00 +0000 (21:07 +0000)
committer Simon Kelley <simon@thekelleys.org.uk>
Tue, 25 Mar 2014 21:07:00 +0000 (21:07 +0000)
diff --git a/src/forward.c b/src/forward.c

index 7e87733b40afa2a881ec5fba13fcfd88d3dfdf8d..d9a41baf8f2dc216cb93f0109ba152e763563223 100644 (file)
--- a/src/forward.c
+++ b/src/forward.c
@@ -751,7 +751,7 @@ void reply_query(int fd, int family, time_t now)
    
    if ((forward->sentto->flags & SERV_TYPE) == 0)
      {
-      if (RCODE(header) == SERVFAIL || RCODE(header) == REFUSED)
+      if (RCODE(header) == REFUSED)
         server = NULL;
        else
         {
@@ -774,8 +774,7 @@ void reply_query(int fd, int family, time_t now)
       we get a good reply from another server. Kill it when we've
       had replies from all to avoid filling the forwarding table when
       everything is broken */
-  if (forward->forwardall == 0 || --forward->forwardall == 1 || 
-      (RCODE(header) != REFUSED && RCODE(header) != SERVFAIL))
+  if (forward->forwardall == 0 || --forward->forwardall == 1 || RCODE(header) != SERVFAIL)
      {
        int check_rebind = 0, no_cache_dnssec = 0, cache_secure = 0;
  
@@ -788,7 +787,7 @@ void reply_query(int fd, int family, time_t now)
         no_cache_dnssec = 1;
        
  #ifdef HAVE_DNSSEC
-      if (option_bool(OPT_DNSSEC_VALID) && !(forward->flags & FREC_CHECKING_DISABLED))
+      if (server && option_bool(OPT_DNSSEC_VALID) && !(forward->flags & FREC_CHECKING_DISABLED))
         {
           int status;
author	Simon Kelley <simon@thekelleys.org.uk>
	Tue, 25 Mar 2014 21:07:00 +0000 (21:07 +0000)
committer	Simon Kelley <simon@thekelleys.org.uk>
	Tue, 25 Mar 2014 21:07:00 +0000 (21:07 +0000)