rebinding: stop iteration after encountering a filtered address

State FAIL does not stop iteration because kr_resolve_consume() resets
RESOLVED flag on failed attempts. This causes excessive attempts,
basically forcing kresd to try all authoritative servers before giving
up.

This excessive iteration also caused crash on assert in answer_fail
function.

diff --git a/NEWS b/NEWS
index fa771aaefbe5df0f2c426c98a365d640e6654220..51cd5fe12d18a02aa1f4fd226eeae0605132dfd5 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -24,6 +24,9 @@ Bugfixes
   if available and luaossl >= 20181207 (!819)
 - send EDNS with SERVFAILs, e.g. on validation failures (#180, !827)
 - prefill module: avoid crash on empty zone file (#474, !840)
+- rebinding module: avoid excessive iteration on blocked attempts (!842)
+- rebinding module: fix crash caused by race condition (!842)
+
 
 Knot Resolver 4.0.0 (2019-04-18)
 ================================

diff --git a/modules/rebinding/rebinding.lua b/modules/rebinding/rebinding.lua
index e7ef03493b97cb9f114bf017f1920ac197911da3..372295fe650e58d1c84c0dc5e0a86e773c5ad616 100644 (file)
--- a/modules/rebinding/rebinding.lua
+++ b/modules/rebinding/rebinding.lua
@@ -104,7 +104,7 @@ function M.layer.consume(state, req, pkt)
        log('[' .. string.format('%5d', qry.id) .. '][rebinding] '
            .. 'blocking blacklisted IP \'' .. kres.rr2str(bad_rr)
            .. '\' received from IP ' .. tostring(kres.sockaddr_t(req.upstream.addr)))
-       return kres.FAIL
+       return kres.DONE
 end
 
 return M