]> git.ipfire.org Git - thirdparty/unbound.git/commitdiff
projects / thirdparty / unbound.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 98e95d8)
- Fix erroneous DNS error report values after bogus AAAA
authorW.C.A. Wijngaards <wouter@nlnetlabs.nl>
Mon, 15 Jun 2026 14:26:35 +0000 (16:26 +0200)
committerW.C.A. Wijngaards <wouter@nlnetlabs.nl>
Mon, 15 Jun 2026 14:26:35 +0000 (16:26 +0200)
  query caused error information that was not cleared by
  a successful A subquery. Thanks to Qifan Zhang, Palo Alto
  Networks, for the report.

dns64/dns64.c patch | blob | blame | history
doc/Changelog patch | blob | blame | history
services/mesh.c patch | blob | blame | history

diff --git a/dns64/dns64.c b/dns64/dns64.c
index 4b1c20270c0f1525806ef456528e0dc10a905009..8431f556a5a1dc971aae8ca10f4a3931c66bb2ba 100644 (file)
--- a/dns64/dns64.c
+++ b/dns64/dns64.c
@@ -1017,6 +1017,9 @@ dns64_inform_super(struct module_qstate* qstate, int id,
        if (super->return_rcode != LDNS_RCODE_NOERROR)
                super->return_rcode = qstate->return_rcode;
 
+       /* Since the super qstate has a new response, its errinf is removed. */
+       super->errinf = NULL;
+
        /* Generate a response suitable for the original query. */
        if (qstate->qinfo.qtype == LDNS_RR_TYPE_A) {
                dns64_adjust_a(id, super, qstate);
diff --git a/doc/Changelog b/doc/Changelog
index a87ca884966e33b3d74d1d6190131fbdf3ca7539..0b67da8508e3282f53e69922b3a713dd60e94a33 100644 (file)
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -27,6 +27,10 @@
          Qifan Zhang, Palo Alto Networks, for the report.
        - Fix integer overflow in infra-cache-max-rtt calculation.
          Thanks to Qifan Zhang, Palo Alto Networks, for the report.
+       - Fix erroneous DNS error report values after bogus AAAA
+         query caused error information that was not cleared by
+         a successful A subquery. Thanks to Qifan Zhang, Palo Alto
+         Networks, for the report.
 
 12 June 2026: Wouter
        - Fix that for auth-zone and rpz zones the allow-notify
diff --git a/services/mesh.c b/services/mesh.c
index 2347bcee2bef1e728f17c241b365bc70b57713c7..a2618b477ab030165531e38eabf303d7a2c1a0c0 100644 (file)
--- a/services/mesh.c
+++ b/services/mesh.c
@@ -1793,7 +1793,8 @@ void mesh_query_done(struct mesh_state* mstate)
                }
        }
 
-       if(mstate->reply_list && mstate->s.env->cfg->dns_error_reporting)
+       if(mstate->reply_list && mstate->s.env->cfg->dns_error_reporting
+               && (!rep || rep->security != sec_status_secure))
                dns_error_reporting(&mstate->s, rep);
 
        for(r = mstate->reply_list; r; r = r->next) {
Mirror of https://github.com/NLnetLabs/unbound.git