- Fix to reply with SERVFAIL when the wait-limit is exceeded.

diff --git a/doc/Changelog b/doc/Changelog
index 7913a457baad35919685af97049cc4d1bc2f4594..3c188e20b3ce59c4b4d6412676ad7a953858fad0 100644 (file)
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -1,5 +1,6 @@
 15 October 2025: Wouter
        - Fix to drop UDP for discard-timeout, but not stream connections.
+       - Fix to reply with SERVFAIL when the wait-limit is exceeded.
 
 10 October 2025: Wouter
        - Fix #1358 Enabling FIPS in OpenSSL causes unit test to fail.

diff --git a/services/mesh.c b/services/mesh.c
index e78dc5e4226728b25c8d68213dfdb28e1cd4dea9..af217210207e7c9e156ef7a736fe763ce2c4c7df 100644 (file)
--- a/services/mesh.c
+++ b/services/mesh.c
@@ -441,9 +441,18 @@ void mesh_new_client(struct mesh_area* mesh, struct query_info* qinfo,
        if(!infra_wait_limit_allowed(mesh->env->infra_cache, rep,
                edns->cookie_valid, mesh->env->cfg)) {
                verbose(VERB_ALGO, "Too many queries waiting from the IP. "
-                       "dropping incoming query.");
-               comm_point_drop_reply(rep);
+                       "servfail incoming query.");
                mesh->num_queries_wait_limit++;
+               edns_opt_list_append_ede(&edns->opt_list_out,
+                       mesh->env->scratch, LDNS_EDE_OTHER,
+                       "Too many queries queued up and waiting from the IP");
+               if(!inplace_cb_reply_servfail_call(mesh->env, qinfo, NULL, NULL,
+                       LDNS_RCODE_SERVFAIL, edns, rep, mesh->env->scratch, mesh->env->now_tv))
+                               edns->opt_list_inplace_cb_out = NULL;
+               error_encode(r_buffer, LDNS_RCODE_SERVFAIL,
+                       qinfo, qid, qflags, edns);
+               regional_free_all(mesh->env->scratch);
+               comm_point_send_reply(rep);
                return;
        }
        if(!unique)