Clear serve-stale flags when following the CNAME chains

A stale answer or SERVFAIL could have been served in case of multiple
upstream failures when following the CNAME chains. This has been fixed.

diff --git a/lib/ns/query.c b/lib/ns/query.c
index 59165a2537ecd6e31caf6c37b5555e05d5a56b71..b457d61173dc00e59ab3163b64053755355ef71b 100644 (file)
--- a/lib/ns/query.c
+++ b/lib/ns/query.c
@@ -5382,6 +5382,8 @@ qctx_setrad(query_ctx_t *qctx) {
 isc_result_t
 ns__query_start(query_ctx_t *qctx) {
        isc_result_t result = ISC_R_UNSET;
+       ns_client_t *client = qctx->client;
+
        CCTRACE(ISC_LOG_DEBUG(3), "ns__query_start");
        qctx->want_restart = false;
        qctx->authoritative = false;
@@ -5390,6 +5392,13 @@ ns__query_start(query_ctx_t *qctx) {
        qctx->need_wildcardproof = false;
        qctx->rpz = false;
 
+       /*
+        * Clean existing stale options in case ns__query_start was restarted
+        * due to the CNAME/DNAME chains.
+        */
+       client->query.dboptions &= ~(DNS_DBFIND_STALETIMEOUT |
+                                    DNS_DBFIND_STALEOK);
+
        CALL_HOOK(NS_QUERY_START_BEGIN, qctx);
 
        /*