From: Ondřej Surý <ondrej@isc.org>
Date: Thu, 19 Feb 2026 12:44:28 +0000 (+0100)
Subject: Don't retry notify over TCP if it could not successed
X-Git-Tag: v9.21.19~19^2~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5a5bc6de223afc867f22d19bd9666eaf39e2b877;p=thirdparty%2Fbind9.git

Don't retry notify over TCP if it could not successed

Prevent retrying the notify over TCP in case the source address is not
available or the source vs the destination address family mismatch or
when the destination address has been blackholed.  Properly log the
hard notify failures.
---

diff --git a/lib/dns/notify.c b/lib/dns/notify.c
index 0ceb5b30d70..98396c25aa7 100644
--- a/lib/dns/notify.c
+++ b/lib/dns/notify.c
@@ -464,7 +464,8 @@ again:
 
 	isc_tlsctx_cache_detach(&zmgr_tlsctx_cache);
 
-	if (result == ISC_R_SUCCESS) {
+	switch (result) {
+	case ISC_R_SUCCESS:
 		if (isc_sockaddr_pf(&notify->dst) == AF_INET) {
 			dns__zone_stats_increment(
 				notify->zone, dns_zonestatscounter_notifyoutv4);
@@ -472,14 +473,25 @@ again:
 			dns__zone_stats_increment(
 				notify->zone, dns_zonestatscounter_notifyoutv6);
 		}
-	} else if (result == ISC_R_SHUTTINGDOWN || result == ISC_R_CANCELED) {
-		goto cleanup_key;
-	} else if ((notify->flags & DNS_NOTIFY_TCP) == 0) {
+		break;
+	case ISC_R_SHUTTINGDOWN:
+	case ISC_R_CANCELED:
+	case ISC_R_ADDRNOTAVAIL:
+	case DNS_R_BLACKHOLED:
+	case ISC_R_FAMILYNOSUPPORT:
 		notify_log(notify, ISC_LOG_NOTICE,
-			   "notify(%s) to %s failed: %s: retrying over TCP",
-			   typebuf, addrbuf, isc_result_totext(result));
-		notify->flags |= DNS_NOTIFY_TCP;
-		goto again;
+			   "notify(%s) to %s failed: %s", typebuf, addrbuf,
+			   isc_result_totext(result));
+		break;
+	default:
+		if ((notify->flags & DNS_NOTIFY_TCP) == 0) {
+			notify_log(notify, ISC_LOG_NOTICE,
+				   "notify(%s) to %s failed: %s: retrying over "
+				   "TCP",
+				   typebuf, addrbuf, isc_result_totext(result));
+			notify->flags |= DNS_NOTIFY_TCP;
+			goto again;
+		}
 	}
 
 cleanup_key: