From: Aram Sargsyan Date: Wed, 18 Jun 2025 13:32:03 +0000 (+0000) Subject: Reset DNS_DBFIND_STALETIMEOUT in query_lookup() X-Git-Tag: v9.20.11~2^2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9c7a63142dacb2e16c64719f57d1191298af4393;p=thirdparty%2Fbind9.git Reset DNS_DBFIND_STALETIMEOUT in query_lookup() If ns__query_start() is called because of a chained query (e.g. after encountering a CNAME), a previously set DNS_DBFIND_STALETIMEOUT flag on the query's 'dboptions' field can cause an assertion failure if the new query's 'stalefirst' value is not true (e.g. if the target qname is an authoritative zone for the server). Reset the DNS_DBFIND_STALETIMEOUT flag in the query_lookup() function before evaluating the 'stalefirst' value, and make sure to assign a fresh value to the `stalefirst' flag instead of conditionally assigning it only if the value is 'true'. (cherry picked from commit 3d8bd8bbf15322c0c317e76364b53ba7ea88def5) --- diff --git a/lib/ns/query.c b/lib/ns/query.c index ed13b11a132..c5173a5bd84 100644 --- a/lib/ns/query.c +++ b/lib/ns/query.c @@ -5920,16 +5920,14 @@ ns__query_start(query_ctx_t *qctx) { } } - if (!qctx->is_zone && qctx->view->staleanswerclienttimeout == 0 && - dns_view_staleanswerenabled(qctx->view)) - { - /* - * If stale answers are enabled and - * stale-answer-client-timeout is zero, then we can promptly - * answer with a stale RRset if one is available in cache. - */ - qctx->options.stalefirst = true; - } + /* + * If stale answers are enabled and stale-answer-client-timeout is zero, + * then we can promptly answer with a stale RRset if one is available in + * cache. + */ + qctx->options.stalefirst = (!qctx->is_zone && + qctx->view->staleanswerclienttimeout == 0 && + dns_view_staleanswerenabled(qctx->view)); result = query_lookup(qctx); @@ -6058,7 +6056,9 @@ query_lookup(query_ctx_t *qctx) { rpzqname = qctx->client->query.qname; } - if (qctx->options.stalefirst) { + qctx->client->query.dboptions &= ~DNS_DBFIND_STALETIMEOUT; + + if (qctx->options.stalefirst && !qctx->is_zone) { /* * If the 'stalefirst' flag is set, it means that a stale * RRset may be returned as part of this lookup. An attempt @@ -6222,8 +6222,6 @@ query_lookup(query_ctx_t *qctx) { qctx_freedata(qctx); dns_db_attach(qctx->client->view->cachedb, &qctx->db); - qctx->client->query.dboptions &= - ~DNS_DBFIND_STALETIMEOUT; qctx->options.stalefirst = false; if (FETCH_RECTYPE_NORMAL(qctx->client) != NULL) { @@ -8948,11 +8946,9 @@ query_zone_delegation(query_ctx_t *qctx) { * setting the 'stalefirst' option, which is usually set in * the beginning in ns__query_start(). */ - if (qctx->view->staleanswerclienttimeout == 0 && - dns_view_staleanswerenabled(qctx->view)) - { - qctx->options.stalefirst = true; - } + qctx->options.stalefirst = + (qctx->view->staleanswerclienttimeout == 0 && + dns_view_staleanswerenabled(qctx->view)); result = query_lookup(qctx);