From: Mark Andrews <marka@isc.org>
Date: Thu, 30 Nov 2023 05:31:33 +0000 (+1100)
Subject: Don't forward UPDATE messages over disabled address families
X-Git-Tag: v9.20.0~16^2~2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d026dbe5367df775fdc22a3e05c63710499dcf07;p=thirdparty%2Fbind9.git

Don't forward UPDATE messages over disabled address families
---

diff --git a/lib/dns/zone.c b/lib/dns/zone.c
index 901c52d6178..6dc10045b93 100644
--- a/lib/dns/zone.c
+++ b/lib/dns/zone.c
@@ -18359,12 +18359,19 @@ sendtoprimary(dns_forward_t *forward) {
 		return (ISC_R_CANCELED);
 	}
 
+next:
 	if (forward->which >= dns_remote_count(&forward->zone->primaries)) {
 		UNLOCK_ZONE(zone);
 		return (ISC_R_NOMORE);
 	}
 
 	forward->addr = dns_remote_addr(&zone->primaries, forward->which);
+
+	if (isc_sockaddr_disabled(&forward->addr)) {
+		forward->which++;
+		goto next;
+	}
+
 	/*
 	 * Always use TCP regardless of whether the original update
 	 * used TCP.