From: Baptiste Assmann Date: Wed, 28 Oct 2015 01:03:32 +0000 (+0100) Subject: BUG/MAJOR: dns: first DNS response packet not matching queried hostname may lead... X-Git-Tag: v1.7-dev1~64 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=fad0318c74257ce5deb7c68f68ca37cdf61cc9a9;p=thirdparty%2Fhaproxy.git BUG/MAJOR: dns: first DNS response packet not matching queried hostname may lead to a loop The status DNS_UPD_NAME_ERROR returned by dns_get_ip_from_response and which means the queried name can't be found in the response was improperly processed (fell into the default case). This lead to a loop where HAProxy simply resend a new query as soon as it got a response for this status and in the only case where such type of response is the very first one received by the process. This should be backported into 1.6 branch --- diff --git a/src/server.c b/src/server.c index dcc5961051..c92623d481 100644 --- a/src/server.c +++ b/src/server.c @@ -2620,6 +2620,17 @@ int snr_resolution_cb(struct dns_resolution *resolution, struct dns_nameserver * } goto stop_resolution; + case DNS_UPD_NAME_ERROR: + /* if this is not the last expected response, we ignore it */ + if (resolution->nb_responses < nameserver->resolvers->count_nameservers) + return 0; + /* update resolution status to OTHER error type */ + if (resolution->status != RSLV_STATUS_OTHER) { + resolution->status = RSLV_STATUS_OTHER; + resolution->last_status_change = now_ms; + } + goto stop_resolution; + default: goto invalid;