From: Wouter Wijngaards Date: Mon, 17 Sep 2018 11:25:52 +0000 (+0000) Subject: - Fix that with harden-below-nxdomain and qname minisation enabled X-Git-Tag: release-1.8.1rc1~6 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=9b6caf5a5bb8891fd519ef66316e23543c818a78;p=thirdparty%2Funbound.git - Fix that with harden-below-nxdomain and qname minisation enabled some iterator states for nonresponsive domains can get into a state where they waited for an empty list. - Stop UDP to TCP failover after timeouts that causes the ping count to be reset by the TCP time measurement (that exists for TLS), because that causes the UDP part to not be measured as timeout. git-svn-id: file:///svn/unbound/trunk@4912 be551aaa-1e26-0410-a405-d3ace91eadb9 --- diff --git a/doc/Changelog b/doc/Changelog index c7480e788..0d73d348e 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -3,6 +3,12 @@ does not have it. - Fix unbound for openssl in FIPS mode, it uses the digests with the EVP call contexts. + - Fix that with harden-below-nxdomain and qname minisation enabled + some iterator states for nonresponsive domains can get into a + state where they waited for an empty list. + - Stop UDP to TCP failover after timeouts that causes the ping count + to be reset by the TCP time measurement (that exists for TLS), + because that causes the UDP part to not be measured as timeout. 13 September 2018: Wouter - Fix seed for random backup code to use explicit zero when wiped. diff --git a/iterator/iterator.c b/iterator/iterator.c index bfee82c23..7baf92b75 100644 --- a/iterator/iterator.c +++ b/iterator/iterator.c @@ -2752,6 +2752,12 @@ processQueryResponse(struct module_qstate* qstate, struct iter_qstate* iq, verbose(VERB_ALGO, "could not validate NXDOMAIN " "response"); + outbound_list_clear(&iq->outlist); + iq->num_current_queries = 0; + fptr_ok(fptr_whitelist_modenv_detach_subs( + qstate->env->detach_subs)); + (*qstate->env->detach_subs)(qstate); + iq->num_target_queries = 0; } } return next_state(iq, QUERYTARGETS_STATE); diff --git a/services/outside_network.c b/services/outside_network.c index 87c88349b..75338f446 100644 --- a/services/outside_network.c +++ b/services/outside_network.c @@ -1979,7 +1979,7 @@ serviced_udp_callback(struct comm_point* c, void* arg, int error, return 0; } if(rto >= RTT_MAX_TIMEOUT) { - fallback_tcp = 1; + /* fallback_tcp = 1; */ /* UDP does not work, fallback to TCP below */ } else { serviced_callbacks(sq, NETEVENT_TIMEOUT, c, rep);