From: W.C.A. Wijngaards Date: Wed, 15 Oct 2025 09:36:29 +0000 (+0200) Subject: - Fix to reply with SERVFAIL when the wait-limit is exceeded. X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=c8860a5fb6fa8b11c3772cab225b4d26d7350416;p=thirdparty%2Funbound.git - Fix to reply with SERVFAIL when the wait-limit is exceeded. --- diff --git a/doc/Changelog b/doc/Changelog index 7913a457b..3c188e20b 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,5 +1,6 @@ 15 October 2025: Wouter - Fix to drop UDP for discard-timeout, but not stream connections. + - Fix to reply with SERVFAIL when the wait-limit is exceeded. 10 October 2025: Wouter - Fix #1358 Enabling FIPS in OpenSSL causes unit test to fail. diff --git a/services/mesh.c b/services/mesh.c index e78dc5e42..af2172102 100644 --- a/services/mesh.c +++ b/services/mesh.c @@ -441,9 +441,18 @@ void mesh_new_client(struct mesh_area* mesh, struct query_info* qinfo, if(!infra_wait_limit_allowed(mesh->env->infra_cache, rep, edns->cookie_valid, mesh->env->cfg)) { verbose(VERB_ALGO, "Too many queries waiting from the IP. " - "dropping incoming query."); - comm_point_drop_reply(rep); + "servfail incoming query."); mesh->num_queries_wait_limit++; + edns_opt_list_append_ede(&edns->opt_list_out, + mesh->env->scratch, LDNS_EDE_OTHER, + "Too many queries queued up and waiting from the IP"); + if(!inplace_cb_reply_servfail_call(mesh->env, qinfo, NULL, NULL, + LDNS_RCODE_SERVFAIL, edns, rep, mesh->env->scratch, mesh->env->now_tv)) + edns->opt_list_inplace_cb_out = NULL; + error_encode(r_buffer, LDNS_RCODE_SERVFAIL, + qinfo, qid, qflags, edns); + regional_free_all(mesh->env->scratch); + comm_point_send_reply(rep); return; } if(!unique)