Do not resend after BADCOOKIE answer on TCP

When an upstream server answers BADCOOKIE, no matter the transport used,
the resolver eventually resends the query using TCP. However, if the
upstream server responds with BADCOOKIE again over TCP, the resolver
would keep resending until the maximum query count is reached.

This is now fixed by stopping resending once the query has already been
sent over TCP.

diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c
index d7418d494ad888199a460358a3dc28890d3caa14..742748d2f3f1fabe877ecb460e342656358885b8 100644 (file)
--- a/lib/dns/resolver.c
+++ b/lib/dns/resolver.c
@@ -9804,7 +9804,9 @@ rctx_badserver(respctx_t *rctx, isc_result_t result) {
                rctx->broken_server = DNS_R_BADVERS;
                rctx->next_server = true;
 #endif /* if DNS_EDNS_VERSION > 0 */
-       } else if (rcode == dns_rcode_badcookie && rctx->query->rmessage->cc_ok)
+       } else if (rcode == dns_rcode_badcookie &&
+                  rctx->query->rmessage->cc_ok &&
+                  (rctx->retryopts & DNS_FETCHOPT_TCP) == 0)
        {
                /*
                 * We have recorded the new cookie.