Do not resend after BADCOOKIE answer on TCP

When an upstream server answers BADCOOKIE, no matter the transport used, the resolver eventually resends the query using TCP. However, if the upstream server responds with BADCOOKIE again over TCP, the resolver would keep resending until the maximum query count is reached. This is now fixed by stopping resending once the query has already been sent over TCP.
2026-05-22 10:10:14 -04:00 · 2026-04-10 14:54:49 +02:00 · 2026-04-10 14:54:49 +02:00 · 4aedf7e9dd
commit 4aedf7e9dd
parent 5319c21761
1 changed files with 3 additions and 1 deletions
--- a/lib/dns/resolver.c
+++ b/lib/dns/resolver.c
@ -9804,7 +9804,9 @@ rctx_badserver(respctx_t *rctx, isc_result_t result) {
 		rctx->broken_server = DNS_R_BADVERS;
 		rctx->next_server = true;
 #endif /* if DNS_EDNS_VERSION > 0 */
-	} else if (rcode == dns_rcode_badcookie && rctx->query->rmessage->cc_ok)
+	} else if (rcode == dns_rcode_badcookie &&
+		   rctx->query->rmessage->cc_ok &&
+		   (rctx->retryopts & DNS_FETCHOPT_TCP) == 0)
 	{
 		/*
 		 * We have recorded the new cookie.