[9.18] fix: usr: Fix a statistics channel counter bug when 'forward only' zones are used

When resolving a zone with a 'forward only' policy, and finding out that all the forwarders are marked as "bad", the 'ServerQuota' counter of the statistics channel was incorrectly increased. This has been fixed. Closes #1793 Backport of MR !9493 Merge branch 'backport-1793-serverquota-counter-bug-with-forward-only-9.18' into 'bind-9.18' See merge request isc-projects/bind9!9503
2026-05-28 04:34:54 -04:00 · 2024-09-18 08:59:28 +00:00 · 2024-09-18 08:59:28 +00:00 · 5a6c5218ad
commit 5a6c5218ad
parent 6c1fc4ae54 904940167c
5 changed files with 16 additions and 3 deletions
--- a/bin/tests/system/forward/clean.sh
+++ b/bin/tests/system/forward/clean.sh
@ -14,6 +14,7 @@
 #
 # Clean up after forward tests.
 #
+rm -f ./statschannel.out.*
 rm -f ./dig.out.*
 rm -f ./*/named.conf
 rm -f ./*/named.memstats
--- a/bin/tests/system/forward/ns4/named.conf.in
+++ b/bin/tests/system/forward/ns4/named.conf.in
@ -24,6 +24,8 @@ options {
 	minimal-responses yes;
 };

+statistics-channels { inet 10.53.0.4 port @EXTRAPORT1@ allow { localhost; }; };
+
 zone "." {
 	type hint;
 	file "root.db";
--- a/bin/tests/system/forward/tests.sh
+++ b/bin/tests/system/forward/tests.sh
@ -107,6 +107,15 @@ grep "SERVFAIL" dig.out.$n.f2 >/dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=$((status + ret))

+# GL#1793
+n=$((n + 1))
+echo_i "checking that the 'serverquota' counter isn't increased because of the SERVFAIL in the previous check ($n)"
+ret=0
+"${CURL}" "http://10.53.0.4:${EXTRAPORT1}/json/v1" 2>/dev/null >statschannel.out.$n
+grep -F "ServerQuota" statschannel.out.$n >/dev/null && ret=1
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=$((status + ret))
+
 n=$((n + 1))
 echo_i "checking for negative caching of forwarder response ($n)"
 # prime the cache, shutdown the forwarder then check that we can
--- a/bin/tests/system/resolver/tests.sh
+++ b/bin/tests/system/resolver/tests.sh
@ -54,7 +54,7 @@ if [ -x "${RESOLVE}" ]; then
  echo_i "checking that local bound address can be set (Can't query from a denied address) ($n)"
  ret=0
  resolve_with_opts -b 10.53.0.8 -t a -s 10.53.0.1 www.example.org 2>resolve.out.ns1.test${n} || ret=1
-  grep "resolution failed: SERVFAIL" resolve.out.ns1.test${n} >/dev/null || ret=1
+  grep "resolution failed: failure" resolve.out.ns1.test${n} >/dev/null || ret=1
  if [ $ret != 0 ]; then echo_i "failed"; fi
  status=$((status + ret))

@ -98,7 +98,7 @@ if [ -x "${RESOLVE}" ]; then
  echo_i "checking handling of bogus referrals using dns_client ($n)"
  ret=0
  resolve_with_opts -t a -s 10.53.0.1 www.example.com 2>resolve.out.ns1.test${n} || ret=1
-  grep "resolution failed: SERVFAIL" resolve.out.ns1.test${n} >/dev/null || ret=1
+  grep "resolution failed: failure" resolve.out.ns1.test${n} >/dev/null || ret=1
  if [ $ret != 0 ]; then echo_i "failed"; fi
  status=$((status + ret))
 fi
--- a/lib/dns/resolver.c
+++ b/lib/dns/resolver.c
@ -3575,7 +3575,7 @@ fctx_getaddresses(fetchctx_t *fctx, bool badcache) {
 	bool all_bad;
 	dns_rdata_ns_t ns;
 	bool need_alternate = false;
-	bool all_spilled = true;
+	bool all_spilled = false;
 	unsigned int no_addresses = 0;
 	unsigned int ns_processed = 0;

@ -3735,6 +3735,7 @@ normal_nses:
 	}

 	isc_stdtime_get(&now);
+	all_spilled = true; /* resets to false below after the first success */

 	INSIST(ISC_LIST_EMPTY(fctx->finds));
 	INSIST(ISC_LIST_EMPTY(fctx->altfinds));