From 65ba05bb68cab20088cc0b9f378c3e055b2c11db Mon Sep 17 00:00:00 2001
From: Aram Sargsyan <aram@isc.org>
Date: Thu, 26 Jun 2025 13:50:25 +0000
Subject: [PATCH] Reset DNS_{GETDB_STALEFIRST,DBFIND_STALETIMEOUT} in
 ns__query_start()

In case of chained queries (e.g. CNAME) a discrepancy could arise
if the original query had the DNS_GETDB_STALEFIRST bit set, but
the next query doesn't have it (e.g. because the CNAME target is
a authoritative zone for the server) and cause an unanswered query
because of a logic error.

Reset both DNS_GETDB_STALEFIRST and DNS_DBFIND_STALETIMEOUT bits in
the ns__query_start() function before reevaluating whether they are
needed for the current query, and reset them again after calling
the query_lookup() function.
---
 lib/ns/query.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/lib/ns/query.c b/lib/ns/query.c
index 5a99454727..e4dfab3317 100644
--- a/lib/ns/query.c
+++ b/lib/ns/query.c
@@ -5743,6 +5743,13 @@ ns__query_start(query_ctx_t *qctx) {
 		}
 	}
 
+	/*
+	 * If this is a chained query (e.g. CNAME), these bits should be reset
+	 * to not use the settings from the previous query.
+	 */
+	qctx->options &= ~DNS_GETDB_STALEFIRST;
+	qctx->client->query.dboptions &= ~DNS_DBFIND_STALETIMEOUT;
+
 	if (!qctx->is_zone && (qctx->view->staleanswerclienttimeout == 0) &&
 	    dns_view_staleanswerenabled(qctx->view))
 	{
@@ -5762,6 +5769,7 @@ ns__query_start(query_ctx_t *qctx) {
 	 * when it completes, this option is not expected to be set.
 	 */
 	qctx->options &= ~DNS_GETDB_STALEFIRST;
+	qctx->client->query.dboptions &= ~DNS_DBFIND_STALETIMEOUT;
 
 cleanup:
 	return result;