From 6c09fd0e6b500824d679e18b2ff7ac3c2f07319c Mon Sep 17 00:00:00 2001 From: Mark Andrews Date: Tue, 25 Aug 2015 16:55:19 +1000 Subject: [PATCH] 4193. [bug] Handle broken servers that return BADVERS incorrectly. [RT #40427] --- CHANGES | 3 +++ lib/dns/resolver.c | 35 +++++------------------------------ 2 files changed, 8 insertions(+), 30 deletions(-) diff --git a/CHANGES b/CHANGES index 772a8151a4..283da2e1a1 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,6 @@ +4193. [bug] Handle broken servers that return BADVERS incorrectly. + [RT #40427] + 4192. [bug] The default rrset-order of random was not always being applied. [RT #40456] diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c index b4448aa0f3..1aaca2b062 100644 --- a/lib/dns/resolver.c +++ b/lib/dns/resolver.c @@ -7636,38 +7636,13 @@ resquery_response(isc_task_t *task, isc_event_t *event) { */ result = DNS_R_YXDOMAIN; } else if (message->rcode == dns_rcode_badvers) { - unsigned int flags, mask; - unsigned int version; - - resend = ISC_TRUE; - INSIST(opt != NULL); - version = (opt->ttl >> 16) & 0xff; - flags = (version << DNS_FETCHOPT_EDNSVERSIONSHIFT) | - DNS_FETCHOPT_EDNSVERSIONSET; - mask = DNS_FETCHOPT_EDNSVERSIONMASK | - DNS_FETCHOPT_EDNSVERSIONSET; /* - * Record that we got a good EDNS response. + * This should be impossible as we only send EDNS + * version 0 requests and to return BADVERS you + * need to support EDNS as it is a extended rcode. */ - if (query->ednsversion > (int)version && - !EDNSOK(query->addrinfo)) { - dns_adb_changeflags(fctx->adb, query->addrinfo, - FCTX_ADDRINFO_EDNSOK, - FCTX_ADDRINFO_EDNSOK); - } - /* - * Record the supported EDNS version. - */ - switch (version) { - case 0: - dns_adb_changeflags(fctx->adb, query->addrinfo, - flags, mask); - break; - default: - broken_server = DNS_R_BADVERS; - keep_trying = ISC_TRUE; - break; - } + broken_server = DNS_R_BADVERS; + keep_trying = ISC_TRUE; } else { /* * XXXRTH log.