From c17cc4fa7a2f6978a8b4bc2973b97120bd0fb98b Mon Sep 17 00:00:00 2001 From: Evan Hunt Date: Sun, 3 May 2026 22:00:39 -0700 Subject: [PATCH] Clear dns64_aaaaok immediately after use The DNS64 state information stored in client->query.dns64_aaaaok could cause an assertion failure in query_respond() if the server was configured in such a way as to trigger a new recursion before the query had been reset - for example, by using the filter-aaaa plugin, which may need to recurse to find out whether an A record exists. This has been addressed by clearing DNS64 state information immediately after the call to query_filter64(). (cherry picked from commit 7213b038f0beb2f4750b858113af1f9e18ae0520) --- bin/tests/system/filter_aaaa/ns5/named.conf.in | 6 +++--- lib/ns/query.c | 5 ++++- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/bin/tests/system/filter_aaaa/ns5/named.conf.in b/bin/tests/system/filter_aaaa/ns5/named.conf.in index 36380cd321..37cb8d3fbb 100644 --- a/bin/tests/system/filter_aaaa/ns5/named.conf.in +++ b/bin/tests/system/filter_aaaa/ns5/named.conf.in @@ -23,9 +23,9 @@ options { dnssec-validation no; notify yes; dns64 64:ff9b::/96 { - clients { any; }; - exclude { any; }; - mapped { any; }; + clients { any; }; + exclude { ::1/128; }; + mapped { any; }; }; minimal-responses no; }; diff --git a/lib/ns/query.c b/lib/ns/query.c index 91f2292db8..86485b7875 100644 --- a/lib/ns/query.c +++ b/lib/ns/query.c @@ -716,7 +716,6 @@ query_reset(ns_client_t *client, bool everything) { if (client->query.dns64_aaaaok != NULL) { isc_mem_put(client->mctx, client->query.dns64_aaaaok, client->query.dns64_aaaaoklen * sizeof(bool)); - client->query.dns64_aaaaok = NULL; client->query.dns64_aaaaoklen = 0; } @@ -8331,6 +8330,10 @@ query_addanswer(query_ctx_t *qctx) { } else if (qctx->client->query.dns64_aaaaok != NULL) { query_filter64(qctx); ns_client_putrdataset(qctx->client, &qctx->rdataset); + isc_mem_put(qctx->client->mctx, + qctx->client->query.dns64_aaaaok, + qctx->client->query.dns64_aaaaoklen * sizeof(bool)); + qctx->client->query.dns64_aaaaoklen = 0; } else { if (!qctx->is_zone && RECURSIONOK(qctx->client) && !QUERY_STALETIMEOUT(&qctx->client->query))