- Fix to reply with SERVFAIL when the wait-limit is exceeded.

2026-02-02 11:49:28 -05:00 · 2025-10-15 11:36:29 +02:00 · 2025-10-15 11:36:29 +02:00 · c8860a5fb6
commit c8860a5fb6
parent 735c96aac7
2 changed files with 12 additions and 2 deletions
--- a/doc/Changelog
+++ b/doc/Changelog
@ -1,5 +1,6 @@
 15 October 2025: Wouter
 	- Fix to drop UDP for discard-timeout, but not stream connections.
+	- Fix to reply with SERVFAIL when the wait-limit is exceeded.

 10 October 2025: Wouter
 	- Fix #1358 Enabling FIPS in OpenSSL causes unit test to fail.
--- a/services/mesh.c
+++ b/services/mesh.c
@ -441,9 +441,18 @@ void mesh_new_client(struct mesh_area* mesh, struct query_info* qinfo,
 	if(!infra_wait_limit_allowed(mesh->env->infra_cache, rep,
 		edns->cookie_valid, mesh->env->cfg)) {
 		verbose(VERB_ALGO, "Too many queries waiting from the IP. "
-			"dropping incoming query.");
-		comm_point_drop_reply(rep);
+			"servfail incoming query.");
 		mesh->num_queries_wait_limit++;
+		edns_opt_list_append_ede(&edns->opt_list_out,
+			mesh->env->scratch, LDNS_EDE_OTHER,
+			"Too many queries queued up and waiting from the IP");
+		if(!inplace_cb_reply_servfail_call(mesh->env, qinfo, NULL, NULL,
+			LDNS_RCODE_SERVFAIL, edns, rep, mesh->env->scratch, mesh->env->now_tv))
+				edns->opt_list_inplace_cb_out = NULL;
+		error_encode(r_buffer, LDNS_RCODE_SERVFAIL,
+			qinfo, qid, qflags, edns);
+		regional_free_all(mesh->env->scratch);
+		comm_point_send_reply(rep);
 		return;
 	}
 	if(!unique)