diff options
author | Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> | 2018-12-10 09:53:51 +0000 |
---|---|---|
committer | Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> | 2018-12-10 09:57:19 +0000 |
commit | 18e02fa20c949e17ff77d821e464a44640ca4c52 (patch) | |
tree | a0eb32c16097721ef67ce161fddc7f4c27df71cb /package/network/services/dnsmasq/patches/0009-Revert-68f6312d4bae30b78daafcd6f51dc441b8685b1e.patch | |
parent | a6a8fe0be5cd2edb1560bfc3f3094c3d34f2d2b0 (diff) | |
download | upstream-18e02fa20c949e17ff77d821e464a44640ca4c52.tar.gz upstream-18e02fa20c949e17ff77d821e464a44640ca4c52.tar.bz2 upstream-18e02fa20c949e17ff77d821e464a44640ca4c52.zip |
Revert "dnsmasq: follow upstream dnsmasq pre-v2.81"
This reverts commit a6a8fe0be5cd2edb1560bfc3f3094c3d34f2d2b0.
buildbot found an error
option.c: In function 'dhcp_context_free':
option.c:1042:15: error: 'struct dhcp_context' has no member named 'template_interface'
free(ctx->template_interface);
revert for the moment
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Diffstat (limited to 'package/network/services/dnsmasq/patches/0009-Revert-68f6312d4bae30b78daafcd6f51dc441b8685b1e.patch')
-rw-r--r-- | package/network/services/dnsmasq/patches/0009-Revert-68f6312d4bae30b78daafcd6f51dc441b8685b1e.patch | 41 |
1 files changed, 0 insertions, 41 deletions
diff --git a/package/network/services/dnsmasq/patches/0009-Revert-68f6312d4bae30b78daafcd6f51dc441b8685b1e.patch b/package/network/services/dnsmasq/patches/0009-Revert-68f6312d4bae30b78daafcd6f51dc441b8685b1e.patch deleted file mode 100644 index ff9ddd842c..0000000000 --- a/package/network/services/dnsmasq/patches/0009-Revert-68f6312d4bae30b78daafcd6f51dc441b8685b1e.patch +++ /dev/null @@ -1,41 +0,0 @@ -From 122392e0b352507cabb9e982208d35d2e56902e0 Mon Sep 17 00:00:00 2001 -From: Simon Kelley <simon@thekelleys.org.uk> -Date: Wed, 31 Oct 2018 22:24:02 +0000 -Subject: [PATCH 09/11] Revert 68f6312d4bae30b78daafcd6f51dc441b8685b1e - -The above is intended to increase robustness, but actually does the -opposite. The problem is that by ignoring SERVFAIL messages and hoping -for a better answer from another of the servers we've forwarded to, -we become vulnerable in the case that one or more of the configured -servers is down or not responding. - -Consider the case that a domain is indeed BOGUS, and we've send the -query to n servers. With 68f6312d4bae30b78daafcd6f51dc441b8685b1e -we ignore the first n-1 SERVFAIL replies, and only return the -final n'th answer to the client. Now, if one of the servers we are -forwarding to is down, then we won't get all n replies, and the -client will never get an answer! This is a far more likely scenario -than a temporary SERVFAIL from only one of a set of notionally identical -servers, so, on the ground of robustness, we have to believe -any SERVFAIL answers we get, and return them to the client. - -The client could be using the same recursive servers we are, -so it should, in theory, retry on SERVFAIL anyway. - -Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> ---- - src/forward.c | 3 +-- - 1 file changed, 1 insertion(+), 2 deletions(-) - ---- a/src/forward.c -+++ b/src/forward.c -@@ -957,8 +957,7 @@ void reply_query(int fd, int family, tim - we get a good reply from another server. Kill it when we've - had replies from all to avoid filling the forwarding table when - everything is broken */ -- if (forward->forwardall == 0 || --forward->forwardall == 1 || -- (RCODE(header) != REFUSED && RCODE(header) != SERVFAIL)) -+ if (forward->forwardall == 0 || --forward->forwardall == 1 || RCODE(header) != REFUSED) - { - int check_rebind = 0, no_cache_dnssec = 0, cache_secure = 0, bogusanswer = 0; - |