mirror of
https://github.com/openwrt/openwrt.git
synced 2024-12-25 00:11:13 +00:00
28c87d7ecd
These two patches are fixing minor problems with DNSSEC found shortly after the dnsmasq 2.90 release. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
44 lines
1.4 KiB
Diff
44 lines
1.4 KiB
Diff
From 1ed783b8d7343c42910a61f12a8fc6237eb80417 Mon Sep 17 00:00:00 2001
|
|
From: Simon Kelley <simon@thekelleys.org.uk>
|
|
Date: Mon, 19 Feb 2024 12:22:43 +0000
|
|
Subject: Fix spurious "resource limit exceeded" messages.
|
|
|
|
Replies from upstream with a REFUSED rcode can result in
|
|
log messages stating that a resource limit has been exceeded,
|
|
which is not the case.
|
|
|
|
Thanks to Dominik Derigs and the Pi-hole project for
|
|
spotting this.
|
|
---
|
|
CHANGELOG | 5 +++++
|
|
src/forward.c | 6 +++---
|
|
2 files changed, 8 insertions(+), 3 deletions(-)
|
|
|
|
--- a/CHANGELOG
|
|
+++ b/CHANGELOG
|
|
@@ -1,3 +1,8 @@
|
|
+version 2.91
|
|
+ Fix spurious "resource limit exceeded messages". Thanks to
|
|
+ Dominik Derigs for the bug report.
|
|
+
|
|
+
|
|
version 2.90
|
|
Fix reversion in --rev-server introduced in 2.88 which
|
|
caused breakage if the prefix length is not exactly divisible
|
|
--- a/src/forward.c
|
|
+++ b/src/forward.c
|
|
@@ -937,10 +937,10 @@ static void dnssec_validate(struct frec
|
|
status = dnssec_validate_reply(now, header, plen, daemon->namebuff, daemon->keyname, &forward->class,
|
|
!option_bool(OPT_DNSSEC_IGN_NS) && (forward->sentto->flags & SERV_DO_DNSSEC),
|
|
NULL, NULL, NULL, &orig->validate_counter);
|
|
- }
|
|
|
|
- if (STAT_ISEQUAL(status, STAT_ABANDONED))
|
|
- log_resource = 1;
|
|
+ if (STAT_ISEQUAL(status, STAT_ABANDONED))
|
|
+ log_resource = 1;
|
|
+ }
|
|
|
|
/* Can't validate, as we're missing key data. Put this
|
|
answer aside, whilst we get that. */
|