mirror of
https://github.com/openwrt/openwrt.git
synced 2025-01-19 11:16:32 +00:00
7541d30c9c
f52bb5b fix previous commit
18eac67 Fix entries in /etc/hosts disabling static leases.
f8c77ed Fix removal of DHCP_CLIENT_MAC options from DHCPv6 relay replies.
4bf62f6 Tidy cache_blockdata_free()
9c0d445 Fix e7bfd556c079c8b5e7425aed44abc35925b24043 to actually work.
2896e24 Check for not(DS or DNSKEY) in is_outdated_cname_pointer()
a90f09d Fix crash freeing negative SRV cache entries.
5b99eae Cache SRV records.
2daca52 Fix typo in ra-param man page section.
2c59473 File logic bug in cache-marshalling code. Introduced a couple of commits back.
cc921df Remove nested struct/union in cache records and all_addr.
ab194ed Futher address union tidying.
65a01b7
Tidy address-union handling: move class into explicit argument.
bde4647 Tidy all_addr union, merge log and rcode fields.
e7bfd55 Alter DHCP address selection after DECLINE in consec-addr mode. Avoid offering the same address after a recieving a DECLINE message to stop an infinite protocol loop. This has long been done in default address allocation mode: this adds similar behaviour when allocaing addresses consecutively.
The most relevant fix for openwrt is 18eac67 (& my own local f52bb5b
which fixes a missing bracket silly) To quote the patch:
It is possible for a config entry to have one address family specified by a
dhcp-host directive and the other added from /etc/hosts. This is especially
common on OpenWrt because it uses odhcpd for DHCPv6 and IPv6 leases are
imported into dnsmasq via a hosts file.
To handle this case there need to be separate *_HOSTS flags for IPv4 and IPv6.
Otherwise when the hosts file is reloaded it will clear the CONFIG_ADDR(6) flag
which was set by the dhcp-host directive.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
42 lines
1.9 KiB
Diff
42 lines
1.9 KiB
Diff
From 122392e0b352507cabb9e982208d35d2e56902e0 Mon Sep 17 00:00:00 2001
|
|
From: Simon Kelley <simon@thekelleys.org.uk>
|
|
Date: Wed, 31 Oct 2018 22:24:02 +0000
|
|
Subject: [PATCH 09/30] Revert 68f6312d4bae30b78daafcd6f51dc441b8685b1e
|
|
|
|
The above is intended to increase robustness, but actually does the
|
|
opposite. The problem is that by ignoring SERVFAIL messages and hoping
|
|
for a better answer from another of the servers we've forwarded to,
|
|
we become vulnerable in the case that one or more of the configured
|
|
servers is down or not responding.
|
|
|
|
Consider the case that a domain is indeed BOGUS, and we've send the
|
|
query to n servers. With 68f6312d4bae30b78daafcd6f51dc441b8685b1e
|
|
we ignore the first n-1 SERVFAIL replies, and only return the
|
|
final n'th answer to the client. Now, if one of the servers we are
|
|
forwarding to is down, then we won't get all n replies, and the
|
|
client will never get an answer! This is a far more likely scenario
|
|
than a temporary SERVFAIL from only one of a set of notionally identical
|
|
servers, so, on the ground of robustness, we have to believe
|
|
any SERVFAIL answers we get, and return them to the client.
|
|
|
|
The client could be using the same recursive servers we are,
|
|
so it should, in theory, retry on SERVFAIL anyway.
|
|
|
|
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
|
|
---
|
|
src/forward.c | 3 +--
|
|
1 file changed, 1 insertion(+), 2 deletions(-)
|
|
|
|
--- a/src/forward.c
|
|
+++ b/src/forward.c
|
|
@@ -957,8 +957,7 @@ void reply_query(int fd, int family, tim
|
|
we get a good reply from another server. Kill it when we've
|
|
had replies from all to avoid filling the forwarding table when
|
|
everything is broken */
|
|
- if (forward->forwardall == 0 || --forward->forwardall == 1 ||
|
|
- (RCODE(header) != REFUSED && RCODE(header) != SERVFAIL))
|
|
+ if (forward->forwardall == 0 || --forward->forwardall == 1 || RCODE(header) != REFUSED)
|
|
{
|
|
int check_rebind = 0, no_cache_dnssec = 0, cache_secure = 0, bogusanswer = 0;
|
|
|