From fad0318c74257ce5deb7c68f68ca37cdf61cc9a9 Mon Sep 17 00:00:00 2001 From: Baptiste Assmann Date: Wed, 28 Oct 2015 02:03:32 +0100 Subject: [PATCH] BUG/MAJOR: dns: first DNS response packet not matching queried hostname may lead to a loop The status DNS_UPD_NAME_ERROR returned by dns_get_ip_from_response and which means the queried name can't be found in the response was improperly processed (fell into the default case). This lead to a loop where HAProxy simply resend a new query as soon as it got a response for this status and in the only case where such type of response is the very first one received by the process. This should be backported into 1.6 branch --- src/server.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/src/server.c b/src/server.c index dcc596105..c92623d48 100644 --- a/src/server.c +++ b/src/server.c @@ -2620,6 +2620,17 @@ int snr_resolution_cb(struct dns_resolution *resolution, struct dns_nameserver * } goto stop_resolution; + case DNS_UPD_NAME_ERROR: + /* if this is not the last expected response, we ignore it */ + if (resolution->nb_responses < nameserver->resolvers->count_nameservers) + return 0; + /* update resolution status to OTHER error type */ + if (resolution->status != RSLV_STATUS_OTHER) { + resolution->status = RSLV_STATUS_OTHER; + resolution->last_status_change = now_ms; + } + goto stop_resolution; + default: goto invalid;