2 Fix that with harden-below-nxdomain and qname minisation enabled
3 some iterator states for nonresponsive domains can get into a
4 state where they waited for an empty list.
5 Stop UDP to TCP failover after timeouts that causes the ping count
6 to be reset by the TCP time measurement (that exists for TLS),
7 because that causes the UDP part to not be measured as timeout.
9 Index: iterator/iterator.c
10 ===================================================================
11 --- a/iterator/iterator.c
12 +++ b/iterator/iterator.c
13 @@ -2752,6 +2752,12 @@ processQueryResponse(struct module_qstate* qstate, struct iter_qstate* iq,
15 "could not validate NXDOMAIN "
17 + outbound_list_clear(&iq->outlist);
18 + iq->num_current_queries = 0;
19 + fptr_ok(fptr_whitelist_modenv_detach_subs(
20 + qstate->env->detach_subs));
21 + (*qstate->env->detach_subs)(qstate);
22 + iq->num_target_queries = 0;
25 return next_state(iq, QUERYTARGETS_STATE);
26 Index: services/outside_network.c
27 ===================================================================
28 --- a/services/outside_network.c
29 +++ b/services/outside_network.c
30 @@ -1979,7 +1979,7 @@ serviced_udp_callback(struct comm_point* c, void* arg, int error,
33 if(rto >= RTT_MAX_TIMEOUT) {
35 + /* fallback_tcp = 1; */
36 /* UDP does not work, fallback to TCP below */
38 serviced_callbacks(sq, NETEVENT_TIMEOUT, c, rep);