modified for Gentoo, removed Changelog due to conflicts From 1d38781da934809e6ce0b8c3718c4b3bccdfe1d2 Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Wed, 28 Dec 2022 19:39:06 +0000 Subject: [PATCH] Fix recursion on dns_again_means_nonexist. Bug 2911 --- doc/ChangeLog | 8 +++++ src/dns.c | 12 ++++++++ test/confs/2202 | 18 +++++++++-- test/scripts/2200-dnsdb/2202 | 8 +++++ test/stderr/2202 | 58 +++++++++++++++++++++++++++++++++++- test/stdout/2202 | 8 +++++ 6 files changed, 108 insertions(+), 4 deletions(-) --- a/src/dns.c +++ b/src/dns.c @@ -799,10 +799,11 @@ int dns_basic_lookup(dns_answer * dnsa, const uschar * name, int type) { int rc; #ifndef STAND_ALONE const uschar * save_domain; +static BOOL try_again_recursion = FALSE; #endif /* DNS lookup failures of any kind are cached in a tree. This is mainly so that a timeout on one domain doesn't happen time and time again for messages that have many addresses in the same domain. We rely on the resolver and name server @@ -903,15 +904,26 @@ if (dnsa->answerlen < 0) switch (h_errno DEBUG(D_dns) debug_printf("DNS lookup of %s (%s) gave TRY_AGAIN\n", name, dns_text_type(type)); /* Cut this out for various test programs */ #ifndef STAND_ALONE + if (try_again_recursion) + { + log_write(0, LOG_MAIN|LOG_PANIC, + "dns_again_means_nonexist recursion seen for %s (assuming nonexist)", + name); + return dns_fail_return(name, type, dns_expire_from_soa(dnsa, type), DNS_NOMATCH); + } + + try_again_recursion = TRUE; save_domain = deliver_domain; deliver_domain = string_copy(name); /* set $domain */ rc = match_isinlist(name, CUSS &dns_again_means_nonexist, 0, &domainlist_anchor, NULL, MCL_DOMAIN, TRUE, NULL); deliver_domain = save_domain; + try_again_recursion = FALSE; + if (rc != OK) { DEBUG(D_dns) debug_printf("returning DNS_AGAIN\n"); return dns_fail_return(name, type, 0, DNS_AGAIN); }