Reverting the patch "resolved-Mitigate-DVE-2018-0001-by-retrying-NXDOMAIN-with.patch" solves this problem for me. My best guess is that the following patch segment changes some key logic:
@@ -388,12 +388,12 @@ static int dns_transaction_pick_server(DnsTransaction *t) {
if (!server) return -ESRCH;
- /* If we changed the server invalidate the feature level clamping, as the new server might have completely
- * different properties. */
- if (server != t->server)
+ /* If we changed the server invalidate the current & clamp feature levels, as the new server might have
+ * completely different properties. */
+ if (server != t->server) { t->clamp_feature_level = _DNS_SERVER_FEATURE_LEVEL_INVALID;
-
- t->current_feature_level = dns_server_possible_feature_level(server);
+ t->current_feature_level = dns_server_possible_feature_level(server);
+ }
Note that it makes the assignment dependent on the test, I don't know if this was intentional or not.
Reverting the patch "resolved- Mitigate- DVE-2018- 0001-by- retrying- NXDOMAIN- with.patch" solves this problem for me. My best guess is that the following patch segment changes some key logic:
@@ -388,12 +388,12 @@ static int dns_transaction _pick_server( DnsTransaction *t) {
return -ESRCH;
if (!server)
- /* If we changed the server invalidate the feature level clamping, as the new server might have completely
t->clamp_ feature_ level = _DNS_SERVER_ FEATURE_ LEVEL_INVALID; feature_ level = dns_server_ possible_ feature_ level(server) ; feature_ level = dns_server_ possible_ feature_ level(server) ;
- * different properties. */
- if (server != t->server)
+ /* If we changed the server invalidate the current & clamp feature levels, as the new server might have
+ * completely different properties. */
+ if (server != t->server) {
-
- t->current_
+ t->current_
+ }
Note that it makes the assignment dependent on the test, I don't know if this was intentional or not.