Comment 4 for bug 1785383

Steve Dodd (anarchetic) wrote :

Reverting the patch "resolved-Mitigate-DVE-2018-0001-by-retrying-NXDOMAIN-with.patch" solves this problem for me. My best guess is that the following patch segment changes some key logic:

@@ -388,12 +388,12 @@ static int dns_transaction_pick_server(DnsTransaction *t) {
         if (!server)
                 return -ESRCH;

- /* If we changed the server invalidate the feature level clamping, as the new server might have completely
- * different properties. */
- if (server != t->server)
+ /* If we changed the server invalidate the current & clamp feature levels, as the new server might have
+ * completely different properties. */
+ if (server != t->server) {
                 t->clamp_feature_level = _DNS_SERVER_FEATURE_LEVEL_INVALID;
-
- t->current_feature_level = dns_server_possible_feature_level(server);
+ t->current_feature_level = dns_server_possible_feature_level(server);
+ }

Note that it makes the assignment dependent on the test, I don't know if this was intentional or not.