Honour enabled resolvers to keep unused forwarders actually disabled

An unwind.conf like the following would still query forwarders,
both "." periodically and any explicit "example.com." queries:

	preference { recursor autoconf stub }
	forwarder { 2001:db8::1 }
	force accept bogus forwarder { example.com. }

That's because the forwarder and resolver children processes start with
the default configuration and main later sends them the effective user
configuration;  merging them, however, would ignore the list of enabled
resolvers, i.e. those listed in the `preference {}' block and thusly
cause children to always have all forwarders enabled (as is by default).

Copy the resolvers list during merge to fix this and restore expected
behaviour.

(Noticed during tests with "forwarder" temporarily removed from
`preference {}' while leaving the rest as is:  my VPN interface serving
that forwarder showed DNS traffic while it was supposed to be silent.)

OK florian

1 files changed, 4 insertions, 1 deletions

diff --git a/sbin/unwind/unwind.c b/sbin/unwind/unwind.c
index ba9d1819df6..49201e46d0f 100644
--- a/sbin/unwind/unwind.c
+++ b/sbin/unwind/unwind.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: unwind.c,v 1.63 2021/08/31 20:18:03 kn Exp $	*/
+/*	$OpenBSD: unwind.c,v 1.64 2021/10/22 13:38:07 kn Exp $	*/
 
 /*
  * Copyright (c) 2018 Florian Obser <florian@openbsd.org>
@@ -661,6 +661,9 @@ merge_config(struct uw_conf *conf, struct uw_conf *xconf)
 		free(n);
 	}
 
+	memcpy(&conf->enabled_resolvers, &xconf->enabled_resolvers,
+	    sizeof(conf->enabled_resolvers));
+
 	memcpy(&conf->res_pref, &xconf->res_pref,
 	    sizeof(conf->res_pref));