From aba8a201f884f8d29e3525c2e13e33a6fc0f84f5 Mon Sep 17 00:00:00 2001 From: Klemens Nanni Date: Fri, 22 Oct 2021 13:38:08 +0000 Subject: Honour enabled resolvers to keep unused forwarders actually disabled An unwind.conf like the following would still query forwarders, both "." periodically and any explicit "example.com." queries: preference { recursor autoconf stub } forwarder { 2001:db8::1 } force accept bogus forwarder { example.com. } That's because the forwarder and resolver children processes start with the default configuration and main later sends them the effective user configuration; merging them, however, would ignore the list of enabled resolvers, i.e. those listed in the `preference {}' block and thusly cause children to always have all forwarders enabled (as is by default). Copy the resolvers list during merge to fix this and restore expected behaviour. (Noticed during tests with "forwarder" temporarily removed from `preference {}' while leaving the rest as is: my VPN interface serving that forwarder showed DNS traffic while it was supposed to be silent.) OK florian --- sbin/unwind/unwind.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'sbin/unwind/unwind.c') diff --git a/sbin/unwind/unwind.c b/sbin/unwind/unwind.c index ba9d1819df6..49201e46d0f 100644 --- a/sbin/unwind/unwind.c +++ b/sbin/unwind/unwind.c @@ -1,4 +1,4 @@ -/* $OpenBSD: unwind.c,v 1.63 2021/08/31 20:18:03 kn Exp $ */ +/* $OpenBSD: unwind.c,v 1.64 2021/10/22 13:38:07 kn Exp $ */ /* * Copyright (c) 2018 Florian Obser @@ -661,6 +661,9 @@ merge_config(struct uw_conf *conf, struct uw_conf *xconf) free(n); } + memcpy(&conf->enabled_resolvers, &xconf->enabled_resolvers, + sizeof(conf->enabled_resolvers)); + memcpy(&conf->res_pref, &xconf->res_pref, sizeof(conf->res_pref)); -- cgit v1.2.3