From 11753c42dd43e1ef3b86c5077326be79d7afc5ec Mon Sep 17 00:00:00 2001 From: kn Date: Fri, 22 Oct 2021 13:38:07 +0000 Subject: [PATCH] Honour enabled resolvers to keep unused forwarders actually disabled An unwind.conf like the following would still query forwarders, both "." periodically and any explicit "example.com." queries: preference { recursor autoconf stub } forwarder { 2001:db8::1 } force accept bogus forwarder { example.com. } That's because the forwarder and resolver children processes start with the default configuration and main later sends them the effective user configuration; merging them, however, would ignore the list of enabled resolvers, i.e. those listed in the `preference {}' block and thusly cause children to always have all forwarders enabled (as is by default). Copy the resolvers list during merge to fix this and restore expected behaviour. (Noticed during tests with "forwarder" temporarily removed from `preference {}' while leaving the rest as is: my VPN interface serving that forwarder showed DNS traffic while it was supposed to be silent.) OK florian --- sbin/unwind/unwind.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/sbin/unwind/unwind.c b/sbin/unwind/unwind.c index ba9d1819df6..49201e46d0f 100644 --- a/sbin/unwind/unwind.c +++ b/sbin/unwind/unwind.c @@ -1,4 +1,4 @@ -/* $OpenBSD: unwind.c,v 1.63 2021/08/31 20:18:03 kn Exp $ */ +/* $OpenBSD: unwind.c,v 1.64 2021/10/22 13:38:07 kn Exp $ */ /* * Copyright (c) 2018 Florian Obser @@ -661,6 +661,9 @@ merge_config(struct uw_conf *conf, struct uw_conf *xconf) free(n); } + memcpy(&conf->enabled_resolvers, &xconf->enabled_resolvers, + sizeof(conf->enabled_resolvers)); + memcpy(&conf->res_pref, &xconf->res_pref, sizeof(conf->res_pref)); -- 2.20.1