This seems like an important fix to get in the next 'patch' release or whatever it's to be called, a bit like the pxe filename whoops :-)

Remarkably simple fix too...hopefully not too simple.



On 14/06/17 14:46, Hans Dedecker wrote:
If a DNS server replies REFUSED for a given DNS query in strict order mode
no failover to the next DNS server is triggered as the logic in reply_query
excluded strict order mode by mistake.

Also checking for not strict order mode makes the failover logic related
to REFUSED death code as it also checks for forwardall being 0 which can
only be the case for strict order mode.

Fix this by checking for strict order mode now so the failover logic in
case REFUSED is replied is triggered in case forwardall is 0 for a given
forward record. In case all servers mode is configured the fail over logic
won't be triggered just as before.

Signed-off-by: Hans Dedecker <>
Signed-off-by: Mi Feng <>

Fixes dns failover issue reported in LEDE 

  src/forward.c | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/forward.c b/src/forward.c
index 83f392d..0ce3612 100644
--- a/src/forward.c
+++ b/src/forward.c
@@ -790,7 +790,7 @@ void reply_query(int fd, int family, time_t now)
    /* Note: if we send extra options in the EDNS0 header, we can't recreate
       the query from the reply. */
    if (RCODE(header) == REFUSED &&
-      !option_bool(OPT_ORDER) &&
+      option_bool(OPT_ORDER) &&
        forward->forwardall == 0 &&
        !(forward->flags & FREC_HAS_EXTRADATA))
      /* for broken servers, attempt to send to another one. */

