From 469bbe0f973bf33e20d6011748cb68fab8a9a12d Mon Sep 17 00:00:00 2001
From: Mark Andrews <marka@isc.org>
Date: Thu, 17 Apr 2014 15:43:38 +1000
Subject: [PATCH] 3810.   [bug]           Work around broken nameservers that
 fail to ignore                         unknown EDNS options. [RT #35766]

---
 CHANGES            |  3 +++
 lib/dns/resolver.c | 18 ++++++++++++++++++
 2 files changed, 21 insertions(+)

diff --git a/CHANGES b/CHANGES
index 497f693652..0ada88dbe1 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+3810.	[bug]		Work around broken nameservers that fail to ignore
+			unknown EDNS options. [RT #35766]
+
 3809.	[doc]		Fix SIT and NSID documentation.
 
 3808.	[doc]		Clean up "prefetch" documentation. [RT #35751]
diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c
index 11c805f7e8..cb05e69c2c 100644
--- a/lib/dns/resolver.c
+++ b/lib/dns/resolver.c
@@ -7455,6 +7455,24 @@ resquery_response(isc_task_t *task, isc_event_t *event) {
 	 */
 	if (message->rcode != dns_rcode_noerror &&
 	    message->rcode != dns_rcode_nxdomain) {
+#ifdef ISC_PLATFORM_USESIT
+		unsigned char sit[64];
+
+		/*
+		 * Some servers do not ignore unknown EDNS options.
+		 */
+		if (!NOSIT(query->addrinfo) &&
+		    (message->rcode == dns_rcode_formerr ||
+		     message->rcode == dns_rcode_notimp ||
+		     message->rcode == dns_rcode_refused) &&
+		     dns_adb_getsit(fctx->adb, query->addrinfo,
+				   sit, sizeof(sit)) == 0U) {
+			dns_adb_changeflags(fctx->adb, query->addrinfo,
+					    FCTX_ADDRINFO_NOSIT,
+					    FCTX_ADDRINFO_NOSIT);
+			resend = ISC_TRUE;
+		} else
+#endif
 		if (((message->rcode == dns_rcode_formerr ||
 		      message->rcode == dns_rcode_notimp) ||
 		     (message->rcode == dns_rcode_servfail &&