From eb08640a44ed938b1252d88233e110da4cdffa95 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Wed, 8 Feb 2017 19:55:16 +0100
Subject: [PATCH] resolved: when a server response with REFUSED, try a
 different one

Fixes: #4264
---
 src/resolve/resolved-dns-transaction.c | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/src/resolve/resolved-dns-transaction.c b/src/resolve/resolved-dns-transaction.c
index 2fce44e..1985dbd 100644
--- a/src/resolve/resolved-dns-transaction.c
+++ b/src/resolve/resolved-dns-transaction.c
@@ -924,7 +924,16 @@ void dns_transaction_process_reply(DnsTransaction *t, DnsPacket *p) {
 
                         dns_transaction_retry(t, false /* use the same server */);
                         return;
-                } else if (DNS_PACKET_TC(p))
+                }
+
+                if (DNS_PACKET_RCODE(p) == DNS_RCODE_REFUSED) {
+                        /* This server refused our request? If so, try again, use a different server */
+                        log_debug("Server returned REFUSED, switching servers, and retrying.");
+                        dns_transaction_retry(t, true /* pick a new server */);
+                        return;
+                }
+
+                if (DNS_PACKET_TC(p))
                         dns_server_packet_truncated(t->server, t->current_feature_level);
 
                 break;
-- 
2.7.4