1 files changed, 43 insertions, 0 deletions

diff --git a/package/network/services/dnsmasq/patches/0001-Fix-spurious-resource-limit-exceeded-messages.patch b/package/network/services/dnsmasq/patches/0001-Fix-spurious-resource-limit-exceeded-messages.patch
new file mode 100644
index 0000000000..f25ee20413
--- /dev/null
+++ b/package/network/services/dnsmasq/patches/0001-Fix-spurious-resource-limit-exceeded-messages.patch
@@ -0,0 +1,43 @@
+From 1ed783b8d7343c42910a61f12a8fc6237eb80417 Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon@thekelleys.org.uk>
+Date: Mon, 19 Feb 2024 12:22:43 +0000
+Subject: Fix spurious "resource limit exceeded" messages.
+
+Replies from upstream with a REFUSED rcode can result in
+log messages stating that a resource limit has been exceeded,
+which is not the case.
+
+Thanks to Dominik Derigs and the Pi-hole project for
+spotting this.
+---
+ CHANGELOG     | 5 +++++
+ src/forward.c | 6 +++---
+ 2 files changed, 8 insertions(+), 3 deletions(-)
+
+--- a/CHANGELOG
++++ b/CHANGELOG
+@@ -1,3 +1,8 @@
++version 2.91
++	Fix spurious "resource limit exceeded messages". Thanks to 
++	Dominik Derigs for the bug report.
++	
++
+ version 2.90
+ 	Fix reversion in --rev-server introduced in 2.88 which
+ 	caused breakage if the prefix length is not exactly divisible
+--- a/src/forward.c
++++ b/src/forward.c
+@@ -937,10 +937,10 @@ static void dnssec_validate(struct frec
+ 	status = dnssec_validate_reply(now, header, plen, daemon->namebuff, daemon->keyname, &forward->class, 
+ 				       !option_bool(OPT_DNSSEC_IGN_NS) && (forward->sentto->flags & SERV_DO_DNSSEC),
+ 				       NULL, NULL, NULL, &orig->validate_counter);
+-    }
+ 
+-  if (STAT_ISEQUAL(status, STAT_ABANDONED))
+-    log_resource = 1;
++      if (STAT_ISEQUAL(status, STAT_ABANDONED))
++	log_resource = 1;
++    }
+   
+   /* Can't validate, as we're missing key data. Put this
+      answer aside, whilst we get that. */