From 8fb6266f0e6850dcba5d2e09e66c24cc3c433ed5 Mon Sep 17 00:00:00 2001
From: Jay <BusyJay@users.noreply.github.com>
Date: Wed, 12 Feb 2025 18:44:31 +0800
Subject: [PATCH] avoid returning stale ServFail response

Close #436.

Signed-off-by: Jay <BusyJay@users.noreply.github.com>
---
 proxy/cache.go | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/proxy/cache.go b/proxy/cache.go
index 57118be8d..e193d0d1b 100644
--- a/proxy/cache.go
+++ b/proxy/cache.go
@@ -141,6 +141,12 @@ func (c *cache) unpackItem(data []byte, req *dns.Msg) (ci *cacheItem, expired bo
 		return nil, expired
 	}
 
+	// Don't return expired ServFail response from cache, otherwise it may stop
+	// future refresh.
+	if m.Rcode == dns.RcodeServerFailure && expired {
+		return nil, expired
+	}
+
 	res := (&dns.Msg{}).SetRcode(req, m.Rcode)
 	res.AuthenticatedData = m.AuthenticatedData
 	res.RecursionAvailable = m.RecursionAvailable