If a DNS server replies REFUSED for a given DNS query in strict order mode
no failover to the next DNS server is triggered as the failover logic only
covers non strict mode.
As a result the client will be returned the REFUSED reply without first
falling back to the secondary DNS server(s).

Make failover support work as well for strict mode config in case REFUSED is
replied by deleting the strict order check and rely only on forwardall being
equal to 0 which is the case in non strict mode when a single server has been
contacted or when strict order mode has been configured.

Signed-off-by: Hans Dedecker <***@gmail.com>
Signed-off-by: Mi Feng <***@gmail.com>
---
v1 -> v2: leave out OPT_ORDER check completely

src/forward.c | 1 -
1 file changed, 1 deletion(-)

diff --git a/src/forward.c b/src/forward.c
index 4a3f831..f22556a 100644
--- a/src/forward.c
+++ b/src/forward.c
@@ -790,7 +790,6 @@ void reply_query(int fd, int family, time_t now)
/* Note: if we send extra options in the EDNS0 header, we can't recreate
the query from the reply. */
if (RCODE(header) == REFUSED &&
- !option_bool(OPT_ORDER) &&
forward->forwardall == 0 &&
!(forward->flags & FREC_HAS_EXTRADATA))
/* for broken servers, attempt to send to another one. */