commit 08504de71813ddbd447bfbca4a325cbe8ce8bcda
Author: Florian Weimer <fweimer@redhat.com>
Date:   Tue Mar 12 11:40:47 2019 +0100

    resolv: Enable full ICMP errors for UDP DNS sockets [BZ #24047]
    
    The Linux kernel suppresses some ICMP error messages by default for
    UDP sockets.  This commit enables full ICMP error reporting,
    hopefully resulting in faster failover to working name servers.

diff --git a/resolv/Makefile b/resolv/Makefile
index 8f22e6a154..ebe1b733f2 100644
--- a/resolv/Makefile
+++ b/resolv/Makefile
@@ -105,7 +105,7 @@ libresolv-routines := res_comp res_debug \
 		      res_data res_mkquery res_query res_send		\
 		      inet_net_ntop inet_net_pton inet_neta base64	\
 		      ns_parse ns_name ns_netint ns_ttl ns_print	\
-		      ns_samedomain ns_date \
+		      ns_samedomain ns_date res_enable_icmp \
 		      compat-hooks compat-gethnamaddr
 
 libanl-routines := gai_cancel gai_error gai_misc gai_notify gai_suspend \
diff --git a/resolv/res_enable_icmp.c b/resolv/res_enable_icmp.c
new file mode 100644
index 0000000000..bdc9220f08
--- /dev/null
+++ b/resolv/res_enable_icmp.c
@@ -0,0 +1,37 @@
+/* Enable full ICMP errors on a socket.
+   Copyright (C) 2019 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, see
+   <http://www.gnu.org/licenses/>.  */
+
+#include <errno.h>
+#include <netinet/in.h>
+#include <sys/socket.h>
+
+int
+__res_enable_icmp (int family, int fd)
+{
+  int one = 1;
+  switch (family)
+    {
+    case AF_INET:
+      return setsockopt (fd, SOL_IP, IP_RECVERR, &one, sizeof (one));
+    case AF_INET6:
+      return setsockopt (fd, SOL_IPV6, IPV6_RECVERR, &one, sizeof (one));
+    default:
+      __set_errno (EAFNOSUPPORT);
+      return -1;
+    }
+}
diff --git a/resolv/res_send.c b/resolv/res_send.c
index fa040c1198..0f6ec83a7b 100644
--- a/resolv/res_send.c
+++ b/resolv/res_send.c
@@ -943,6 +943,18 @@ reopen (res_state statp, int *terrno, int ns)
 			return (-1);
 		}
 
+		/* Enable full ICMP error reporting for this
+		   socket.  */
+		if (__res_enable_icmp (nsap->sa_family,
+				       EXT (statp).nssocks[ns]) < 0)
+		  {
+		    int saved_errno = errno;
+		    __res_iclose (statp, false);
+		    __set_errno (saved_errno);
+		    *terrno = saved_errno;
+		    return -1;
+		  }
+
 		/*
 		 * On a 4.3BSD+ machine (client and server,
 		 * actually), sending to a nameserver datagram
diff --git a/resolv/resolv-internal.h b/resolv/resolv-internal.h
index 6ab8f2af09..1500adc607 100644
--- a/resolv/resolv-internal.h
+++ b/resolv/resolv-internal.h
@@ -100,4 +100,10 @@ libc_hidden_proto (__inet_pton_length)
 /* Called as part of the thread shutdown sequence.  */
 void __res_thread_freeres (void) attribute_hidden;
 
+/* The Linux kernel does not enable all ICMP messages on a UDP socket
+   by default.  A call this function enables full error reporting for
+   the socket FD.  FAMILY must be AF_INET or AF_INET6.  Returns 0 on
+   success, -1 on failure.  */
+int __res_enable_icmp (int family, int fd) attribute_hidden;
+
 #endif  /* _RESOLV_INTERNAL_H */