- Phil Lisiecki filed bug report #2413067

(http://curl.haxx.se/bug/view.cgi?id=2413067) that identified a problem that
  would cause libcurl to mark a DNS cache entry "in use" eternally if the
  subsequence TCP connect failed. It would thus never get pruned and refreshed
  as it should've been.

CHANGES

@@ -6,6 +6,16 @@
 
                                   Changelog
 
+Daniel Stenberg (29 Dec 2008)
+ - Phil Lisiecki filed bug report #2413067
+  (http://curl.haxx.se/bug/view.cgi?id=2413067) that identified a problem that
+  would cause libcurl to mark a DNS cache entry "in use" eternally if the
+  subsequence TCP connect failed. It would thus never get pruned and refreshed
+  as it should've been.
+
+  Phil provided his own patch to this problem that while it seemed to work
+  wasn't complete and thus I wrote my own fix to the problem.
+
 Daniel Stenberg (28 Dec 2008)
 - Peter Korsgaard fixed building libcurl with "configure --with-ssl
   --disable-verbose".

RELEASE-NOTES

@@ -39,6 +39,7 @@ This release includes the following bugfixes:
  o the multi_socket API and HTTP pipelining now work a lot better when combined
  o SFTP seek/resume beyond 32bit file sizes
  o fixed breakage with --with-ssl --disable-verbose
+ o TTL "leak" in the DNS cache
 
 This release includes the following known bugs:
 
@@ -50,6 +51,6 @@ advice from friends like these:
  Yang Tse, Daniel Fandrich, Jim Meyering, Christian Krause, Andreas Wurf,
  Markus Koetter, Josef Wolf, Vlad Grachov, Pawel Kierski, Igor Novoseltsev,
  Fred Machado, Ken Hirsch, Keshav Krity, Patrick Monnerat, Mark Karpeles,
- Anthony Bryan, Peter Korsgaard
+ Anthony Bryan, Peter Korsgaard, Phil Lisiecki
 
         Thanks! (and sorry if I forgot to mention someone)

TODO-RELEASE

@@ -1,6 +1,4 @@
 To be addressed in 7.19.3 (planned release: January 2009)
 =========================
 
-203 - "dns cache memory leak and TTL failure after failed conn" bug #2413067
 
-204 - 

lib/url.c

@@ -4523,22 +4523,28 @@ CURLcode Curl_connect(struct SessionHandle *data,
 
   if(CURLE_OK == code) {
     /* no error */
-    if((*in_connect)->send_pipe->size +
-       (*in_connect)->recv_pipe->size != 0)
+    if((*in_connect)->send_pipe->size || (*in_connect)->recv_pipe->size)
       /* pipelining */
       *protocol_done = TRUE;
     else {
+
       if(dns || !*asyncp)
         /* If an address is available it means that we already have the name
            resolved, OR it isn't async. if this is a re-used connection 'dns'
            will be NULL here. Continue connecting from here */
         code = setup_conn(*in_connect, dns, protocol_done);
-      /* else
-         response will be received and treated async wise */
+
+      if(dns && code) {
+        /* We have the dns entry info already but failed to connect to the
+         * host and thus we must make sure to unlock the dns entry again
+         * before returning failure from here.
+         */
+        Curl_resolv_unlock(data, dns);
+      }
     }
   }
 
-  if(CURLE_OK != code && *in_connect) {
+  if(code && *in_connect) {
     /* We're not allowed to return failure with memory left allocated
        in the connectdata struct, free those here */
     Curl_disconnect(*in_connect); /* close the connection */