@matter/protocol 0.16.7 → 0.16.8-alpha.0-20260125-38e62bc3e

package/src/mdns/MdnsClient.ts

@@ -63,6 +63,19 @@ const logger = Logger.get("MdnsClient");
 
 const MDNS_EXPIRY_GRACE_PERIOD_FACTOR = 1.05;
 
+/**
+ * Protection window for out-of-order goodbye packets (RFC 6762).
+ * If a record was discovered within this window, ignore TTL=0 goodbye packets
+ * as they likely arrived out of order (goodbye sent before an announcement but received after).
+ */
+const GOODBYE_PROTECTION_WINDOW = Millis(1000);
+
+/**
+ * Minimum TTL for PTR records to prevent DoS attacks with very short TTLs.
+ * Value based on python-zeroconf/bonjour implementation.
+ */
+const RECORD_MIN_TTL = Seconds(15);
+
 type MatterServerRecordWithExpire = ServerAddressUdp & AddressLifespan;
 
 /** Type for commissionable Device records including Lifespan details. */
@@ -891,6 +904,13 @@ export class MdnsClient implements Scanner {
         answersList.forEach(answers =>
             answers.forEach(answer => {
                 const { name, recordType } = answer;
+
+                // Enforce minimum TTL for records to prevent DoS attacks with very short TTLs
+                // But don't modify TTL=0 goodbye packets - those need to be processed for record removal
+                if (answer.ttl > 0 && answer.ttl < RECORD_MIN_TTL) {
+                    answer = { ...answer, ttl: RECORD_MIN_TTL };
+                }
+
                 if (name.endsWith(MATTER_SERVICE_QNAME)) {
                     structuredAnswers.operational = structuredAnswers.operational ?? {};
                     structuredAnswers.operational[recordType] = structuredAnswers.operational[recordType] ?? [];
@@ -926,8 +946,32 @@ export class MdnsClient implements Scanner {
         return structuredAnswers;
     }
 
+    /**
+     * Merge a record into a map with goodbye protection.
+     * Returns true if the record was processed (added or deleted), false if skipped due to protection.
+     */
+    #mergeRecordWithGoodbyeProtection(
+        targetMap: Map<string, AnyDnsRecordWithExpiry>,
+        key: string,
+        record: AnyDnsRecordWithExpiry,
+        now: number,
+    ): void {
+        const existingRecord = targetMap.get(key);
+        if (!existingRecord || existingRecord.discoveredAt < record.discoveredAt) {
+            if (record.ttl === 0) {
+                // Apply goodbye protection - ignore if the existing record is young
+                if (existingRecord && now - existingRecord.discoveredAt < GOODBYE_PROTECTION_WINDOW) {
+                    return;
+                }
+                targetMap.delete(key);
+            } else {
+                targetMap.set(key, record);
+            }
+        }
+    }
+
     #combineStructuredAnswers(...answersList: StructuredDnsAnswers[]): StructuredDnsAnswers {
-        // Special type for easier combination of answers
+        // Special type for an easier combination of answers
         const combinedAnswers: {
             operational?: Record<number, Map<string, AnyDnsRecordWithExpiry>>;
             commissionable?: Record<number, Map<string, AnyDnsRecordWithExpiry>>;
@@ -935,7 +979,9 @@ export class MdnsClient implements Scanner {
             addressesV6?: Record<string, Map<string, AnyDnsRecordWithExpiry>>;
         } = {};
 
+        const now = Time.nowMs;
         for (const answers of answersList) {
+            // Process operational records
             if (answers.operational) {
                 combinedAnswers.operational = combinedAnswers.operational ?? {};
                 for (const [recordType, records] of Object.entries(answers.operational) as unknown as [
@@ -943,18 +989,18 @@ export class MdnsClient implements Scanner {
                     AnyDnsRecordWithExpiry[],
                 ][]) {
                     combinedAnswers.operational[recordType] = combinedAnswers.operational[recordType] ?? new Map();
-                    records.forEach(record => {
-                        const existingRecord = combinedAnswers.operational![recordType].get(record.name);
-                        if (!existingRecord || existingRecord.discoveredAt < record.discoveredAt) {
-                            if (record.ttl === 0) {
-                                combinedAnswers.operational![recordType].delete(record.name);
-                            } else {
-                                combinedAnswers.operational![recordType].set(record.name, record);
-                            }
-                        }
-                    });
+                    for (const record of records) {
+                        this.#mergeRecordWithGoodbyeProtection(
+                            combinedAnswers.operational[recordType],
+                            record.name,
+                            record,
+                            now,
+                        );
+                    }
                 }
             }
+
+            // Process commissionable records
             if (answers.commissionable) {
                 combinedAnswers.commissionable = combinedAnswers.commissionable ?? {};
                 for (const [recordType, records] of Object.entries(answers.commissionable) as unknown as [
@@ -963,18 +1009,18 @@ export class MdnsClient implements Scanner {
                 ][]) {
                     combinedAnswers.commissionable[recordType] =
                         combinedAnswers.commissionable[recordType] ?? new Map();
-                    records.forEach(record => {
-                        const existingRecord = combinedAnswers.commissionable![recordType].get(record.name);
-                        if (!existingRecord || existingRecord.discoveredAt < record.discoveredAt) {
-                            if (record.ttl === 0) {
-                                combinedAnswers.commissionable![recordType].delete(record.name);
-                            } else {
-                                combinedAnswers.commissionable![recordType].set(record.name, record);
-                            }
-                        }
-                    });
+                    for (const record of records) {
+                        this.#mergeRecordWithGoodbyeProtection(
+                            combinedAnswers.commissionable[recordType],
+                            record.name,
+                            record,
+                            now,
+                        );
+                    }
                 }
             }
+
+            // Process IPv6 addresses
             if (answers.addressesV6) {
                 combinedAnswers.addressesV6 = combinedAnswers.addressesV6 ?? {};
                 for (const [name, records] of Object.entries(answers.addressesV6) as unknown as [
@@ -982,18 +1028,18 @@ export class MdnsClient implements Scanner {
                     Map<string, AnyDnsRecordWithExpiry>,
                 ][]) {
                     combinedAnswers.addressesV6[name] = combinedAnswers.addressesV6[name] ?? new Map();
-                    records.forEach(record => {
-                        const existingRecord = combinedAnswers.addressesV6![name].get(record.value);
-                        if (!existingRecord || existingRecord.discoveredAt < record.discoveredAt) {
-                            if (record.ttl === 0) {
-                                combinedAnswers.addressesV6![name].delete(record.value);
-                            } else {
-                                combinedAnswers.addressesV6![name].set(record.value, record);
-                            }
-                        }
-                    });
+                    for (const record of records.values()) {
+                        this.#mergeRecordWithGoodbyeProtection(
+                            combinedAnswers.addressesV6[name],
+                            record.value,
+                            record,
+                            now,
+                        );
+                    }
                 }
             }
+
+            // Process IPv4 addresses
             if (this.#socket.supportsIpv4 && answers.addressesV4) {
                 combinedAnswers.addressesV4 = combinedAnswers.addressesV4 ?? {};
                 for (const [name, records] of Object.entries(answers.addressesV4) as unknown as [
@@ -1001,16 +1047,14 @@ export class MdnsClient implements Scanner {
                     Map<string, AnyDnsRecordWithExpiry>,
                 ][]) {
                     combinedAnswers.addressesV4[name] = combinedAnswers.addressesV4[name] ?? new Map();
-                    records.forEach(record => {
-                        const existingRecord = combinedAnswers.addressesV4![name].get(record.value);
-                        if (!existingRecord || existingRecord.discoveredAt < record.discoveredAt) {
-                            if (record.ttl === 0) {
-                                combinedAnswers.addressesV4![name].delete(record.value);
-                            } else {
-                                combinedAnswers.addressesV4![name].set(record.value, record);
-                            }
-                        }
-                    });
+                    for (const record of records.values()) {
+                        this.#mergeRecordWithGoodbyeProtection(
+                            combinedAnswers.addressesV4[name],
+                            record.value,
+                            record,
+                            now,
+                        );
+                    }
                 }
             }
         }
@@ -1065,43 +1109,60 @@ export class MdnsClient implements Scanner {
     }
 
     /**
-     * Update the discovered matter relevant IP records with the new data from the DNS message.
+     * Update IP address records in a target map with goodbye protection.
+     * Returns true if any records were updated.
      */
-    #updateIpRecords(answers: StructuredDnsAnswers, netInterface: string) {
-        const interfaceRecords = this.#discoveredIpRecords.get(netInterface);
-        if (interfaceRecords === undefined) {
-            return;
+    #updateIpAddressRecords(
+        sourceAddresses: Record<string, Map<string, AnyDnsRecordWithExpiry>> | undefined,
+        targetAddresses: Record<string, Map<string, AnyDnsRecordWithExpiry>> | undefined,
+        now: number,
+    ): boolean {
+        if (!sourceAddresses || !targetAddresses) {
+            return false;
         }
         let updated = false;
-        if (answers.addressesV6) {
-            for (const [target, ipAddresses] of Object.entries(answers.addressesV6)) {
-                if (interfaceRecords.addressesV6?.[target] !== undefined) {
-                    for (const [ip, record] of Object.entries(ipAddresses)) {
-                        if (record.ttl === 0) {
-                            interfaceRecords.addressesV6[target].delete(ip);
-                        } else {
-                            interfaceRecords.addressesV6[target].set(ip, record);
-                        }
-                        updated = true;
-                    }
-                }
+        for (const [target, ipAddresses] of Object.entries(sourceAddresses)) {
+            const targetMap = targetAddresses[target];
+            if (targetMap === undefined) {
+                continue;
             }
-        }
-        if (this.#socket.supportsIpv4 && answers.addressesV4) {
-            for (const [target, ipAddresses] of Object.entries(answers.addressesV4)) {
-                if (interfaceRecords.addressesV4?.[target] !== undefined) {
-                    for (const [ip, record] of Object.entries(ipAddresses)) {
-                        if (record.ttl === 0) {
-                            interfaceRecords.addressesV4[target].delete(ip);
-                        } else {
-                            interfaceRecords.addressesV4[target].set(ip, record);
+            for (const [ip, record] of Object.entries(ipAddresses)) {
+                if (record.ttl === 0) {
+                    const existingRecord = targetMap.get(ip);
+                    if (existingRecord) {
+                        const recordAge = now - existingRecord.discoveredAt;
+                        if (recordAge < GOODBYE_PROTECTION_WINDOW) {
+                            // Record was recently added - ignore goodbye (likely out-of-order packet)
+                            continue;
                         }
+                        targetMap.delete(ip);
                         updated = true;
                     }
+                } else {
+                    targetMap.set(ip, record);
+                    updated = true;
                 }
             }
         }
-        if (updated) {
+        return updated;
+    }
+
+    /**
+     * Update the discovered matter relevant IP records with the new data from the DNS message.
+     */
+    #updateIpRecords(answers: StructuredDnsAnswers, netInterface: string) {
+        const interfaceRecords = this.#discoveredIpRecords.get(netInterface);
+        if (interfaceRecords === undefined) {
+            return;
+        }
+        const now = Time.nowMs;
+
+        const updatedV6 = this.#updateIpAddressRecords(answers.addressesV6, interfaceRecords.addressesV6, now);
+        const updatedV4 =
+            this.#socket.supportsIpv4 &&
+            this.#updateIpAddressRecords(answers.addressesV4, interfaceRecords.addressesV4, now);
+
+        if (updatedV6 || updatedV4) {
             this.#discoveredIpRecords.set(netInterface, interfaceRecords);
         }
     }
@@ -1197,20 +1258,37 @@ export class MdnsClient implements Scanner {
         );
     }
 
+    /**
+     * Handle goodbye (TTL=0) for an operational device record with protection against out-of-order packets.
+     * Returns true if the goodbye was processed (record deleted or protected), false if no action needed.
+     */
+    #handleOperationalDeviceGoodbye(matterName: string, netInterface: string, now: number): boolean {
+        const existingRecord = this.#operationalDeviceRecords.get(matterName);
+        if (!existingRecord) {
+            return false;
+        }
+        const recordAge = now - existingRecord.discoveredAt;
+        if (recordAge < GOODBYE_PROTECTION_WINDOW) {
+            // Record was recently added - ignore goodbye (likely out-of-order packet)
+            return true;
+        }
+        logger.debug(
+            `Removing operational device ${matterName} from cache (interface ${netInterface}) because of ttl=0`,
+        );
+        this.#operationalDeviceRecords.delete(matterName);
+        return true;
+    }
+
     #handleOperationalTxtRecord(record: DnsRecord<any>, netInterface: string) {
         const { name: matterName, value, ttl } = record as DnsRecord<string[]>;
-        const discoveredAt = Time.nowMs;
+        const now = Time.nowMs;
 
-        // we got an expiry info, so we can remove the record if we know it already and are done
+        // we got expiry info, so we can remove the record if we know it already and are done
         if (ttl === 0) {
-            if (this.#operationalDeviceRecords.has(matterName)) {
-                logger.debug(
-                    `Removing operational device ${matterName} from cache (interface ${netInterface}) because of ttl=0`,
-                );
-                this.#operationalDeviceRecords.delete(matterName);
-            }
+            this.#handleOperationalDeviceGoodbye(matterName, netInterface, now);
             return;
         }
+        const discoveredAt = now;
         if (!Array.isArray(value)) return;
 
         // Existing records are always updated if relevant, but no new are added if they are not matching the criteria
@@ -1256,14 +1334,11 @@ export class MdnsClient implements Scanner {
             value: { target, port },
         } = record;
 
+        const now = Time.nowMs;
+
         // We got device expiry info, so we can remove the record if we know it already and are done
         if (ttl === 0) {
-            if (this.#operationalDeviceRecords.has(matterName)) {
-                logger.debug(
-                    `Removing operational device ${matterName} from cache (interface ${netInterface}) because of ttl=0`,
-                );
-                this.#operationalDeviceRecords.delete(matterName);
-            }
+            this.#handleOperationalDeviceGoodbye(matterName, netInterface, now);
             return;
         }
 
@@ -1276,7 +1351,7 @@ export class MdnsClient implements Scanner {
             return;
         }
 
-        const discoveredAt = Time.nowMs;
+        const discoveredAt = now;
         const device = this.#operationalDeviceRecords.get(matterName) ?? {
             deviceIdentifier: matterName,
             addresses: new Map<string, MatterServerRecordWithExpire>(),
@@ -1288,10 +1363,18 @@ export class MdnsClient implements Scanner {
         if (ips.length > 0) {
             for (const { value: ip, ttl } of ips) {
                 if (ttl === 0) {
-                    logger.debug(
-                        `Removing IP ${ip} for operational device ${matterName} from cache (interface ${netInterface}) because of ttl=0`,
-                    );
-                    addresses.delete(ip);
+                    const existingAddress = addresses.get(ip);
+                    if (existingAddress) {
+                        const addressAge = now - existingAddress.discoveredAt;
+                        if (addressAge < GOODBYE_PROTECTION_WINDOW) {
+                            // Address was recently added - ignore goodbye (likely out-of-order packet)
+                            continue;
+                        }
+                        logger.debug(
+                            `Removing IP ${ip} for operational device ${matterName} from cache (interface ${netInterface}) because of ttl=0`,
+                        );
+                        addresses.delete(ip);
+                    }
                     continue;
                 }
                 const address = addresses.get(ip) ?? ({ ip, port, type: "udp" } as MatterServerRecordWithExpire);
@@ -1321,6 +1404,25 @@ export class MdnsClient implements Scanner {
         return;
     }
 
+    /**
+     * Handle goodbye (TTL=0) for a commissionable device record with protection against out-of-order packets.
+     * Returns true if the goodbye should be skipped (record is protected), false if processed or no record exists.
+     */
+    #handleCommissionableDeviceGoodbye(name: string, netInterface: string, now: number): boolean {
+        const existingRecord = this.#commissionableDeviceRecords.get(name);
+        if (!existingRecord) {
+            return false;
+        }
+        const recordAge = now - existingRecord.discoveredAt;
+        if (recordAge < GOODBYE_PROTECTION_WINDOW) {
+            // Record was recently added - ignore goodbye (likely out-of-order packet)
+            return true;
+        }
+        logger.debug(`Removing commissionable device ${name} from cache (interface ${netInterface}) because of ttl=0`);
+        this.#commissionableDeviceRecords.delete(name);
+        return false;
+    }
+
     #handleCommissionableRecords(
         answers: StructuredDnsAnswers,
         formerAnswers: StructuredDnsAnswers,
@@ -1341,17 +1443,14 @@ export class MdnsClient implements Scanner {
 
         const queryMissingDataForInstances = new Set<string>();
 
+        const now = Time.nowMs;
+
         // First process the TXT records
         const txtRecords = commissionableRecords[DnsRecordType.TXT] ?? [];
         for (const record of txtRecords) {
             const { name, ttl } = record;
             if (ttl === 0) {
-                if (this.#commissionableDeviceRecords.has(name)) {
-                    logger.debug(
-                        `Removing commissionable device ${name} from cache (interface ${netInterface}) because of ttl=0`,
-                    );
-                    this.#commissionableDeviceRecords.delete(name);
-                }
+                this.#handleCommissionableDeviceGoodbye(name, netInterface, now);
                 continue;
             }
             const txtRecord = this.#parseCommissionableTxtRecord(record);
@@ -1392,10 +1491,8 @@ export class MdnsClient implements Scanner {
                 ttl,
             } = record as DnsRecord<SrvRecordValue>;
             if (ttl === 0) {
-                logger.debug(
-                    `Removing commissionable device ${record.name} from cache (interface ${netInterface}) because of ttl=0`,
-                );
-                this.#commissionableDeviceRecords.delete(record.name);
+                // Handle goodbye - either deletes or protects the record
+                this.#handleCommissionableDeviceGoodbye(record.name, netInterface, now);
                 continue;
             }
 
@@ -1405,15 +1502,23 @@ export class MdnsClient implements Scanner {
             if (ips.length > 0) {
                 for (const { value: ip, ttl } of ips) {
                     if (ttl === 0) {
-                        logger.debug(
-                            `Removing IP ${ip} for commissionable device ${record.name} from cache (interface ${netInterface}) because of ttl=0`,
-                        );
-                        storedRecord.addresses.delete(ip);
+                        const existingAddress = storedRecord.addresses.get(ip);
+                        if (existingAddress) {
+                            const addressAge = now - existingAddress.discoveredAt;
+                            if (addressAge < GOODBYE_PROTECTION_WINDOW) {
+                                // Address was recently added - ignore goodbye (likely out-of-order packet)
+                                continue;
+                            }
+                            logger.debug(
+                                `Removing IP ${ip} for commissionable device ${record.name} from cache (interface ${netInterface}) because of ttl=0`,
+                            );
+                            storedRecord.addresses.delete(ip);
+                        }
                         continue;
                     }
                     const matterServer =
                         storedRecord.addresses.get(ip) ?? ({ ip, port, type: "udp" } as MatterServerRecordWithExpire);
-                    matterServer.discoveredAt = Time.nowMs;
+                    matterServer.discoveredAt = now;
                     matterServer.ttl = ttl;
 
                     storedRecord.addresses.set(ip, matterServer);

package/src/mdns/MdnsServer.ts

@@ -24,10 +24,14 @@ import {
     ObserverGroup,
     Time,
     Timer,
+    Timestamp,
 } from "#general";
 
 const logger = Logger.get("MdnsServer");
 
+/** RFC 6762 §7.3 - Window for duplicate question suppression (999ms per python-zeroconf) */
+export const QUESTION_SUPPRESSION_WINDOW = Millis(999);
+
 export class MdnsServer {
     #lifetime: Lifetime;
     #observers = new ObserverGroup();
@@ -51,6 +55,14 @@ export class MdnsServer {
     );
     readonly #recordLastSentAsMulticastAnswer = new Map<string, number>();
     readonly #truncatedQueryCache = new Map<string, { message: MdnsSocket.Message; timer: Timer }>();
+    /** RFC 6762 §7.3 - Tracks recently answered queries for duplicate suppression */
+    readonly #recentlyAnsweredQueries = new Map<
+        string,
+        {
+            knownAnswerHashes: Set<string>;
+            timestamp: Timestamp;
+        }
+    >();
 
     readonly #socket: MdnsSocket;
 
@@ -135,6 +147,11 @@ export class MdnsServer {
                 );
                 if (answers.length === 0) continue; // Nothing to send
 
+                // RFC 6762 §7.3 - Check for duplicate question suppression
+                if (this.#shouldSuppressResponse(queries, knownAnswers, sourceIntf, answers)) {
+                    continue; // Another responder already answered
+                }
+
                 answers.forEach(answer =>
                     this.#recordLastSentAsMulticastAnswer.set(this.buildDnsRecordKey(answer, sourceIntf), now),
                 );
@@ -181,7 +198,6 @@ export class MdnsServer {
                 for (const [service, serviceRecords] of records) {
                     if (services.length && !services.includes(service)) continue;
 
-                    // TODO: try to combine the messages to avoid sending multiple messages but keep under 1500 bytes per message
                     await this.#announceRecordsForInterface(netInterface, serviceRecords);
                     await Time.sleep("MDNS delay", Millis(20 + Math.floor(Math.random() * 100))); // as per DNS-SD spec wait 20-120ms before sending more packets
                 }
@@ -198,15 +214,12 @@ export class MdnsServer {
                 const records = await this.#records.get(netInterface);
                 for (const [service, serviceRecords] of records) {
                     if (services.length && !services.includes(service)) continue;
-                    const instanceSet = new Set<string>();
+
+                    // Set TTL to Instant for all records to expire them
                     serviceRecords.forEach(record => {
                         record.ttl = Instant;
-                        if (record.recordType === DnsRecordType.TXT) {
-                            instanceSet.add(record.name);
-                        }
                     });
 
-                    // TODO: try to combine the messages to avoid sending multiple messages but keep under 1500 bytes per message
                     await this.#announceRecordsForInterface(netInterface, serviceRecords);
                     this.#recordsGenerator.delete(service);
                     await Time.sleep("MDNS delay", Millis(20 + Math.floor(Math.random() * 100))); // as per DNS-SD spec wait 20-120ms before sending more packets
@@ -220,12 +233,14 @@ export class MdnsServer {
     async setRecordsGenerator(service: string, generator: MdnsServer.RecordGenerator) {
         await this.#records.clear();
         this.#recordLastSentAsMulticastAnswer.clear();
+        this.#recentlyAnsweredQueries.clear();
         this.#recordsGenerator.set(service, generator);
     }
 
     async #resetServices() {
         await this.#records.clear();
         this.#recordLastSentAsMulticastAnswer.clear();
+        this.#recentlyAnsweredQueries.clear();
     }
 
     async close() {
@@ -237,6 +252,7 @@ export class MdnsServer {
         }
         this.#truncatedQueryCache.clear();
         this.#recordLastSentAsMulticastAnswer.clear();
+        this.#recentlyAnsweredQueries.clear();
     }
 
     #getMulticastInterfacesForAnnounce() {
@@ -252,6 +268,63 @@ export class MdnsServer {
         }
     }
 
+    /**
+     * RFC 6762 §7.3 - Checks if we should suppress a response because another responder
+     * has recently answered the same question with answers that cover what we'd send.
+     * Also, lazily cleans up expired entries from the cache.
+     */
+    #shouldSuppressResponse(
+        queries: { name: string; recordType: DnsRecordType }[],
+        knownAnswers: DnsRecord<any>[],
+        sourceIntf: string,
+        answers: DnsRecord<any>[],
+    ): boolean {
+        const now = Time.nowMs;
+
+        // Clean up expired entries
+        for (const [key, entry] of this.#recentlyAnsweredQueries) {
+            if (now - entry.timestamp >= QUESTION_SUPPRESSION_WINDOW) {
+                this.#recentlyAnsweredQueries.delete(key);
+            }
+        }
+
+        // Build query signature
+        const queryKey =
+            queries
+                .map(q => `${q.name}-${q.recordType}`)
+                .sort()
+                .join("|") + `-${sourceIntf}`;
+
+        const cached = this.#recentlyAnsweredQueries.get(queryKey);
+
+        if (cached && now - cached.timestamp < QUESTION_SUPPRESSION_WINDOW) {
+            // Check if all our answers are already in the known answers from the cached response
+            const answerHashes = answers.map(a => this.buildDnsRecordKey(a, sourceIntf));
+            const allAnswersKnown = answerHashes.every(h => cached.knownAnswerHashes.has(h));
+
+            if (allAnswersKnown) {
+                return true; // Suppress - another responder already answered with our records
+            }
+        }
+
+        // Record that we're answering this question
+        const knownAnswerHashes = new Set<string>();
+        for (const answer of knownAnswers) {
+            knownAnswerHashes.add(this.buildDnsRecordKey(answer, sourceIntf));
+        }
+        // Also add our answers to the known set
+        for (const answer of answers) {
+            knownAnswerHashes.add(this.buildDnsRecordKey(answer, sourceIntf));
+        }
+
+        this.#recentlyAnsweredQueries.set(queryKey, {
+            knownAnswerHashes,
+            timestamp: now,
+        });
+
+        return false;
+    }
+
     async #processTruncatedQuery(key: string) {
         const { message, timer } = this.#truncatedQueryCache.get(key) ?? {};
         this.#truncatedQueryCache.delete(key);

package/src/peer/ControllerCommissioningFlow.ts

@@ -6,6 +6,7 @@
 
 import { ClientInteraction } from "#action/client/ClientInteraction.js";
 import { ClientRead } from "#action/client/ClientRead.js";
+import { WriteResult } from "#action/index.js";
 import { Invoke } from "#action/request/Invoke.js";
 import { Read } from "#action/request/Read.js";
 import { Write } from "#action/request/Write.js";
@@ -1673,7 +1674,7 @@ export class ControllerCommissioningFlow {
         for (const requestorEndpoint of this.collectedCommissioningData.otaRequestorList) {
             try {
                 // Fabric scoped attribute, so we just overwrite our value
-                await this.interaction.write(
+                const writeResult = await this.interaction.write(
                     Write(
                         Write.Attribute({
                             endpoint: requestorEndpoint,
@@ -1689,6 +1690,9 @@ export class ControllerCommissioningFlow {
                         }),
                     ),
                 );
+
+                WriteResult.assertSuccess(writeResult);
+
                 success = true;
                 logger.debug(`Added default OTA provider on endpoint ${endpoint}`);
             } catch (error) {

package/src/protocol/MessageExchange.ts

@@ -493,7 +493,7 @@ export class MessageExchange {
                 options?.expectedProcessingTime,
             );
         }
-        return this.#messagesQueue.read(timeout);
+        return this.#messagesQueue.read({ timeout });
     }
 
     async #sendStandaloneAckForMessage(message: Message) {