[master] rpz_ver check was ineffective

bin/named/query.c

@@ -6565,8 +6565,15 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
 			 * Has response policy changed out from under us?
 			 */
 			if (rpz_st->rpz_ver != client->view->rpzs->rpz_ver) {
-				CTRACE(ISC_LOG_ERROR,
-				       "query_find: RPZ settings out of date");
+#ifdef WANT_QUERYTRACE
+				char txt[80];
+				sprintf(txt,
+					"query_find: RPZ settings out of date "
+					"(rpz_ver %d, expected %d)",
+					client->view->rpzs->rpz_ver,
+					rpz_st->rpz_ver);
+				CTRACE(ISC_LOG_ERROR, txt);
+#endif
 				QUERY_ERROR(DNS_R_SERVFAIL);
 				goto cleanup;
 			}

bin/named/server.c

@@ -1935,7 +1935,8 @@ configure_rpz(dns_view_t *view, const cfg_obj_t *rpz_obj,
 		dns_rpz_detach_rpzs(&view->rpzs);
 		dns_rpz_attach_rpzs(pview->rpzs, &view->rpzs);
 	} else if (old != NULL && pview != NULL) {
-		view->rpzs->rpz_ver = pview->rpzs->rpz_ver + 1;
+		pview->rpzs->rpz_ver += 1;
+		view->rpzs->rpz_ver = pview->rpzs->rpz_ver;
 		cfg_obj_log(rpz_obj, ns_g_lctx, ISC_LOG_DEBUG(1),
 			    "updated RPZ policy: version %d",
 			    view->rpzs->rpz_ver);