upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-04-15 22:09:31 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fix TTL issue with ANY queries processed through RPZ "passthru"

Browse source 
Answers to an "ANY" query which are processed by the RPZ "passthru"
policy have the response-policy's 'max-policy-ttl' value unexpectedly
applied. Do not change the records' TTL when RPZ uses a policy which
does not alter the answer.
This commit is contained in:
Aram Sargsyan 2025-02-26 13:32:20 +00:00 committed by Arаm Sаrgsyаn
parent 49ccbe857a
commit 5633dc90d3
1 changed files with 4 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
lib/ns/query.c
View file

@ -7757,7 +7757,10 @@ query_respond_any(query_ctx_t *qctx) {
}
qctx->rpz_st = qctx->client->query.rpz_st;
if (qctx->rpz_st != NULL) {
if (qctx->rpz_st != NULL &&
qctx->rpz_st->m.policy != DNS_RPZ_POLICY_MISS &&
qctx->rpz_st->m.policy != DNS_RPZ_POLICY_PASSTHRU)
{
qctx->rdataset->ttl =
ISC_MIN(qctx->rdataset->ttl,
qctx->rpz_st->m.ttl);