upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-06-10 16:40:00 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Don't set EDE in ns_client_aclchecksilent

Browse source 
The ns_client_aclchecksilent is used to check multiple ACLs before
the decision is made that a query is denied. It is also used to
determine if recursion is available. In those cases we should not
set the extended DNS error "Prohibited".
This commit is contained in:
Matthijs Mekking 2022-12-14 11:41:10 +01:00
parent 680921c4ef
commit 798c8f57d4
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
lib/ns/client.c
View file

@ -2525,7 +2525,6 @@ allow:
return (ISC_R_SUCCESS);
deny:
ns_client_extendederror(client, DNS_EDE_PROHIBITED, NULL);
return (DNS_R_REFUSED);
}
@ -2548,6 +2547,7 @@ ns_client_checkacl(ns_client_t *client, isc_sockaddr_t *sockaddr,
NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(3),
"%s approved", opname);
} else {
ns_client_extendederror(client, DNS_EDE_PROHIBITED, NULL);
ns_client_log(client, DNS_LOGCATEGORY_SECURITY,
NS_LOGMODULE_CLIENT, log_level, "%s denied",
opname);