upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-06-11 01:31:48 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

RPZ 'servfail-until-ready': skip updating SERVFAIL cache

Browse source 
In order to not pollute the SERVFAIL cache with the configured
SERVFAIL answers while RPZ is loading, set the NS_CLIENTATTR_NOSETFC
attribute for the client.

(cherry picked from commit d9b5f6c502)
This commit is contained in:
Aram Sargsyan 2025-08-27 14:33:01 +00:00 committed by Petr Špaček
parent fe80c31859
commit cf687c0bda
1 changed files with 3 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
lib/ns/query.c
View file

@ -4359,6 +4359,9 @@ rpz_rewrite(ns_client_t *client, dns_rdatatype_t qtype, isc_result_t qresult,
if (first_time && popt.servfail_until_ready &&
zones_processed < zones_registered)
{
/* Do not pollute SERVFAIL cache */
client->attributes |= NS_CLIENTATTR_NOSETFC;
rpz_log_fail(client, DNS_RPZ_DEBUG_LEVEL3, NULL,
DNS_RPZ_TYPE_QNAME, "RPZ not ready yet", result);
st->m.policy = DNS_RPZ_POLICY_ERROR;