upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2025-12-20 23:00:56 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

- Fix for #596: fix that rpz return message is returned and not just

Browse source 
the rcode from the iterator return path. This fixes signal unset RA
  after a CNAME.
This commit is contained in:
W.C.A. Wijngaards 2022-01-05 13:35:18 +01:00
parent ceef84e022
commit 6b2e96430e
3 changed files with 34 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
doc/Changelog
View file

@ -1,3 +1,8 @@
5 January 2022: Wouter
- Fix for #596: fix that rpz return message is returned and not just
the rcode from the iterator return path. This fixes signal unset RA
after a CNAME.
4 January 2022: Wouter 4 January 2022: Wouter
- Fix #596: unset the RA bit when a query is blocked by an unbound - Fix #596: unset the RA bit when a query is blocked by an unbound
RPZ nxdomain reply. The option rpz-signal-nxdomain-ra allows to RPZ nxdomain reply. The option rpz-signal-nxdomain-ra allows to

4
iterator/iterator.c
View file

@ -2534,7 +2534,7 @@ processQueryTargets(struct module_qstate* qstate, struct iter_qstate* iq,
struct dns_msg* forged_response = rpz_callback_from_iterator_module(qstate, iq); struct dns_msg* forged_response = rpz_callback_from_iterator_module(qstate, iq);
if(forged_response != NULL) { if(forged_response != NULL) {
qstate->ext_state[id] = module_finished; qstate->ext_state[id] = module_finished;
qstate->return_rcode = FLAGS_GET_RCODE(forged_response->rep->flags); qstate->return_rcode = LDNS_RCODE_NOERROR;
qstate->return_msg = forged_response; qstate->return_msg = forged_response;
iq->response = forged_response; iq->response = forged_response;
next_state(iq, FINISHED_STATE); next_state(iq, FINISHED_STATE);
@ -3103,7 +3103,7 @@ processQueryResponse(struct module_qstate* qstate, struct iter_qstate* iq,
} }
if(forged_response != NULL) { if(forged_response != NULL) {
qstate->ext_state[id] = module_finished; qstate->ext_state[id] = module_finished;
qstate->return_rcode = FLAGS_GET_RCODE(forged_response->rep->flags); qstate->return_rcode = LDNS_RCODE_NOERROR;
qstate->return_msg = forged_response; qstate->return_msg = forged_response;
iq->response = forged_response; iq->response = forged_response;
next_state(iq, FINISHED_STATE); next_state(iq, FINISHED_STATE);

27
testdata/rpz_signal_nxdomain_ra.rpl vendored
View file

@ -61,6 +61,16 @@ SECTION ANSWER
b.a. IN TXT "upstream txt rr b.a." b.a. IN TXT "upstream txt rr b.a."
ENTRY_END ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
c.a. IN TXT
SECTION ANSWER
c.a. IN CNAME b.a
ENTRY_END
RANGE_END RANGE_END
STEP 10 QUERY STEP 10 QUERY
@ -79,4 +89,21 @@ a.a. IN TXT
SECTION ANSWER SECTION ANSWER
ENTRY_END ENTRY_END
STEP 20 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
c.a. IN TXT
ENTRY_END
STEP 21 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD AA NXDOMAIN
SECTION QUESTION
c.a. IN TXT
SECTION ANSWER
c.a. IN CNAME b.a
ENTRY_END
SCENARIO_END SCENARIO_END