- Fix for #596: fix that rpz return message is returned and not just

the rcode from the iterator return path. This fixes signal unset RA after a CNAME.
2025-12-20 23:00:56 -05:00 · 2022-01-05 13:35:18 +01:00 · 2022-01-05 13:35:18 +01:00 · 6b2e96430e
commit 6b2e96430e
parent ceef84e022
3 changed files with 34 additions and 2 deletions
--- a/doc/Changelog
+++ b/doc/Changelog
@ -1,3 +1,8 @@
+5 January 2022: Wouter
+	- Fix for #596: fix that rpz return message is returned and not just
+	  the rcode from the iterator return path. This fixes signal unset RA
+	  after a CNAME.
+
 4 January 2022: Wouter
 	- Fix #596: unset the RA bit when a query is blocked by an unbound
 	  RPZ nxdomain reply. The option rpz-signal-nxdomain-ra allows to
--- a/iterator/iterator.c
+++ b/iterator/iterator.c
@ -2534,7 +2534,7 @@ processQueryTargets(struct module_qstate* qstate, struct iter_qstate* iq,
 		struct dns_msg* forged_response = rpz_callback_from_iterator_module(qstate, iq);
 		if(forged_response != NULL) {
 			qstate->ext_state[id] = module_finished;
-			qstate->return_rcode = FLAGS_GET_RCODE(forged_response->rep->flags);
+			qstate->return_rcode = LDNS_RCODE_NOERROR;
 			qstate->return_msg = forged_response;
 			iq->response = forged_response;
 			next_state(iq, FINISHED_STATE);
@ -3103,7 +3103,7 @@ processQueryResponse(struct module_qstate* qstate, struct iter_qstate* iq,
 			}
 			if(forged_response != NULL) {
 				qstate->ext_state[id] = module_finished;
-				qstate->return_rcode = FLAGS_GET_RCODE(forged_response->rep->flags);
+				qstate->return_rcode = LDNS_RCODE_NOERROR;
 				qstate->return_msg = forged_response;
 				iq->response = forged_response;
 				next_state(iq, FINISHED_STATE);
--- a/testdata/rpz_signal_nxdomain_ra.rpl
+++ b/testdata/rpz_signal_nxdomain_ra.rpl
@ -61,6 +61,16 @@ SECTION ANSWER
 b.a.  IN  TXT "upstream txt rr b.a."
 ENTRY_END

+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+c.a.  IN  TXT
+SECTION ANSWER
+c.a.  IN  CNAME b.a
+ENTRY_END
+
 RANGE_END

 STEP 10 QUERY
@ -79,4 +89,21 @@ a.a.  IN TXT
 SECTION ANSWER
 ENTRY_END

+STEP 20 QUERY
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+c.a.  IN TXT
+ENTRY_END
+
+STEP 21 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD AA NXDOMAIN
+SECTION QUESTION
+c.a.  IN TXT
+SECTION ANSWER
+c.a.  IN  CNAME b.a
+ENTRY_END
+
 SCENARIO_END