mirror of
https://gitlab.isc.org/isc-projects/bind9
synced 2025-08-29 05:28:00 +00:00
ensure RPZ lookups handle CD=1 correctly
RPZ rewrites called dns_db_findext() without passing through the client database options; as as result, if the client set CD=1, DNS_DBFIND_PENDINGOK was not used as it should have been, and cache lookups failed, resulting in failure of the rewrite.
This commit is contained in:
parent
0bcff38391
commit
305a50dbe1
@ -3762,7 +3762,7 @@ rpz_rewrite_ip_rrset(ns_client_t *client, dns_name_t *name,
|
||||
struct in_addr ina;
|
||||
struct in6_addr in6a;
|
||||
isc_result_t result;
|
||||
unsigned int options = DNS_DBFIND_GLUEOK;
|
||||
unsigned int options = client->query.dboptions | DNS_DBFIND_GLUEOK;
|
||||
bool done = false;
|
||||
|
||||
CTRACE(ISC_LOG_DEBUG(3), "rpz_rewrite_ip_rrset");
|
||||
@ -3823,8 +3823,9 @@ rpz_rewrite_ip_rrset(ns_client_t *client, dns_name_t *name,
|
||||
* otherwise we are done.
|
||||
*/
|
||||
if (result == DNS_R_GLUE) {
|
||||
options = 0;
|
||||
options = client->query.dboptions;
|
||||
} else {
|
||||
options = client->query.dboptions | DNS_DBFIND_GLUEOK;
|
||||
done = true;
|
||||
}
|
||||
|
||||
@ -4384,7 +4385,7 @@ rpz_rewrite(ns_client_t *client, dns_rdatatype_t qtype, isc_result_t qresult,
|
||||
|
||||
dns_fixedname_init(&nsnamef);
|
||||
dns_name_clone(client->query.qname, dns_fixedname_name(&nsnamef));
|
||||
options = DNS_DBFIND_GLUEOK;
|
||||
options = client->query.dboptions | DNS_DBFIND_GLUEOK;
|
||||
while (st->r.label > st->popt.min_ns_labels) {
|
||||
bool was_glue = false;
|
||||
/*
|
||||
@ -4510,9 +4511,9 @@ rpz_rewrite(ns_client_t *client, dns_rdatatype_t qtype, isc_result_t qresult,
|
||||
* glue responses, otherwise setup for the next name.
|
||||
*/
|
||||
if (was_glue) {
|
||||
options = 0;
|
||||
options = client->query.dboptions;
|
||||
} else {
|
||||
options = DNS_DBFIND_GLUEOK;
|
||||
options = client->query.dboptions | DNS_DBFIND_GLUEOK;
|
||||
st->r.label--;
|
||||
}
|
||||
|
||||
|
Loading…
x
Reference in New Issue
Block a user