3921. [bug] AD was inappopriately set on RPZ responses. [RT #36833]

2025-08-30 14:07:59 +00:00 · 2014-08-22 15:45:40 +10:00
parent 3d66a979b5
commit cef76ee5bd
3 changed files with 10 additions and 2 deletions
--- a/2
+++ b/2
@@ -1,3 +1,5 @@
 3921.	[bug]		AD was inappopriately set on RPZ responses. [RT #36833]
 3920.	[doc]		Added doc for masterfile-style. [RT #36823]
 3919.	[bug]		dig: continue to next line if a address lookup fails
--- a/bin/named/query.c
+++ b/bin/named/query.c
@@ -5450,7 +5450,7 @@ rpz_add_cname(ns_client_t *client, dns_rpz_st_t *st,
 	 * response policy zone cannot verify.
 	 */
 	client->attributes &= ~(NS_CLIENTATTR_WANTDNSSEC |
-				DNS_MESSAGEFLAG_AD);
+				NS_CLIENTATTR_WANTAD);
 	return (ISC_R_SUCCESS);
 }
@@ -6679,7 +6679,8 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
 			 * response policy zone cannot verify.
 			 */
 			client->attributes &= ~(NS_CLIENTATTR_WANTDNSSEC |
-						DNS_MESSAGEFLAG_AD);
+						NS_CLIENTATTR_WANTAD);
 			client->message->flags &= ~DNS_MESSAGEFLAG_AD;
 			query_putrdataset(client, &sigrdataset);
 			rpz_st->q.is_zone = is_zone;
 			is_zone = ISC_TRUE;
--- a/bin/tests/system/rpz/tests.sh
+++ b/bin/tests/system/rpz/tests.sh
@@ -209,6 +209,11 @@ clean_result () {
 # $1=dig args $2=other dig output file
 ckresult () {
    #ckalive "$1" "I:server crashed by 'dig $1'" || return 1
    if grep "flags:.* aa .*ad;" $DIGNM; then
 	setret "I:'dig $1' AA and AD set;"
    elif grep "flags:.* aa .*ad;" $DIGNM; then
 	setret "I:'dig $1' AD set;"
    fi
    if $PERL $SYSTEMTESTTOP/digcomp.pl $DIGNM $2 >/dev/null; then
 	NEED_TCP=`echo "$1" | sed -n -e 's/[Tt][Cc][Pp].*/TCP/p'`
 	RESULT_TCP=`sed -n -e 's/.*Truncated, retrying in TCP.*/TCP/p' $DIGNM`