triggered operation.
- Fix for #596: add unit test for nsip trigger and signal unset RA.
- Fix #598: Fix unbound-checkconf fatal error: module conf
'respip dns64 validator iterator' is not known to work.
+ - Fix for #596: Fix rpz-signal-nxdomain-ra to work for clientip
+ triggered operation.
4 January 2022: Wouter
- Fix #596: unset the RA bit when a query is blocked by an unbound
local_zones_zone_answer(*z_out /*likely NULL, no zone*/, env, qinfo, edns,
repinfo, buf, temp, 0 /* no local data used */,
rpz_action_to_localzone_type(client_action));
+ if(*r_out && (*r_out)->signal_nxdomain_ra &&
+ LDNS_RCODE_WIRE(sldns_buffer_begin(buf))
+ == LDNS_RCODE_NXDOMAIN)
+ LDNS_RA_CLR(sldns_buffer_begin(buf));
}
ret = 1;
goto done;
module-config: "respip validator iterator"
target-fetch-policy: "0 0 0 0 0"
qname-minimisation: no
+ access-control: 192.0.0.0/8 allow
rpz:
name: "rpz.example.com."
b.a CNAME .
ns1.a.rpz-nsdname CNAME .
24.0.0.0.192.rpz-nsip CNAME .
+24.0.3.0.192.rpz-client-ip CNAME .
TEMPFILE_END
stub-zone:
ns2.a. IN A 192.0.0.5
ENTRY_END
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+f.a. IN TXT
+SECTION ANSWER
+f.a. IN TXT "upstream txt rr f.a."
+ENTRY_END
+
RANGE_END
RANGE_BEGIN 0 100
SECTION ANSWER
ENTRY_END
+; clientip trigger
+STEP 50 QUERY ADDRESS 192.0.3.1
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+f.a. IN TXT
+ENTRY_END
+
+STEP 51 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR AA RD NXDOMAIN
+SECTION QUESTION
+f.a. IN TXT
+SECTION ANSWER
+ENTRY_END
+
SCENARIO_END
projects / thirdparty / unbound.git / commitdiff
