- rpz-triggers, use sec_status_insecure like respip, AA flag on RPZ responses.

diff --git a/services/rpz.c b/services/rpz.c
index 966f7833aabd25bcf9b734cf65efb0b9328b221a..c06e096ae2f57d54d92a09f3155929d56827af31 100644 (file)
--- a/services/rpz.c
+++ b/services/rpz.c
@@ -1599,7 +1599,9 @@ rpz_synthesize_nodata(struct rpz* ATTR_UNUSED(r), struct module_qstate* ms,
                                             0, //ns
                                             0, //ar
                                             0, //total
-                                            sec_status_secure);
+                                            sec_status_insecure);
+       if(msg->rep)
+               msg->rep->authoritative = 1;
        return msg;
 }
 
@@ -1620,7 +1622,9 @@ rpz_synthesize_nxdomain(struct rpz* ATTR_UNUSED(r), struct module_qstate* ms,
                                             0, //ns
                                             0, //ar
                                             0, //total
-                                            sec_status_secure);
+                                            sec_status_insecure);
+       if(msg->rep)
+               msg->rep->authoritative = 1;
        return msg;
 }
 
@@ -1647,11 +1651,12 @@ rpz_synthesize_localdata_from_rrset(struct rpz* ATTR_UNUSED(r), struct module_qs
                                                    0, //ns
                                                    0, //ar
                                                    1, //total
-                                                   sec_status_secure);
+                                                   sec_status_insecure);
        if(new_reply_info == NULL) {
                log_err("out of memory");
                return NULL;
        }
+       new_reply_info->authoritative = 1;
        rp = respip_copy_rrset(rrset->rrset, ms->region);
        if(rp == NULL) {
                log_err("out of memory");

diff --git a/testdata/rpz_nsdname.rpl b/testdata/rpz_nsdname.rpl
index 7b55ebeb7b54ddeb7632a7872338b375295d5c54..79b5bec4034b1fbf64508d9b0022aad65b8404e4 100644 (file)
--- a/testdata/rpz_nsdname.rpl
+++ b/testdata/rpz_nsdname.rpl
@@ -362,7 +362,7 @@ ENTRY_END
 STEP 21 CHECK_ANSWER
 ENTRY_BEGIN
 MATCH all
-REPLY QR RD RA NOERROR
+REPLY QR RD RA AA NOERROR
 SECTION QUESTION
 gotham.bb. IN A
 SECTION ANSWER
@@ -378,7 +378,7 @@ ENTRY_END
 STEP 31 CHECK_ANSWER
 ENTRY_BEGIN
 MATCH all
-REPLY QR RD RA NOERROR
+REPLY QR RD RA AA NOERROR
 SECTION QUESTION
 gotham.ff. IN A
 SECTION ANSWER

diff --git a/testdata/rpz_nsip.rpl b/testdata/rpz_nsip.rpl
index a3cda6050d86eb3421903a11b0d09c2e131881e7..58b377e8f782ab308b4bea5de8699dd01854462c 100644 (file)
--- a/testdata/rpz_nsip.rpl
+++ b/testdata/rpz_nsip.rpl
@@ -362,7 +362,7 @@ ENTRY_END
 STEP 21 CHECK_ANSWER
 ENTRY_BEGIN
 MATCH all
-REPLY QR RD RA NOERROR
+REPLY QR RD RA AA NOERROR
 SECTION QUESTION
 gotham.bb. IN A
 SECTION ANSWER
@@ -378,7 +378,7 @@ ENTRY_END
 STEP 31 CHECK_ANSWER
 ENTRY_BEGIN
 MATCH all
-REPLY QR RD RA NOERROR
+REPLY QR RD RA AA NOERROR
 SECTION QUESTION
 gotham.ff. IN A
 SECTION ANSWER
@@ -396,7 +396,7 @@ ENTRY_END
 STEP 41 CHECK_ANSWER
 ENTRY_BEGIN
 MATCH all
-REPLY QR RD RA NOERROR
+REPLY QR RD RA AA NOERROR
 SECTION QUESTION
 gotham.ff. IN A
 SECTION ANSWER

diff --git a/testdata/rpz_qname.rpl b/testdata/rpz_qname.rpl
index 2bc038c3702cfcaf2d6972acd8b48ff29942cb09..ede6972331d0fe63ea9ae4582379d1551206dbd4 100644 (file)
--- a/testdata/rpz_qname.rpl
+++ b/testdata/rpz_qname.rpl
@@ -388,7 +388,7 @@ ENTRY_END
 STEP 101 CHECK_ANSWER
 ENTRY_BEGIN
 MATCH all
-REPLY QR RD RA NOERROR
+REPLY QR RD RA AA NOERROR
 SECTION QUESTION
 f.example.     IN      TXT
 SECTION ANSWER