Test clientIP before name, fix one more cutoff condition.

diff --git a/pdns/filterpo.cc b/pdns/filterpo.cc
index 316c31a7dbbf5096eb471c1e81f2a34135fee66e..dbcd59ea5dacff906db86c9de2b870b19ab5b6bf 100644 (file)
--- a/pdns/filterpo.cc
+++ b/pdns/filterpo.cc
@@ -248,6 +248,11 @@ DNSFilterEngine::Policy DNSFilterEngine::getQueryPolicy(const DNSName& qname, co
       ++count;
       continue;
     }
+    if (z->findClientPolicy(ca, pol)) {
+      // cerr<<"Had a hit on the IP address ("<<ca.toString()<<") of the client"<<endl;
+      return pol;
+    }
+
     if (z->findExactQNamePolicy(qname, pol)) {
       // cerr<<"Had a hit on the name of the query"<<endl;
       return pol;
@@ -260,18 +265,13 @@ DNSFilterEngine::Policy DNSFilterEngine::getQueryPolicy(const DNSName& qname, co
       }
     }
 
-    if (z->findClientPolicy(ca, pol)) {
-      // cerr<<"Had a hit on the IP address ("<<ca.toString()<<") of the client"<<endl;
-      return pol;
-    }
-
     ++count;
   }
 
   return pol;
 }
 
-DNSFilterEngine::Policy DNSFilterEngine::getPostPolicy(const vector<DNSRecord>& records, const std::unordered_map<std::string,bool>& discardedPolicies, Priority currentPriority) const
+DNSFilterEngine::Policy DNSFilterEngine::getPostPolicy(const vector<DNSRecord>& records, const std::unordered_map<std::string,bool>& discardedPolicies, Priority maxPriority) const
 {
   Policy pol;
   ComboAddress ca;
@@ -292,7 +292,7 @@ DNSFilterEngine::Policy DNSFilterEngine::getPostPolicy(const vector<DNSRecord>&
       continue;
 
     for (const auto& z : d_zones) {
-      if (z->getPriority() > currentPriority) {
+      if (z->getPriority() >= maxPriority) {
         break;
       }
       const auto zoneName = z->getName();