- Fix that RPZ does not set RD flag on replies, it should be copied

  from the query.

diff --git a/doc/Changelog b/doc/Changelog
index c843a3f06239f4b7276b4737a7b2cae05f9336ea..34366e7aecd8fde0395bb839b5e5716b247e3202 100644 (file)
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -5,6 +5,8 @@
          is blocked with NXDOMAIN by unsetting RA.
        - Fix to add test for rpz-signal-nxdomain-ra.
        - Fix #596: only unset RA when NXDOMAIN is signalled.
+       - Fix that RPZ does not set RD flag on replies, it should be copied
+         from the query.
 
 22 December 2021: George
        - contrib/aaaa-filter-iterator.patch file renewed diff content to

diff --git a/services/rpz.c b/services/rpz.c
index 383440a233c141b7e711f7f439affe51ded23e06..a8e8b5503baeed7951ecb07e2940452b8b3d323f 100644 (file)
--- a/services/rpz.c
+++ b/services/rpz.c
@@ -1698,7 +1698,7 @@ rpz_synthesize_nodata(struct rpz* ATTR_UNUSED(r), struct module_qstate* ms,
        if(msg == NULL) { return msg; }
        msg->qinfo = *qinfo;
        msg->rep = construct_reply_info_base(ms->region,
-                                            LDNS_RCODE_NOERROR | BIT_RD | BIT_QR | BIT_AA | BIT_RA,
+                                            LDNS_RCODE_NOERROR | BIT_QR | BIT_AA | BIT_RA,
                                             1, /* qd */
                                             0, /* ttl */
                                             0, /* prettl */
@@ -1723,7 +1723,7 @@ rpz_synthesize_nxdomain(struct rpz* r, struct module_qstate* ms,
        uint16_t flags;
        if(msg == NULL) { return msg; }
        msg->qinfo = *qinfo;
-       flags = LDNS_RCODE_NXDOMAIN | BIT_RD | BIT_QR | BIT_AA | BIT_RA;
+       flags = LDNS_RCODE_NXDOMAIN | BIT_QR | BIT_AA | BIT_RA;
        if(r->signal_nxdomain_ra)
                flags &= ~BIT_RA;
        msg->rep = construct_reply_info_base(ms->region,
@@ -1757,7 +1757,7 @@ rpz_synthesize_localdata_from_rrset(struct rpz* ATTR_UNUSED(r), struct module_qs
        if(msg == NULL) { return NULL; }
 
         new_reply_info = construct_reply_info_base(ms->region,
-                                                   LDNS_RCODE_NOERROR | BIT_RD | BIT_QR | BIT_AA | BIT_RA,
+                                                   LDNS_RCODE_NOERROR | BIT_QR | BIT_AA | BIT_RA,
                                                    1, /* qd */
                                                    0, /* ttl */
                                                    0, /* prettl */