rec: a few RPZ tweaks

- Log policyname on policyHit when updating root
- Do not register invalid file-based RPZs
- Do not return null SOA

diff --git a/pdns/recursordist/filterpo.hh b/pdns/recursordist/filterpo.hh
index 2fec80813b086c110e654cddaeddd16ff12a77d1..fbd14c1d76d0328e63c65870f3e36e7cda606eb3 100644 (file)
--- a/pdns/recursordist/filterpo.hh
+++ b/pdns/recursordist/filterpo.hh
@@ -212,7 +212,7 @@ public:
 
     [[nodiscard]] bool getSOA(DNSRecord& rec) const
     {
-      if (d_zoneData) {
+      if (d_zoneData && d_zoneData->d_soa.getContent()) {
         rec = d_zoneData->d_soa;
         return true;
       }

diff --git a/pdns/recursordist/rec-main.cc b/pdns/recursordist/rec-main.cc
index 6a1eb68358ba2af78b6898913d6f43b762e55310..efd01215cf56262898d50788bd5c2ba2af487ec7 100644 (file)
--- a/pdns/recursordist/rec-main.cc
+++ b/pdns/recursordist/rec-main.cc
@@ -3426,7 +3426,7 @@ static void* pleaseInitPolCounts(const string& name)
   return nullptr;
 }
 
-static void activateRPZFile(const RPZTrackerParams& params, LuaConfigItems& lci, shared_ptr<DNSFilterEngine::Zone>& zone)
+static bool activateRPZFile(const RPZTrackerParams& params, LuaConfigItems& lci, shared_ptr<DNSFilterEngine::Zone>& zone)
 {
   auto log = lci.d_slog->withValues("file", Logging::Loggable(params.name));
 
@@ -3441,7 +3441,10 @@ static void activateRPZFile(const RPZTrackerParams& params, LuaConfigItems& lci,
   catch (const std::exception& e) {
     SLOG(g_log << Logger::Error << "Unable to load RPZ zone from '" << params.name << "': " << e.what() << endl,
          log->error(Logr::Error, e.what(), "Exception while loading RPZ zone from file"));
+    zone->clear();
+    return false;
   }
+  return true;
 }
 
 static void activateRPZPrimary(RPZTrackerParams& params, LuaConfigItems& lci, shared_ptr<DNSFilterEngine::Zone>& zone, const DNSName& domain)
@@ -3500,8 +3503,9 @@ static void activateRPZs(LuaConfigItems& lci)
     zone->setIgnoreDuplicates(params.ignoreDuplicates);
 
     if (params.primaries.empty()) {
-      activateRPZFile(params, lci, zone);
-      lci.dfe.addZone(zone);
+      if (activateRPZFile(params, lci, zone)) {
+        lci.dfe.addZone(zone);
+      }
     }
     else {
       DNSName domain(params.name);

diff --git a/pdns/recursordist/syncres.cc b/pdns/recursordist/syncres.cc
index 8c1ffcfe4b72c924bd2129361b7fb7825ad24d77..7fe0c309dd8b8ca6ec5a958b6deb6d0d4155b09c 100644 (file)
--- a/pdns/recursordist/syncres.cc
+++ b/pdns/recursordist/syncres.cc
@@ -6223,9 +6223,10 @@ int SyncRes::getRootNS(struct timeval now, asyncresolve_t asyncCallback, unsigne
     SLOG(g_log << Logger::Error << "Failed to update . records, got an exception: " << e.reason << endl,
          log->error(Logr::Error, e.reason, msg, "exception", Logging::Loggable("ImmediateServFailException")));
   }
-  catch (const PolicyHitException& e) {
+  catch (const PolicyHitException& policyHit) {
     SLOG(g_log << Logger::Error << "Failed to update . records, got a policy hit" << endl,
-         log->info(Logr::Error, msg, "exception", Logging::Loggable("PolicyHitException")));
+         log->info(Logr::Error, msg, "exception", Logging::Loggable("PolicyHitException"),
+                   "policyName", Logging::Loggable(resolver.d_appliedPolicy.getName())));
     ret.clear();
   }
   catch (const std::exception& e) {