From: W.C.A. Wijngaards Date: Mon, 1 May 2023 07:26:17 +0000 (+0200) Subject: - Fix RPZ IP responses with trigger rpz-drop on cache entries, that X-Git-Tag: release-1.18.0rc1~24^2~46 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=70c2b587fcb73b6584c698569c9ba1d198a5ee07;p=thirdparty%2Funbound.git - Fix RPZ IP responses with trigger rpz-drop on cache entries, that they are dropped. --- diff --git a/daemon/worker.c b/daemon/worker.c index 5c373b79b..e73ae1d94 100644 --- a/daemon/worker.c +++ b/daemon/worker.c @@ -566,9 +566,10 @@ apply_respip_action(struct worker* worker, const struct query_info* qinfo, /* xxx_deny actions mean dropping the reply, unless the original reply * was redirected to response-ip data. */ - if((actinfo.action == respip_deny || + if(actinfo.action == respip_always_deny || + ((actinfo.action == respip_deny || actinfo.action == respip_inform_deny) && - *encode_repp == rep) + *encode_repp == rep)) *encode_repp = NULL; /* If address info is returned, it means the action should be an diff --git a/doc/Changelog b/doc/Changelog index e6ec25b1b..bec4ab742 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,3 +1,7 @@ +1 May 2023: Wouter + - Fix RPZ IP responses with trigger rpz-drop on cache entries, that + they are dropped. + 26 April 2023: Philip - Fix issue #860: Bad interaction with 0 TTL records and serve-expired diff --git a/testdata/rpz_respip.rpl b/testdata/rpz_respip.rpl index 894a7cc5f..795bb25c8 100644 --- a/testdata/rpz_respip.rpl +++ b/testdata/rpz_respip.rpl @@ -458,14 +458,29 @@ e. IN AAAA ENTRY_END STEP 29 TIME_PASSES ELAPSE 12 +; should be dropped, with cache entry too. STEP 30 QUERY ENTRY_BEGIN REPLY RD SECTION QUESTION +e. IN A +ENTRY_END +STEP 31 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +e. IN AAAA +ENTRY_END +STEP 32 TIME_PASSES ELAPSE 12 + +STEP 33 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION y. IN A ENTRY_END -STEP 31 CHECK_ANSWER +STEP 34 CHECK_ANSWER ENTRY_BEGIN MATCH all REPLY QR TC RD RA NOERROR