From: W.C.A. Wijngaards Date: Thu, 1 Apr 2021 11:11:51 +0000 (+0200) Subject: - rpz-triggers, fix what domain name to match for nsdname. X-Git-Tag: release-1.14.0rc1~62^2~27 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=a2ea701f31be11fd0e07cbb64cb994f359bd3411;p=thirdparty%2Funbound.git - rpz-triggers, fix what domain name to match for nsdname. --- diff --git a/services/rpz.c b/services/rpz.c index 6a37cb9b3..9af652984 100644 --- a/services/rpz.c +++ b/services/rpz.c @@ -1928,23 +1928,18 @@ rpz_delegation_point_zone_lookup(struct delegpt* dp, struct local_zones* zones, struct local_zone* z = NULL; rpz_log_dname("delegation point", dp->name, dp->namelen); - // XXX: do we want this? - z = rpz_find_zone(zones, dp->name, dp->namelen, qclass, 0, 0, 0); - if(z != NULL) { - match->dname = dp->name; - match->dname_len = dp->namelen; - } else if(z == NULL) { - for(nameserver = dp->nslist; - nameserver != NULL; - nameserver = nameserver->next) { - rpz_log_dname("delegation point", nameserver->name, nameserver->namelen); - z = rpz_find_zone(zones, nameserver->name, nameserver->namelen, - qclass, 0, 0, 0); - if(z != NULL) { - match->dname = nameserver->name; - match->dname_len = nameserver->namelen; - break; - } + /* the rpz specs match the nameserver names (NS records), not the + * name of the delegation point itself, to the nsdname triggers */ + for(nameserver = dp->nslist; + nameserver != NULL; + nameserver = nameserver->next) { + rpz_log_dname("delegation point ns", nameserver->name, nameserver->namelen); + z = rpz_find_zone(zones, nameserver->name, nameserver->namelen, + qclass, 0, 0, 0); + if(z != NULL) { + match->dname = nameserver->name; + match->dname_len = nameserver->namelen; + break; } } diff --git a/testdata/rpz_nsdname.rpl b/testdata/rpz_nsdname.rpl index 64fb98880..7b55ebeb7 100644 --- a/testdata/rpz_nsdname.rpl +++ b/testdata/rpz_nsdname.rpl @@ -16,13 +16,13 @@ rpz 3600 IN SOA ns1.rpz.example.com. hostmaster.rpz.example.com. ( 3600 IN NS ns1.rpz.example.com. 3600 IN NS ns2.rpz.example.com. $ORIGIN rpz.example.com. -gotham.aa.rpz-nsdname CNAME . -gotham.bb.rpz-nsdname CNAME *. -gotham.cc.rpz-nsdname CNAME rpz-drop. -gotham.com.rpz-nsdname CNAME rpz-passthru. -gotham.dd.rpz-nsdname CNAME rpz-tcp-only. -gotham.ff.rpz-nsdname A 127.0.0.1 -gotham.ff.rpz-nsdname TXT "42" +ns1.gotham.aa.rpz-nsdname CNAME . +ns1.gotham.bb.rpz-nsdname CNAME *. +ns1.gotham.cc.rpz-nsdname CNAME rpz-drop. +ns1.gotham.com.rpz-nsdname CNAME rpz-passthru. +ns1.gotham.dd.rpz-nsdname CNAME rpz-tcp-only. +ns1.gotham.ff.rpz-nsdname A 127.0.0.1 +ns1.gotham.ff.rpz-nsdname TXT "42" TEMPFILE_END stub-zone: