From: Otto Moerbeek Date: Tue, 9 Jun 2020 08:22:58 +0000 (+0200) Subject: Do not process passthru in a special way. RPZ hit always takes X-Git-Tag: dnsdist-1.5.0-rc3~10^2 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=refs%2Fpull%2F9203%2Fhead;p=thirdparty%2Fpdns.git Do not process passthru in a special way. RPZ hit always takes precedence unless overridesGettag is set to false. --- diff --git a/pdns/pdns_recursor.cc b/pdns/pdns_recursor.cc index 7fa933f265..8e51e26350 100644 --- a/pdns/pdns_recursor.cc +++ b/pdns/pdns_recursor.cc @@ -1443,9 +1443,9 @@ static void startDoResolve(void *p) } // If we are doing RPZ and a policy was matched, it normally takes precedence over an answer from gettag. - // So process the gettag_ffi answer only if no RPZ action was done or matched or the policy indicates gettag should + // So process the gettag_ffi answer only if no RPZ action was matched or the policy indicates gettag should // have precedence. - if (!wantsRPZ || !appliedPolicy.policyOverridesGettag() || appliedPolicy.d_type == DNSFilterEngine::PolicyType::None || appliedPolicy.d_kind == DNSFilterEngine::PolicyKind::NoAction) { + if (!wantsRPZ || !appliedPolicy.policyOverridesGettag() || appliedPolicy.d_type == DNSFilterEngine::PolicyType::None) { if (dc->d_rcode != boost::none) { /* we have a response ready to go, most likely from gettag_ffi */ ret = std::move(dc->d_records); diff --git a/pdns/recursordist/docs/lua-config/rpz.rst b/pdns/recursordist/docs/lua-config/rpz.rst index 6396591b65..48836bb144 100644 --- a/pdns/recursordist/docs/lua-config/rpz.rst +++ b/pdns/recursordist/docs/lua-config/rpz.rst @@ -117,7 +117,7 @@ overridesGettag .. versionadded:: 4.4.0 `gettag_ffi` can set an answer to a query. -By default an RPZ hit overrides this answer, unless the policy is `rpz-passthru` or this option is set to `false`. +By default an RPZ hit overrides this answer, unless this option is set to `false`. The default is `true`. zoneSizeHint