From: Remi Gacogne Date: Mon, 22 Jun 2020 13:09:13 +0000 (+0200) Subject: rec: Better exception handling in handlePolicyHit() X-Git-Tag: dnsdist-1.5.0-rc4~12^2 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=refs%2Fpull%2F9268%2Fhead;p=thirdparty%2Fpdns.git rec: Better exception handling in handlePolicyHit() An ImmediateServFailException being raised during the call to SyncRes::beginResolve() from handleRPZCustom() could lead to the resolution process to stop without any response being sent: Any other exception in a resolver context (www.example.net/A from 127.0.0.1:4242) This commit turns into a ServFail answer instead. --- diff --git a/pdns/pdns_recursor.cc b/pdns/pdns_recursor.cc index a13434dcfc..a644bc57ef 100644 --- a/pdns/pdns_recursor.cc +++ b/pdns/pdns_recursor.cc @@ -1237,7 +1237,23 @@ static PolicyResult handlePolicyHit(const DNSFilterEngine::Policy& appliedPolicy auto spoofed = appliedPolicy.getCustomRecords(dc->d_mdp.d_qname, dc->d_mdp.d_qtype); for (auto& dr : spoofed) { ret.push_back(dr); - handleRPZCustom(dr, QType(dc->d_mdp.d_qtype), sr, res, ret); + try { + handleRPZCustom(dr, QType(dc->d_mdp.d_qtype), sr, res, ret); + } + catch (const ImmediateServFailException& e) { + if (g_logCommonErrors) { + g_log << Logger::Notice << "Sending SERVFAIL to " << dc->getRemote() << " during resolve of the custom filter policy '" << appliedPolicy.getName() << "' while resolving '"<d_mdp.d_qname<<"' because: "<getRemote() << " during resolve of the custom filter policy '" << appliedPolicy.getName() << "' while resolving '"<d_mdp.d_qname<<"' because another RPZ policy was hit"<