From 9f40e93fe6f1473cd2bec93416b397599ce03fc2 Mon Sep 17 00:00:00 2001 From: "W.C.A. Wijngaards" Date: Fri, 14 May 2021 13:28:10 +0200 Subject: [PATCH] - rpz-triggers, use sec_status_insecure like respip, AA flag on RPZ responses. --- services/rpz.c | 11 ++++++++--- testdata/rpz_nsdname.rpl | 4 ++-- testdata/rpz_nsip.rpl | 6 +++--- testdata/rpz_qname.rpl | 2 +- 4 files changed, 14 insertions(+), 9 deletions(-) diff --git a/services/rpz.c b/services/rpz.c index 966f7833a..c06e096ae 100644 --- a/services/rpz.c +++ b/services/rpz.c @@ -1599,7 +1599,9 @@ rpz_synthesize_nodata(struct rpz* ATTR_UNUSED(r), struct module_qstate* ms, 0, //ns 0, //ar 0, //total - sec_status_secure); + sec_status_insecure); + if(msg->rep) + msg->rep->authoritative = 1; return msg; } @@ -1620,7 +1622,9 @@ rpz_synthesize_nxdomain(struct rpz* ATTR_UNUSED(r), struct module_qstate* ms, 0, //ns 0, //ar 0, //total - sec_status_secure); + sec_status_insecure); + if(msg->rep) + msg->rep->authoritative = 1; return msg; } @@ -1647,11 +1651,12 @@ rpz_synthesize_localdata_from_rrset(struct rpz* ATTR_UNUSED(r), struct module_qs 0, //ns 0, //ar 1, //total - sec_status_secure); + sec_status_insecure); if(new_reply_info == NULL) { log_err("out of memory"); return NULL; } + new_reply_info->authoritative = 1; rp = respip_copy_rrset(rrset->rrset, ms->region); if(rp == NULL) { log_err("out of memory"); diff --git a/testdata/rpz_nsdname.rpl b/testdata/rpz_nsdname.rpl index 7b55ebeb7..79b5bec40 100644 --- a/testdata/rpz_nsdname.rpl +++ b/testdata/rpz_nsdname.rpl @@ -362,7 +362,7 @@ ENTRY_END STEP 21 CHECK_ANSWER ENTRY_BEGIN MATCH all -REPLY QR RD RA NOERROR +REPLY QR RD RA AA NOERROR SECTION QUESTION gotham.bb. IN A SECTION ANSWER @@ -378,7 +378,7 @@ ENTRY_END STEP 31 CHECK_ANSWER ENTRY_BEGIN MATCH all -REPLY QR RD RA NOERROR +REPLY QR RD RA AA NOERROR SECTION QUESTION gotham.ff. IN A SECTION ANSWER diff --git a/testdata/rpz_nsip.rpl b/testdata/rpz_nsip.rpl index a3cda6050..58b377e8f 100644 --- a/testdata/rpz_nsip.rpl +++ b/testdata/rpz_nsip.rpl @@ -362,7 +362,7 @@ ENTRY_END STEP 21 CHECK_ANSWER ENTRY_BEGIN MATCH all -REPLY QR RD RA NOERROR +REPLY QR RD RA AA NOERROR SECTION QUESTION gotham.bb. IN A SECTION ANSWER @@ -378,7 +378,7 @@ ENTRY_END STEP 31 CHECK_ANSWER ENTRY_BEGIN MATCH all -REPLY QR RD RA NOERROR +REPLY QR RD RA AA NOERROR SECTION QUESTION gotham.ff. IN A SECTION ANSWER @@ -396,7 +396,7 @@ ENTRY_END STEP 41 CHECK_ANSWER ENTRY_BEGIN MATCH all -REPLY QR RD RA NOERROR +REPLY QR RD RA AA NOERROR SECTION QUESTION gotham.ff. IN A SECTION ANSWER diff --git a/testdata/rpz_qname.rpl b/testdata/rpz_qname.rpl index 2bc038c37..ede697233 100644 --- a/testdata/rpz_qname.rpl +++ b/testdata/rpz_qname.rpl @@ -388,7 +388,7 @@ ENTRY_END STEP 101 CHECK_ANSWER ENTRY_BEGIN MATCH all -REPLY QR RD RA NOERROR +REPLY QR RD RA AA NOERROR SECTION QUESTION f.example. IN TXT SECTION ANSWER -- 2.47.3