From 9db6ece12afdc5703220539a8d3bde4499a2dbff Mon Sep 17 00:00:00 2001 From: Remi Gacogne Date: Wed, 31 Aug 2016 17:55:51 +0200 Subject: [PATCH] rec: Fix RPZ default policy not being applied over IXFR Reported by @42wim (thanks!). --- pdns/rec-lua-conf.cc | 2 +- pdns/reczones.cc | 8 ++++---- pdns/rpzloader.hh | 2 +- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/pdns/rec-lua-conf.cc b/pdns/rec-lua-conf.cc index f8001bf9fa..14bd8a6deb 100644 --- a/pdns/rec-lua-conf.cc +++ b/pdns/rec-lua-conf.cc @@ -188,7 +188,7 @@ void loadRecursorLuaConfig(const std::string& fname) auto sr=loadRPZFromServer(master, zone, lci.dfe, defpol, zoneIdx, tt, maxReceivedXFRMBytes * 1024 * 1024, localAddress); if(refresh) sr->d_st.refresh=refresh; - std::thread t(RPZIXFRTracker, master, zone, zoneIdx, tt, sr, maxReceivedXFRMBytes * 1024 * 1024, localAddress); + std::thread t(RPZIXFRTracker, master, zone, defpol, zoneIdx, tt, sr, maxReceivedXFRMBytes * 1024 * 1024, localAddress); t.detach(); } catch(std::exception& e) { diff --git a/pdns/reczones.cc b/pdns/reczones.cc index 63ccb27e3b..12237aa334 100644 --- a/pdns/reczones.cc +++ b/pdns/reczones.cc @@ -311,7 +311,7 @@ string reloadAuthAndForwards() } -void RPZIXFRTracker(const ComboAddress& master, const DNSName& zone, size_t polZone, const TSIGTriplet& tt, shared_ptr oursr, size_t maxReceivedBytes, const ComboAddress& localAddress) +void RPZIXFRTracker(const ComboAddress& master, const DNSName& zone, boost::optional defpol, size_t polZone, const TSIGTriplet& tt, shared_ptr oursr, size_t maxReceivedBytes, const ComboAddress& localAddress) { int refresh = oursr->d_st.refresh; for(;;) { @@ -344,7 +344,7 @@ void RPZIXFRTracker(const ComboAddress& master, const DNSName& zone, size_t polZ const auto& add = delta.second; if(remove.empty()) { L<(), polZone); + RPZRecordToPolicy(rr, luaconfsCopy.dfe, false, defpol, polZone); } } @@ -373,7 +373,7 @@ void RPZIXFRTracker(const ComboAddress& master, const DNSName& zone, size_t polZ } else { L<(), polZone); + RPZRecordToPolicy(rr, luaconfsCopy.dfe, true, defpol, polZone); } } } diff --git a/pdns/rpzloader.hh b/pdns/rpzloader.hh index f0afb5585a..eebbeb2d57 100644 --- a/pdns/rpzloader.hh +++ b/pdns/rpzloader.hh @@ -27,4 +27,4 @@ int loadRPZFromFile(const std::string& fname, DNSFilterEngine& target, boost::optional defpol, size_t place); std::shared_ptr loadRPZFromServer(const ComboAddress& master, const DNSName& zone, DNSFilterEngine& target, boost::optional defpol, size_t place, const TSIGTriplet& tt, size_t maxReceivedBytes, const ComboAddress& localAddress); void RPZRecordToPolicy(const DNSRecord& dr, DNSFilterEngine& target, bool addOrRemove, boost::optional defpol, size_t place); -void RPZIXFRTracker(const ComboAddress& master, const DNSName& zone, size_t polZone, const TSIGTriplet &tt, shared_ptr oursr, size_t maxReceivedBytes, const ComboAddress& localAddress); +void RPZIXFRTracker(const ComboAddress& master, const DNSName& zone, boost::optional defpol, size_t polZone, const TSIGTriplet &tt, shared_ptr oursr, size_t maxReceivedBytes, const ComboAddress& localAddress); -- 2.47.2