From c0b9b6f2e854608b867921e4a70aa5afa2252575 Mon Sep 17 00:00:00 2001 From: Otto Moerbeek Date: Tue, 9 Jun 2020 10:22:58 +0200 Subject: [PATCH] Do not process passthru in a special way. RPZ hit always takes precedence unless overridesGettag is set to false. --- pdns/pdns_recursor.cc | 4 ++-- pdns/recursordist/docs/lua-config/rpz.rst | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/pdns/pdns_recursor.cc b/pdns/pdns_recursor.cc index 7fa933f265..8e51e26350 100644 --- a/pdns/pdns_recursor.cc +++ b/pdns/pdns_recursor.cc @@ -1443,9 +1443,9 @@ static void startDoResolve(void *p) } // If we are doing RPZ and a policy was matched, it normally takes precedence over an answer from gettag. - // So process the gettag_ffi answer only if no RPZ action was done or matched or the policy indicates gettag should + // So process the gettag_ffi answer only if no RPZ action was matched or the policy indicates gettag should // have precedence. - if (!wantsRPZ || !appliedPolicy.policyOverridesGettag() || appliedPolicy.d_type == DNSFilterEngine::PolicyType::None || appliedPolicy.d_kind == DNSFilterEngine::PolicyKind::NoAction) { + if (!wantsRPZ || !appliedPolicy.policyOverridesGettag() || appliedPolicy.d_type == DNSFilterEngine::PolicyType::None) { if (dc->d_rcode != boost::none) { /* we have a response ready to go, most likely from gettag_ffi */ ret = std::move(dc->d_records); diff --git a/pdns/recursordist/docs/lua-config/rpz.rst b/pdns/recursordist/docs/lua-config/rpz.rst index 6396591b65..48836bb144 100644 --- a/pdns/recursordist/docs/lua-config/rpz.rst +++ b/pdns/recursordist/docs/lua-config/rpz.rst @@ -117,7 +117,7 @@ overridesGettag .. versionadded:: 4.4.0 `gettag_ffi` can set an answer to a query. -By default an RPZ hit overrides this answer, unless the policy is `rpz-passthru` or this option is set to `false`. +By default an RPZ hit overrides this answer, unless this option is set to `false`. The default is `true`. zoneSizeHint -- 2.47.2