rpz: more nsip

diff --git a/services/rpz.c b/services/rpz.c
index ff994a48227d89fb92bcd65662fa56ad9b6c0bb7..9b1d23884d7ac7e8acb4704024b18531fa29d7b4 100644 (file)
--- a/services/rpz.c
+++ b/services/rpz.c
@@ -1458,7 +1458,7 @@ rpz_iterator_module_callback(struct module_qstate* ms, struct iter_qstate* is)
                rpz_action_to_string(raddr->action));
 
        action = raddr->action;
-       if(action == RPZ_LOCAL_DATA_ACTION && raddr->data == NULL ) {
+       if(action == RPZ_LOCAL_DATA_ACTION && raddr->data == NULL) {
                verbose(VERB_ALGO, "rpz: bug: local-data action but no local data");
                ret = -1;
                goto done;
@@ -1467,6 +1467,7 @@ rpz_iterator_module_callback(struct module_qstate* ms, struct iter_qstate* is)
        switch(action) {
        case RPZ_NXDOMAIN_ACTION:
                FLAGS_SET_RCODE(is->response->rep->flags, LDNS_RCODE_NXDOMAIN);
+               is->response->rep->flags |= BIT_QR | BIT_AA | BIT_RA;
                is->response->rep->an_numrrsets = 0;
                is->response->rep->ns_numrrsets = 0;
                is->response->rep->ar_numrrsets = 0;
@@ -1476,6 +1477,7 @@ rpz_iterator_module_callback(struct module_qstate* ms, struct iter_qstate* is)
                break;
        case RPZ_NODATA_ACTION:
                FLAGS_SET_RCODE(is->response->rep->flags, LDNS_RCODE_NOERROR);
+               is->response->rep->flags |= BIT_QR | BIT_AA | BIT_RA;
                is->response->rep->an_numrrsets = 0;
                is->response->rep->ns_numrrsets = 0;
                is->response->rep->ar_numrrsets = 0;

diff --git a/testdata/rpz_nsip.rpl b/testdata/rpz_nsip.rpl
index 29cd8e189a252a7036770789345ad9f3829fb4e4..1d4462df09ca82215f1456d92f332ea451517645 100644 (file)
--- a/testdata/rpz_nsip.rpl
+++ b/testdata/rpz_nsip.rpl
@@ -181,6 +181,36 @@ ENTRY_END
 
 RANGE_END
 
+; bb. ------------------------------------------------------------------------
+RANGE_BEGIN 0 100
+       ADDRESS 8.8.1.8
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+bb. IN NS
+SECTION ANSWER
+bb. IN NS ns1.aa.
+SECTION ADDITIONAL
+ns1.bb. IN A 8.8.1.8
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+gotham.bb. IN A
+SECTION AUTHORITY
+gotham.bb.     IN NS   ns1.gotham.bb.
+SECTION ADDITIONAL
+ns1.gotham.bb. IN A 192.0.1.1
+ENTRY_END
+
+RANGE_END
+
 ; ns1.gotham.com. ------------------------------------------------------------
 RANGE_BEGIN 0 100
        ADDRESS 192.0.6.1
@@ -213,6 +243,22 @@ ENTRY_END
 
 RANGE_END
 
+; ns1.gotham.bb. -------------------------------------------------------------
+RANGE_BEGIN 0 100
+       ADDRESS 192.0.1.1
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+gotham.bb. IN A
+SECTION ANSWER
+gotham.bb. IN A 192.0.1.2
+ENTRY_END
+
+RANGE_END
+
 STEP 1 QUERY
 ENTRY_BEGIN
 REPLY RD
@@ -240,10 +286,26 @@ ENTRY_END
 STEP 11 CHECK_ANSWER
 ENTRY_BEGIN
 MATCH all
-REPLY QR AA RD RA NXDOMAIN
+REPLY QR RD RA NXDOMAIN
 SECTION QUESTION
 gotham.aa. IN A
 SECTION ANSWER
 ENTRY_END
 
+STEP 20 QUERY
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+gotham.bb. IN A
+ENTRY_END
+
+STEP 21 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA NOERROR
+SECTION QUESTION
+gotham.bb. IN A
+SECTION ANSWER
+ENTRY_END
+
 SCENARIO_END