rebinding: change/fix when triggered inside sub-query

This avoids getting into an inconsistent state of the request (assert),
and it also allows some real-life cases to succeed without using
a forbidden address in any way (even though they *are* weird).

I can still imagine weird setups where a request gets failed even
though it would be resolvable without *using* a forbidden address,
but none of these seem reasonable anyway (or common in practice).

diff --git a/modules/rebinding/rebinding.lua b/modules/rebinding/rebinding.lua
index 25f92c9a43cba94b55e1650c6385e98f5c38ac81..83020d606c11982c4aed8576169b4cf46f1b333b 100644 (file)
--- a/modules/rebinding/rebinding.lua
+++ b/modules/rebinding/rebinding.lua
@@ -104,7 +104,14 @@ function M.layer.consume(state, req, pkt)
 
        qry.flags.RESOLVED = 1  -- stop iteration
        qry.flags.CACHED = 1  -- do not cache
-       refuse(req)
+
+       --[[ In case we're in a sub-query, we do not touch the final req answer.
+               Only this sub-query will get finished without a result - there we
+               rely on the iterator reacting to flags.RESOLVED
+               Typical example: NS address resolution -> only this NS won't be used
+               but others may still be OK (or we SERVFAIL due to no NS being usable).
+       --]]
+       if qry.parent == nil then refuse(req) end
        if verbose() then
                ffi.C.kr_log_qverbose_impl(qry, 'rebinding',
                    'blocking blacklisted IP in RR \'%s\' received from IP %s\n',