Set the extended DNS error code for RPZ-modified queries

When enabled through a configuration option, set the configured EDE code
for the modified queries.

diff --git a/lib/ns/query.c b/lib/ns/query.c
index c16cac61a223c4da483e44943105300b74088d38..d1c969ca161a75b768e588259f3e09790860c6ff 100644 (file)
--- a/lib/ns/query.c
+++ b/lib/ns/query.c
@@ -16,6 +16,7 @@
 #include <ctype.h>
 #include <inttypes.h>
 #include <stdbool.h>
+#include <stdint.h>
 #include <string.h>
 
 #include <isc/hex.h>
@@ -7267,6 +7268,12 @@ query_checkrpz(query_ctx_t *qctx, isc_result_t result) {
                        UNREACHABLE();
                }
 
+               if (qctx->rpz_st->m.rpz->ede != 0 &&
+                   qctx->rpz_st->m.rpz->ede != UINT16_MAX) {
+                       ns_client_extendederror(qctx->client,
+                                               qctx->rpz_st->m.rpz->ede, NULL);
+               }
+
                /*
                 * Turn off DNSSEC because the results of a
                 * response policy zone cannot verify.