ns_client_error() could assert if rcode was overridden to NOERROR

The client->rcode_override was originally created to force the server
to send SERVFAIL in some cases when it would normally have sent FORMERR.

More recently, it was used in a3ba95116ed04594ea59a8124bf781b30367a7a2
commit (part of GL #2790) to force the sending of a TC=1 NOERROR
response, triggering a retry via TCP, when a UDP packet could not be
sent due to ISC_R_MAXSIZE.

This ran afoul of a pre-existing INSIST in ns_client_error() when
RRL was in use. the INSIST was based on the assumption that
ns_client_error() could never result in a non-error rcode. as
that assumption is no longer valid, the INSIST has been removed.

diff --git a/lib/ns/client.c b/lib/ns/client.c
index 097733474fb408b638b8c3f048dbb94b7b559cfb..38faf9282a9f54531bc75befd1c75384d10e9c5e 100644 (file)
--- a/lib/ns/client.c
+++ b/lib/ns/client.c
@@ -770,8 +770,6 @@ ns_client_error(ns_client_t *client, isc_result_t result) {
                dns_rrl_result_t rrl_result;
                int loglevel;
 
-               INSIST(rcode != dns_rcode_noerror &&
-                      rcode != dns_rcode_nxdomain);
                if ((client->sctx->options & NS_SERVER_LOGQUERIES) != 0) {
                        loglevel = DNS_RRL_LOG_DROP;
                } else {