rpz: fix forged messages

diff --git a/iterator/iterator.c b/iterator/iterator.c
index 6655ec8757bea7655911d2128574f67277b850db..85c0b29de7e477b14933314840b212046b86a7f6 100644 (file)
--- a/iterator/iterator.c
+++ b/iterator/iterator.c
@@ -2474,9 +2474,10 @@ processQueryTargets(struct module_qstate* qstate, struct iter_qstate* iq,
        { /* apply rpz triggers at query time */
                struct dns_msg* forged_response = rpz_iterator_module_callback(qstate, iq);
                if(forged_response != NULL) {
-                       iq->response = forged_response;
-                       next_state(iq, FINISHED_STATE);
                        qstate->ext_state[id] = module_finished;
+                       qstate->return_rcode = forged_response->rep->flags;
+                       qstate->return_msg = forged_response;
+                       next_state(iq, FINISHED_STATE);
                        return 0;
                }
        }

diff --git a/services/rpz.c b/services/rpz.c
index fb219ab093d8348adf7e7b4affe481abe3e8a084..f39c5297c57b8e428e19a9d36f6c164a845d9b29 100644 (file)
--- a/services/rpz.c
+++ b/services/rpz.c
@@ -1440,7 +1440,7 @@ rpz_patch_nodata(struct rpz* r, struct module_qstate* ms)
        if(msg == NULL) { return msg; }
        msg->qinfo = ms->qinfo;
        msg->rep = construct_reply_info_base(ms->region,
-                                            LDNS_RCODE_NOERROR|BIT_QR|BIT_AA|BIT_RA,
+                                            BIT_RD|BIT_QR|BIT_AA|BIT_RA,
                                             1, //qd
                                             0, //ttl
                                             0, //prettl
@@ -1450,6 +1450,7 @@ rpz_patch_nodata(struct rpz* r, struct module_qstate* ms)
                                             0, //ar
                                             0, //total
                                             sec_status_secure);
+       FLAGS_SET_RCODE(msg->rep->flags, LDNS_RCODE_NOERROR);
        return msg;
 }
 
@@ -1460,7 +1461,7 @@ rpz_patch_nxdomain(struct rpz* r, struct module_qstate* ms)
        if(msg == NULL) { return msg; }
        msg->qinfo = ms->qinfo;
        msg->rep = construct_reply_info_base(ms->region,
-                                            LDNS_RCODE_NXDOMAIN|BIT_QR|BIT_AA|BIT_RA,
+                                            BIT_RD|BIT_QR|BIT_AA|BIT_RA,
                                             1, //qd
                                             0, //ttl
                                             0, //prettl
@@ -1470,6 +1471,7 @@ rpz_patch_nxdomain(struct rpz* r, struct module_qstate* ms)
                                             0, //ar
                                             0, //total
                                             sec_status_secure);
+       FLAGS_SET_RCODE(msg->rep->flags, LDNS_RCODE_NXDOMAIN);
        return msg;
 }
 

diff --git a/testdata/rpz_nsip.rpl b/testdata/rpz_nsip.rpl
index ac9e80b80ea32e263da9c2fa6d1e4752cc5f7bc8..215ee3a28ef4bf651cf352c2254cca3f487d3110 100644 (file)
--- a/testdata/rpz_nsip.rpl
+++ b/testdata/rpz_nsip.rpl
@@ -346,7 +346,7 @@ ENTRY_END
 STEP 11 CHECK_ANSWER
 ENTRY_BEGIN
 MATCH all
-REPLY QR RD RA NXDOMAIN
+REPLY QR AA RD RA NXDOMAIN
 SECTION QUESTION
 gotham.aa. IN A
 SECTION ANSWER
@@ -362,7 +362,7 @@ ENTRY_END
 STEP 21 CHECK_ANSWER
 ENTRY_BEGIN
 MATCH all
-REPLY QR RD RA NOERROR
+REPLY QR AA RD RA NOERROR
 SECTION QUESTION
 gotham.bb. IN A
 SECTION ANSWER