add local anwser blocked

diff --git a/daemon/worker.c b/daemon/worker.c
index 53f1e13734df15a74feee08a07de1b8f4a81231a..8f7af4986532447b89288ae9102dc67f69dbe873 100644 (file)
--- a/daemon/worker.c
+++ b/daemon/worker.c
@@ -1408,16 +1408,8 @@ worker_handle_request(struct comm_point* c, void* arg, int error,
         * ACLs allow the snooping. */
        if(!(LDNS_RD_WIRE(sldns_buffer_begin(c->buffer))) &&
                acl != acl_allow_snoop ) {
-
-
-
-               // @TODO ADD Error Code 20 - Not Authoritative
-               // @TODO add EDNS record
-               
                EDNS_OPT_APPEND_EDE(&edns, worker->scratchpad,
                        LDNS_EDE_NOT_AUTHORITATIVE, "Not Authoritative");
-
-
                error_encode(c->buffer, LDNS_RCODE_REFUSED, &qinfo,
                        *(uint16_t*)(void *)sldns_buffer_begin(c->buffer),
                        sldns_buffer_read_u16_at(c->buffer, 2), &edns);

diff --git a/services/rpz.c b/services/rpz.c
index 1268a9a060c12243d7c50ca510d9b70d11ffb156..cd9e26af27474f71e749282a8e2b5c0001b78047 100644 (file)
--- a/services/rpz.c
+++ b/services/rpz.c
@@ -1042,6 +1042,11 @@ rpz_apply_qname_trigger(struct auth_zones* az, struct module_env* env,
        if(lzt == local_zone_redirect && local_data_answer(z, env, qinfo,
                edns, repinfo, buf, temp, dname_count_labels(qinfo->qname),
                &ld, lzt, -1, NULL, 0, NULL, 0)) {
+               if (!local_data_answer(z, env, qinfo,
+                       edns, repinfo, buf, temp, dname_count_labels(qinfo->qname),
+                       &ld, lzt, -1, NULL, 0, NULL, 0)) /* blocked? */
+                       EDNS_OPT_APPEND_EDE(edns, temp,
+                               LDNS_EDE_BLOCKED, "");
                if(r->log)
                        log_rpz_apply(z->name,
                                localzone_type_to_rpz_action(lzt), qinfo,