- Fix #4239: set NOTIMPL when deny-any is enabled, for RFC8482.

git-svn-id: file:///svn/unbound/trunk@5137 be551aaa-1e26-0410-a405-d3ace91eadb9

diff --git a/doc/Changelog b/doc/Changelog
index f6456534ee183904226389384e7455e2fc705243..631073da2f07a02fd9a3b9defd8a4d20849bf5fe 100644 (file)
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -1,6 +1,7 @@
 18 March 2019: Wouter
        - Add log message, at verbosity 4, that says the query is encrypted
          with TLS, if that is enabled for the query.
+       - Fix #4239: set NOTIMPL when deny-any is enabled, for RFC8482.
 
 7 March 2019: Wouter
        - Fix for #4233: guard use of NDEBUG, so that it can be passed in

diff --git a/services/cache/dns.c b/services/cache/dns.c
index 47611ac5aef5dce2c9ad567f38eaa53080a82c59..088efbcf864184170f24c35bd77584897342d248 100644 (file)
--- a/services/cache/dns.c
+++ b/services/cache/dns.c
@@ -728,6 +728,8 @@ fill_any(struct module_env* env,
                if(!msg) {
                        return NULL;
                }
+               /* set NOTIMPL for RFC 8482 */
+               msg->rep->flags |= LDNS_RCODE_NOTIMPL;
                msg->rep->security = sec_status_indeterminate;
                return msg;
        }