Adjust RPZ trigger counts only when the entry being deleted exists (#43386)

diff --git a/CHANGES b/CHANGES
index cacf419769b77af6b062bc66a2aab938766b1a99..9d73a8b8354f003da792821ac6a34831b4579069 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+4600.  [bug]           Adjust RPZ trigger counts only when the entry
+                       being deleted exists. [RT #43386]
+
 4599.  [bug]           Fix inconsistencies in inline signing time
                        comparison that were introduced with the
                        introduction of rdatasetheader->resign_lsb.

diff --git a/lib/dns/rpz.c b/lib/dns/rpz.c
index 3b3e99d9f141fb3499822376f5fd8ea7be731f3c..08b1ddcfe15341e1bde16774016522010324cd23 100644 (file)
--- a/lib/dns/rpz.c
+++ b/lib/dns/rpz.c
@@ -2262,6 +2262,7 @@ del_name(dns_rpz_zones_t *rpzs, dns_rpz_num_t rpz_num,
        dns_rbtnode_t *nmnode;
        dns_rpz_nm_data_t *nm_data, del_data;
        isc_result_t result;
+       isc_boolean_t exists;
 
        /*
         * We need a summary database of names even with 1 policy zone,
@@ -2305,6 +2306,9 @@ del_name(dns_rpz_zones_t *rpzs, dns_rpz_num_t rpz_num,
        del_data.wild.qname &= nm_data->wild.qname;
        del_data.wild.ns &= nm_data->wild.ns;
 
+       exists = ISC_TF(del_data.set.qname != 0 || del_data.set.ns != 0 ||
+                       del_data.wild.qname != 0 || del_data.wild.ns != 0);
+
        nm_data->set.qname &= ~del_data.set.qname;
        nm_data->set.ns &= ~del_data.set.ns;
        nm_data->wild.qname &= ~del_data.wild.qname;
@@ -2326,7 +2330,8 @@ del_name(dns_rpz_zones_t *rpzs, dns_rpz_num_t rpz_num,
                }
        }
 
-       adj_trigger_cnt(rpzs, rpz_num, rpz_type, NULL, 0, ISC_FALSE);
+       if (exists)
+               adj_trigger_cnt(rpzs, rpz_num, rpz_type, NULL, 0, ISC_FALSE);
 }
 
 /*