Partial backport of #10111: Handle policy (if needed) after postresolve

I did not take the Lua changes, as there is a (slight) chance they are disruptive.

diff --git a/pdns/pdns_recursor.cc b/pdns/pdns_recursor.cc
index 99a19520683a622fad8c6ff97b3a28ab65147d95..9bd6bf860b33a4fbf19b93a033e5a010a69605ba 100644 (file)
--- a/pdns/pdns_recursor.cc
+++ b/pdns/pdns_recursor.cc
@@ -1619,6 +1619,11 @@ static void startDoResolve(void *p)
 
        if (t_pdl && t_pdl->postresolve(dq, res)) {
           shouldNotValidate = true;
+          auto policyResult = handlePolicyHit(appliedPolicy, dc, sr, res, ret, pw);
+          // haveAnswer case redundant
+          if (policyResult == PolicyResult::Drop) {
+            return;
+          }
         }
       }
     }