From: Evan Hunt <each@isc.org>
Date: Tue, 27 Jul 2021 21:08:07 +0000 (-0700)
Subject: ns_client_error() could assert if rcode was overridden to NOERROR
X-Git-Tag: v9.17.17~3^2~2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=893b2a794a1bd9850a84ff2c29f70355fd43ecf1;p=thirdparty%2Fbind9.git

ns_client_error() could assert if rcode was overridden to NOERROR

The client->rcode_override was originally created to force the server
to send SERVFAIL in some cases when it would normally have sent FORMERR.

More recently, it was used in a3ba95116ed04594ea59a8124bf781b30367a7a2
commit (part of GL #2790) to force the sending of a TC=1 NOERROR
response, triggering a retry via TCP, when a UDP packet could not be
sent due to ISC_R_MAXSIZE.

This ran afoul of a pre-existing INSIST in ns_client_error() when
RRL was in use. the INSIST was based on the assumption that
ns_client_error() could never result in a non-error rcode. as
that assumption is no longer valid, the INSIST has been removed.
---

diff --git a/lib/ns/client.c b/lib/ns/client.c
index 097733474fb..38faf9282a9 100644
--- a/lib/ns/client.c
+++ b/lib/ns/client.c
@@ -770,8 +770,6 @@ ns_client_error(ns_client_t *client, isc_result_t result) {
 		dns_rrl_result_t rrl_result;
 		int loglevel;
 
-		INSIST(rcode != dns_rcode_noerror &&
-		       rcode != dns_rcode_nxdomain);
 		if ((client->sctx->options & NS_SERVER_LOGQUERIES) != 0) {
 			loglevel = DNS_RRL_LOG_DROP;
 		} else {