From: Wouter Wijngaards <wouter@nlnetlabs.nl>
Date: Mon, 18 Mar 2019 09:26:06 +0000 (+0000)
Subject: - Fix #4239: set NOTIMPL when deny-any is enabled, for RFC8482.
X-Git-Tag: final-svn-state~38
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ce0628ee552d9b5a38030265d428e666b601aa06;p=thirdparty%2Funbound.git

- Fix #4239: set NOTIMPL when deny-any is enabled, for RFC8482.


git-svn-id: file:///svn/unbound/trunk@5137 be551aaa-1e26-0410-a405-d3ace91eadb9
---

diff --git a/doc/Changelog b/doc/Changelog
index f6456534e..631073da2 100644
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -1,6 +1,7 @@
 18 March 2019: Wouter
 	- Add log message, at verbosity 4, that says the query is encrypted
 	  with TLS, if that is enabled for the query.
+	- Fix #4239: set NOTIMPL when deny-any is enabled, for RFC8482.
 
 7 March 2019: Wouter
 	- Fix for #4233: guard use of NDEBUG, so that it can be passed in
diff --git a/services/cache/dns.c b/services/cache/dns.c
index 47611ac5a..088efbcf8 100644
--- a/services/cache/dns.c
+++ b/services/cache/dns.c
@@ -728,6 +728,8 @@ fill_any(struct module_env* env,
 		if(!msg) {
 			return NULL;
 		}
+		/* set NOTIMPL for RFC 8482 */
+		msg->rep->flags |= LDNS_RCODE_NOTIMPL;
 		msg->rep->security = sec_status_indeterminate;
 		return msg;
 	}