From: W.C.A. Wijngaards Date: Tue, 4 Jan 2022 12:49:31 +0000 (+0100) Subject: - Fix that RPZ does not set RD flag on replies, it should be copied X-Git-Tag: release-1.15.0rc1~42 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ceef84e022cb5ee42fa32699c8c55d5b0322b429;p=thirdparty%2Funbound.git - Fix that RPZ does not set RD flag on replies, it should be copied from the query. --- diff --git a/doc/Changelog b/doc/Changelog index c843a3f06..34366e7ae 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -5,6 +5,8 @@ is blocked with NXDOMAIN by unsetting RA. - Fix to add test for rpz-signal-nxdomain-ra. - Fix #596: only unset RA when NXDOMAIN is signalled. + - Fix that RPZ does not set RD flag on replies, it should be copied + from the query. 22 December 2021: George - contrib/aaaa-filter-iterator.patch file renewed diff content to diff --git a/services/rpz.c b/services/rpz.c index 383440a23..a8e8b5503 100644 --- a/services/rpz.c +++ b/services/rpz.c @@ -1698,7 +1698,7 @@ rpz_synthesize_nodata(struct rpz* ATTR_UNUSED(r), struct module_qstate* ms, if(msg == NULL) { return msg; } msg->qinfo = *qinfo; msg->rep = construct_reply_info_base(ms->region, - LDNS_RCODE_NOERROR | BIT_RD | BIT_QR | BIT_AA | BIT_RA, + LDNS_RCODE_NOERROR | BIT_QR | BIT_AA | BIT_RA, 1, /* qd */ 0, /* ttl */ 0, /* prettl */ @@ -1723,7 +1723,7 @@ rpz_synthesize_nxdomain(struct rpz* r, struct module_qstate* ms, uint16_t flags; if(msg == NULL) { return msg; } msg->qinfo = *qinfo; - flags = LDNS_RCODE_NXDOMAIN | BIT_RD | BIT_QR | BIT_AA | BIT_RA; + flags = LDNS_RCODE_NXDOMAIN | BIT_QR | BIT_AA | BIT_RA; if(r->signal_nxdomain_ra) flags &= ~BIT_RA; msg->rep = construct_reply_info_base(ms->region, @@ -1757,7 +1757,7 @@ rpz_synthesize_localdata_from_rrset(struct rpz* ATTR_UNUSED(r), struct module_qs if(msg == NULL) { return NULL; } new_reply_info = construct_reply_info_base(ms->region, - LDNS_RCODE_NOERROR | BIT_RD | BIT_QR | BIT_AA | BIT_RA, + LDNS_RCODE_NOERROR | BIT_QR | BIT_AA | BIT_RA, 1, /* qd */ 0, /* ttl */ 0, /* prettl */