From b3f60db18405f4395a5402e63a930f9a897a042b Mon Sep 17 00:00:00 2001
From: tcarpay <tom@nlnetlabs.nl>
Date: Thu, 19 Aug 2021 14:01:14 +0200
Subject: [PATCH] add local anwser blocked

---
 daemon/worker.c | 8 --------
 services/rpz.c  | 5 +++++
 2 files changed, 5 insertions(+), 8 deletions(-)

diff --git a/daemon/worker.c b/daemon/worker.c
index 53f1e1373..8f7af4986 100644
--- a/daemon/worker.c
+++ b/daemon/worker.c
@@ -1408,16 +1408,8 @@ worker_handle_request(struct comm_point* c, void* arg, int error,
 	 * ACLs allow the snooping. */
 	if(!(LDNS_RD_WIRE(sldns_buffer_begin(c->buffer))) &&
 		acl != acl_allow_snoop ) {
-
-
-
-		// @TODO ADD Error Code 20 - Not Authoritative
-		// @TODO add EDNS record
-		
 		EDNS_OPT_APPEND_EDE(&edns, worker->scratchpad,
 			LDNS_EDE_NOT_AUTHORITATIVE, "Not Authoritative");
-
-
 		error_encode(c->buffer, LDNS_RCODE_REFUSED, &qinfo,
 			*(uint16_t*)(void *)sldns_buffer_begin(c->buffer),
 			sldns_buffer_read_u16_at(c->buffer, 2), &edns);
diff --git a/services/rpz.c b/services/rpz.c
index 1268a9a06..cd9e26af2 100644
--- a/services/rpz.c
+++ b/services/rpz.c
@@ -1042,6 +1042,11 @@ rpz_apply_qname_trigger(struct auth_zones* az, struct module_env* env,
 	if(lzt == local_zone_redirect && local_data_answer(z, env, qinfo,
 		edns, repinfo, buf, temp, dname_count_labels(qinfo->qname),
 		&ld, lzt, -1, NULL, 0, NULL, 0)) {
+		if (!local_data_answer(z, env, qinfo,
+			edns, repinfo, buf, temp, dname_count_labels(qinfo->qname),
+			&ld, lzt, -1, NULL, 0, NULL, 0)) /* blocked? */
+			EDNS_OPT_APPEND_EDE(edns, temp,
+				LDNS_EDE_BLOCKED, "");
 		if(r->log)
 			log_rpz_apply(z->name,
 				localzone_type_to_rpz_action(lzt), qinfo,
-- 
2.47.2