From eed924d7be1f2f4cf9a2f022b0722212c0d797a9 Mon Sep 17 00:00:00 2001
From: Wouter Wijngaards <wouter@nlnetlabs.nl>
Date: Fri, 28 Jan 2011 16:11:49 +0000
Subject: [PATCH]        - Fix remove private address does not throw away
 entire response.

git-svn-id: file:///svn/unbound/trunk@2386 be551aaa-1e26-0410-a405-d3ace91eadb9
---
 doc/Changelog         | 6 ++++++
 iterator/iter_scrub.c | 6 +++---
 2 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/doc/Changelog b/doc/Changelog
index e2fc884a6..1a5847578 100644
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -1,3 +1,9 @@
+28 January 2011: Wouter
+	- Fix remove private address does not throw away entire response.
+
+24 January 2011: Wouter
+	- release 1.4.8
+
 19 January 2011: Wouter
 	- fix bug#349: no -L/usr for ldns.
 
diff --git a/iterator/iter_scrub.c b/iterator/iter_scrub.c
index 607d0a0d7..af4192267 100644
--- a/iterator/iter_scrub.c
+++ b/iterator/iter_scrub.c
@@ -643,9 +643,9 @@ scrub_sanitize(ldns_buffer* pkt, struct msg_parse* msg,
 		if( (rrset->type == LDNS_RR_TYPE_A || 
 			rrset->type == LDNS_RR_TYPE_AAAA) &&
 			priv_rrset_bad(ie->priv, pkt, rrset)) {
-			/* set servfail, so the classification becomes
-			 * THROWAWAY, instead of LAME or other unwanted */
-			FLAGS_SET_RCODE(msg->flags, LDNS_RCODE_SERVFAIL);
+
+			/* do not set servfail since this leads to too
+			 * many drops of other people using rfc1918 space */
 			remove_rrset("sanitize: removing public name with "
 				"private address", pkt, msg, prev, &rrset);
 			continue;
-- 
2.47.2