From af43f7928bd1c22e8ed9f6ea3ae6860182ffc5ef Mon Sep 17 00:00:00 2001
From: Otto <otto.moerbeek@open-xchange.com>
Date: Fri, 26 Mar 2021 10:59:15 +0100
Subject: [PATCH] Partial backport of #10111: Handle policy (if needed) after
 postresolve

I did not take the Lua changes, as there is a (slight) chance they are disruptive.
---
 pdns/pdns_recursor.cc | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/pdns/pdns_recursor.cc b/pdns/pdns_recursor.cc
index 99a1952068..9bd6bf860b 100644
--- a/pdns/pdns_recursor.cc
+++ b/pdns/pdns_recursor.cc
@@ -1619,6 +1619,11 @@ static void startDoResolve(void *p)
 
 	if (t_pdl && t_pdl->postresolve(dq, res)) {
           shouldNotValidate = true;
+          auto policyResult = handlePolicyHit(appliedPolicy, dc, sr, res, ret, pw);
+          // haveAnswer case redundant
+          if (policyResult == PolicyResult::Drop) {
+            return;
+          }
         }
       }
     }
-- 
2.47.2