DNS_RPZ_POLICY_NXDOMAIN = 5, /* 'nxdomain': answer with NXDOMAIN */
DNS_RPZ_POLICY_NODATA = 6, /* 'nodata': answer with ANCOUNT=0 */
DNS_RPZ_POLICY_CNAME = 7, /* 'cname x': answer with x's rrsets */
+ DNS_RPZ_POLICY_DNS64, /* Apply DN64 to the A rewrite */
DNS_RPZ_POLICY_RECORD,
DNS_RPZ_POLICY_WILDCNAME,
DNS_RPZ_POLICY_MISS,
isc_result_t result;
dns_clientinfomethods_t cm;
dns_clientinfo_t ci;
+ bool found_a = false;
REQUIRE(nodep != NULL);
"rpz_find_p: allrdatasets failed");
return (DNS_R_SERVFAIL);
}
+ if (qtype == dns_rdatatype_aaaa &&
+ !ISC_LIST_EMPTY(client->view->dns64)) {
+ for (result = dns_rdatasetiter_first(rdsiter);
+ result == ISC_R_SUCCESS;
+ result = dns_rdatasetiter_next(rdsiter)) {
+ dns_rdatasetiter_current(rdsiter, *rdatasetp);
+ if ((*rdatasetp)->type == dns_rdatatype_a) {
+ found_a = true;
+ }
+ dns_rdataset_disassociate(*rdatasetp);
+ }
+ }
for (result = dns_rdatasetiter_first(rdsiter);
result == ISC_R_SUCCESS;
result = dns_rdatasetiter_next(rdsiter)) {
}
return (ISC_R_SUCCESS);
case DNS_R_NXRRSET:
- *policyp = DNS_RPZ_POLICY_NODATA;
+ if (found_a) {
+ *policyp = DNS_RPZ_POLICY_DNS64;
+ } else {
+ *policyp = DNS_RPZ_POLICY_NODATA;
+ }
return (result);
case DNS_R_DNAME:
/*
qctx->rpz = true;
break;
case DNS_RPZ_POLICY_NODATA:
- result = DNS_R_NXRRSET;
qctx->nxrewrite = true;
+ /* FALLTHROUGH */
+ case DNS_RPZ_POLICY_DNS64:
+ result = DNS_R_NXRRSET;
qctx->rpz = true;
break;
case DNS_RPZ_POLICY_RECORD:
} else if ((result == DNS_R_NXRRSET ||
result == DNS_R_NCACHENXRRSET) &&
!ISC_LIST_EMPTY(qctx->view->dns64) &&
+ !qctx->nxrewrite &&
qctx->client->message->rdclass == dns_rdataclass_in &&
qctx->qtype == dns_rdatatype_aaaa)
{
projects / thirdparty / bind9.git / commitdiff
