RPZ response's SOA record is incorrectly set to 1

An RPZ response's SOA record TTL is set to 1 instead of the SOA TTL,
a boolean value is passed on to query_addsoa, which is supposed to be
a TTL value. I don't see what value is appropriate to be used for
overriding, so we will pass UINT32_MAX.

diff --git a/bin/tests/system/rpz/tests.sh b/bin/tests/system/rpz/tests.sh
index ad0405938e4b1d49f0cab1dcf1388031f8dbea24..df7b7987723487857329a3df958cfc45f63b9432 100644 (file)
--- a/bin/tests/system/rpz/tests.sh
+++ b/bin/tests/system/rpz/tests.sh
@@ -846,13 +846,13 @@ grep -F "EDE: " dig.out.${t} >/dev/null && setret "failed"
 t=$((t + 1))
 echo_i "checking that 'add-soa no' at rpz zone level works (${t})"
 $DIG z.x.servfail -p ${PORT} @$ns7 >dig.out.${t} || setret "failed"
-grep SOA dig.out.${t} >/dev/null && setret "failed"
+grep "SOA" dig.out.${t} >/dev/null && setret "failed"
 
 if [ native = "$MODE" ]; then
   t=$((t + 1))
   echo_i "checking that 'add-soa yes' at response-policy level works (${t})"
   $DIG walled.tld2 -p ${PORT} +noall +add @$ns3 >dig.out.${t} || setret "failed"
-  grep "^manual-update-rpz\..*SOA" dig.out.${t} >/dev/null || setret "failed"
+  grep "^manual-update-rpz\..*60.*SOA" dig.out.${t} >/dev/null || setret "failed"
 fi
 
 if [ native = "$MODE" ]; then
@@ -870,7 +870,7 @@ if [ native = "$MODE" ]; then
   t=$((t + 1))
   echo_i "checking that 'add-soa unset' works (${t})"
   $DIG walled.tld2 -p ${PORT} +noall +add @$ns8 >dig.out.${t} || setret "failed"
-  grep "^manual-update-rpz\..*SOA" dig.out.${t} >/dev/null || setret "failed"
+  grep "^manual-update-rpz\..*60.*SOA" dig.out.${t} >/dev/null || setret "failed"
 fi
 
 # dnsrps does not allow NS RRs in policy zones, so this check

diff --git a/lib/ns/query.c b/lib/ns/query.c
index 27573870de34775764db8263422d8ab322804f86..ee88495dfb8fe61eb683a4e62a859fa9081c418f 100644 (file)
--- a/lib/ns/query.c
+++ b/lib/ns/query.c
@@ -7247,9 +7247,7 @@ query_checkrpz(query_ctx_t *qctx, isc_result_t result) {
                 * Add SOA record to additional section
                 */
                if (qctx->rpz_st->m.rpz->addsoa) {
-                       bool override_ttl =
-                               dns_rdataset_isassociated(qctx->rdataset);
-                       rresult = query_addsoa(qctx, override_ttl,
+                       rresult = query_addsoa(qctx, UINT32_MAX,
                                               DNS_SECTION_ADDITIONAL);
                        if (rresult != ISC_R_SUCCESS) {
                                QUERY_ERROR(qctx, result);