ns_client_error() could assert if rcode was overridden to NOERROR

The client->rcode_override was originally created to force the server
to send SERVFAIL in some cases when it would normally have sent FORMERR.

More recently, it was used in a3ba95116ed04594ea59a8124bf781b30367a7a2
commit (part of GL #2790) to force the sending of a TC=1 NOERROR
response, triggering a retry via TCP, when a UDP packet could not be
sent due to ISC_R_MAXSIZE.

This ran afoul of a pre-existing INSIST in ns_client_error() when
RRL was in use. the INSIST was based on the assumption that
ns_client_error() could never result in a non-error rcode. as
that assumption is no longer valid, the INSIST has been removed.

diff --git a/lib/ns/client.c b/lib/ns/client.c
index 9ba1c8999255d388b8bea6fab28a00329961eb8b..1a12fb9c875a4e005ef106f380e65c34b5b065cd 100644 (file)
--- a/lib/ns/client.c
+++ b/lib/ns/client.c
@@ -771,8 +771,6 @@ ns_client_error(ns_client_t *client, isc_result_t result) {
                dns_rrl_result_t rrl_result;
                int loglevel;
 
-               INSIST(rcode != dns_rcode_noerror &&
-                      rcode != dns_rcode_nxdomain);
                if ((client->sctx->options & NS_SERVER_LOGQUERIES) != 0) {
                        loglevel = DNS_RRL_LOG_DROP;
                } else {