ns_client_error() could assert if rcode was overridden to NOERROR

The client->rcode_override was originally created to force the server
to send SERVFAIL in some cases when it would normally have sent FORMERR.

More recently, it was used in a3ba95116ed04594ea59a8124bf781b30367a7a2
commit (part of GL #2790) to force the sending of a TC=1 NOERROR
response, triggering a retry via TCP, when a UDP packet could not be
sent due to ISC_R_MAXSIZE.

This ran afoul of a pre-existing INSIST in ns_client_error() when
RRL was in use. the INSIST was based on the assumption that
ns_client_error() could never result in a non-error rcode. as
that assumption is no longer valid, the INSIST has been removed.

diff --git a/lib/ns/client.c b/lib/ns/client.c
index d76b7b91f0c748fd2ebbb2731c2ced4a6948f1a7..899ef129d3738eda9b7c0ab6cdb133d94a209408 100644 (file)
--- a/lib/ns/client.c
+++ b/lib/ns/client.c
@@ -794,8 +794,6 @@ ns_client_error(ns_client_t *client, isc_result_t result) {
                dns_rrl_result_t rrl_result;
                int loglevel;
 
-               INSIST(rcode != dns_rcode_noerror &&
-                      rcode != dns_rcode_nxdomain);
                if ((client->sctx->options & NS_SERVER_LOGQUERIES) != 0) {
                        loglevel = DNS_RRL_LOG_DROP;
                } else {