From: Vladimír Čunát <vladimir.cunat@nic.cz>
Date: Mon, 25 Mar 2024 13:49:36 +0000 (+0100)
Subject: lib/rules: avoid RPZ overriding the root SOA
X-Git-Tag: v6.0.7~3^2
X-Git-Url: http://git.ipfire.org/gitweb/gitweb.cgi?a=commitdiff_plain;h=refs%2Fenvironments%2Fdocs-develop-rpz-sgpa4i%2Fdeployments%2F3599;p=thirdparty%2Fknot-resolver.git

lib/rules: avoid RPZ overriding the root SOA
---

diff --git a/NEWS b/NEWS
index 27c209a22..c5cf81b4d 100644
--- a/NEWS
+++ b/NEWS
@@ -15,6 +15,7 @@ Bugfixes
 - fix kresctl http request timeout (!1505)
 - fix RPZ if it contains apex NS record (!1516)
 - fix RPZ if SOA is repated, as usual in AXFR output (!1521)
+- avoid RPZ overriding the root SOA (!1521)
 - fix on 32-bit systems with 64-bit time_t (!1510)
 - fix paths to knot-dns libs if exec_prefix != prefix (!1503)
 
diff --git a/lib/rules/zonefile.c b/lib/rules/zonefile.c
index 6c260d771..cfd2bc276 100644
--- a/lib/rules/zonefile.c
+++ b/lib/rules/zonefile.c
@@ -144,6 +144,8 @@ static bool owner_relativize(zs_scanner_t *s)
 			apex = d->origin_soa = knot_dname_copy(s->r_owner, d->pool);
 	}
 	d->seen_record = true;
+	if (s->r_type == KNOT_RRTYPE_SOA)
+		return false; // otherwise we'd insert `. SOA` record
 
 	const int labels = knot_dname_in_bailiwick(s->r_owner, apex);
 	if (labels < 0) {