packages/bind
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
bind/backport-ensure-RPZ-lookups-handle-CD-1-correctly.patch
zhang-hao-jon 0003f50e3d bind:fix some patches from commity 
(cherry picked from commit 65429159526fd046e9fcdd9a0d9c2bd0fd028ec6)
2023-02-27 09:25:18 +08:00

62 lines
2.1 KiB
Diff
Raw Blame History

From 8e4a1f3483bedf262504583605ec07205bd17c2a Mon Sep 17 00:00:00 2001
From: Evan Hunt <each@isc.org>
Date: Tue, 18 Oct 2022 13:48:52 -0700
Subject: [PATCH] ensure RPZ lookups handle CD=1 correctly
RPZ rewrites called dns_db_findext() without passing through the
client database options; as as result, if the client set CD=1,
DNS_DBFIND_PENDINGOK was not used as it should have been, and
cache lookups failed, resulting in failure of the rewrite.
(cherry picked from commit 305a50dbe12a43b0ee429c2e9bee04f35a8047c4)
---
lib/ns/query.c | 11 ++++++-----
1 file changed, 6 insertions(+), 5 deletions(-)
diff --git a/lib/ns/query.c b/lib/ns/query.c
index 43a0293d5d..baa28b5233 100644
--- a/lib/ns/query.c
+++ b/lib/ns/query.c
@@ -3585,7 +3585,7 @@ rpz_rewrite_ip_rrset(ns_client_t *client, dns_name_t *name,
struct in_addr ina;
struct in6_addr in6a;
isc_result_t result;
- unsigned int options = DNS_DBFIND_GLUEOK;
+ unsigned int options = client->query.dboptions | DNS_DBFIND_GLUEOK;
bool done = false;
CTRACE(ISC_LOG_DEBUG(3), "rpz_rewrite_ip_rrset");
@@ -3646,8 +3646,9 @@ rpz_rewrite_ip_rrset(ns_client_t *client, dns_name_t *name,
* otherwise we are done.
*/
if (result == DNS_R_GLUE) {
- options = 0;
+ options = client->query.dboptions;
} else {
+ options = client->query.dboptions | DNS_DBFIND_GLUEOK;
done = true;
}
@@ -4207,7 +4208,7 @@ rpz_rewrite(ns_client_t *client, dns_rdatatype_t qtype, isc_result_t qresult,
dns_fixedname_init(&nsnamef);
dns_name_clone(client->query.qname, dns_fixedname_name(&nsnamef));
- options = DNS_DBFIND_GLUEOK;
+ options = client->query.dboptions | DNS_DBFIND_GLUEOK;
while (st->r.label > st->popt.min_ns_labels) {
bool was_glue = false;
/*
@@ -4333,9 +4334,9 @@ rpz_rewrite(ns_client_t *client, dns_rdatatype_t qtype, isc_result_t qresult,
* glue responses, otherwise setup for the next name.
*/
if (was_glue) {
- options = 0;
+ options = client->query.dboptions;
} else {
- options = DNS_DBFIND_GLUEOK;
+ options = client->query.dboptions | DNS_DBFIND_GLUEOK;
st->r.label--;
}
--
2.23.0
Reference in New Issue View Git Blame Copy Permalink