rec: Fix RPZ default policy not being applied over IXFR

Reported by @42wim (thanks!).

diff --git a/pdns/rec-lua-conf.cc b/pdns/rec-lua-conf.cc
index f8001bf9fafad2910dcb7289f1a84ebbd88d02f1..14bd8a6debdd04117f58bea393f389c099794cd0 100644 (file)
--- a/pdns/rec-lua-conf.cc
+++ b/pdns/rec-lua-conf.cc
@@ -188,7 +188,7 @@ void loadRecursorLuaConfig(const std::string& fname)
        auto sr=loadRPZFromServer(master, zone, lci.dfe, defpol, zoneIdx, tt, maxReceivedXFRMBytes * 1024 * 1024, localAddress);
         if(refresh)
           sr->d_st.refresh=refresh;
-       std::thread t(RPZIXFRTracker, master, zone, zoneIdx, tt, sr, maxReceivedXFRMBytes * 1024 * 1024, localAddress);
+       std::thread t(RPZIXFRTracker, master, zone, defpol, zoneIdx, tt, sr, maxReceivedXFRMBytes * 1024 * 1024, localAddress);
        t.detach();
       }
       catch(std::exception& e) {

diff --git a/pdns/reczones.cc b/pdns/reczones.cc
index 63ccb27e3b0745c310a39f345b2aba3beeb5fbf1..12237aa3341505e9982ba677a57417d9ce42cc22 100644 (file)
--- a/pdns/reczones.cc
+++ b/pdns/reczones.cc
@@ -311,7 +311,7 @@ string reloadAuthAndForwards()
 }
 
 
-void RPZIXFRTracker(const ComboAddress& master, const DNSName& zone, size_t polZone, const TSIGTriplet& tt, shared_ptr<SOARecordContent> oursr, size_t maxReceivedBytes, const ComboAddress& localAddress)
+void RPZIXFRTracker(const ComboAddress& master, const DNSName& zone, boost::optional<DNSFilterEngine::Policy> defpol, size_t polZone, const TSIGTriplet& tt, shared_ptr<SOARecordContent> oursr, size_t maxReceivedBytes, const ComboAddress& localAddress)
 {
   int refresh = oursr->d_st.refresh;
   for(;;) {
@@ -344,7 +344,7 @@ void RPZIXFRTracker(const ComboAddress& master, const DNSName& zone, size_t polZ
       const auto& add = delta.second;
       if(remove.empty()) {
         L<<Logger::Warning<<"IXFR update is a whole new zone"<<endl;
-        luaconfsCopy.dfe.clear(0);
+        luaconfsCopy.dfe.clear(polZone);
       }
       for(const auto& rr : remove) { // should always contain the SOA
        totremove++;
@@ -358,7 +358,7 @@ void RPZIXFRTracker(const ComboAddress& master, const DNSName& zone, size_t polZ
        }
        else {
          L<<Logger::Info<<"Had removal of "<<rr.d_name<<endl;
-         RPZRecordToPolicy(rr, luaconfsCopy.dfe, false, boost::optional<DNSFilterEngine::Policy>(), polZone);
+         RPZRecordToPolicy(rr, luaconfsCopy.dfe, false, defpol, polZone);
        }
       }
 
@@ -373,7 +373,7 @@ void RPZIXFRTracker(const ComboAddress& master, const DNSName& zone, size_t polZ
        }
        else {
          L<<Logger::Info<<"Had addition of "<<rr.d_name<<endl;
-         RPZRecordToPolicy(rr, luaconfsCopy.dfe, true, boost::optional<DNSFilterEngine::Policy>(), polZone);
+         RPZRecordToPolicy(rr, luaconfsCopy.dfe, true, defpol, polZone);
        }
       }
     }

diff --git a/pdns/rpzloader.hh b/pdns/rpzloader.hh
index f0afb5585a5bedcde3ff1deccc4d8b891b153a43..eebbeb2d578f19fa98afbc71179fed952399da06 100644 (file)
--- a/pdns/rpzloader.hh
+++ b/pdns/rpzloader.hh
@@ -27,4 +27,4 @@
 int loadRPZFromFile(const std::string& fname, DNSFilterEngine& target, boost::optional<DNSFilterEngine::Policy> defpol, size_t place);
 std::shared_ptr<SOARecordContent> loadRPZFromServer(const ComboAddress& master, const DNSName& zone, DNSFilterEngine& target, boost::optional<DNSFilterEngine::Policy> defpol, size_t place, const TSIGTriplet& tt, size_t maxReceivedBytes, const ComboAddress& localAddress);
 void RPZRecordToPolicy(const DNSRecord& dr, DNSFilterEngine& target, bool addOrRemove, boost::optional<DNSFilterEngine::Policy> defpol, size_t place);
-void RPZIXFRTracker(const ComboAddress& master, const DNSName& zone, size_t polZone, const TSIGTriplet &tt, shared_ptr<SOARecordContent> oursr, size_t maxReceivedBytes, const ComboAddress& localAddress);
+void RPZIXFRTracker(const ComboAddress& master, const DNSName& zone, boost::optional<DNSFilterEngine::Policy> defpol, size_t polZone, const TSIGTriplet &tt, shared_ptr<SOARecordContent> oursr, size_t maxReceivedBytes, const ComboAddress& localAddress);