rec: Load RPZ safely from the RPZIXFRTracker

diff --git a/pdns/rpzloader.cc b/pdns/rpzloader.cc
index 8466b8da193210da0fe28495aa5ba828c4992fde..7e1b4e837718d66a19dfdc7235446620e5b747be 100644 (file)
--- a/pdns/rpzloader.cc
+++ b/pdns/rpzloader.cc
@@ -347,16 +347,21 @@ void RPZIXFRTracker(const ComboAddress& master, boost::optional<DNSFilterEngine:
   while (!sr) {
     /* if we received an empty sr, the zone was not really preloaded */
 
+    std::shared_ptr<DNSFilterEngine::Zone> newZone = std::make_shared<DNSFilterEngine::Zone>(*zone);
     try {
-      sr=loadRPZFromServer(master, zoneName, zone, defpol, maxTTL, tt, maxReceivedBytes, localAddress, axfrTimeout);
+      sr=loadRPZFromServer(master, zoneName, newZone, defpol, maxTTL, tt, maxReceivedBytes, localAddress, axfrTimeout);
       if(refresh == 0) {
         refresh = sr->d_st.refresh;
       }
-      zone->setSerial(sr->d_st.serial);
-      setRPZZoneNewState(polName, sr->d_st.serial, zone->size(), true);
+      newZone->setSerial(sr->d_st.serial);
+      setRPZZoneNewState(polName, sr->d_st.serial, newZone->size(), true);
+
+      g_luaconfs.modify([zoneIdx, &newZone](LuaConfigItems& lci) {
+        lci.dfe.setZone(zoneIdx, newZone);
+      });
 
       if (!dumpZoneFileName.empty()) {
-        dumpZoneToDisk(zoneName, zone, dumpZoneFileName);
+        dumpZoneToDisk(zoneName, newZone, dumpZoneFileName);
       }
     }
     catch(const std::exception& e) {