Set the extended DNS error code for RPZ-modified queries

When enabled through a configuration option, set the configured EDE code for the modified queries.
2022-08-26 14:15:16 +00:00
parent 77f12ecba7
commit 83395f4cfb
1 changed files with 7 additions and 0 deletions
--- a/lib/ns/query.c
+++ b/lib/ns/query.c
@@ -16,6 +16,7 @@
 #include <ctype.h>
 #include <inttypes.h>
 #include <stdbool.h>
+#include <stdint.h>
 #include <string.h>

 #include <isc/hex.h>
@@ -7267,6 +7268,12 @@ query_checkrpz(query_ctx_t *qctx, isc_result_t result) {
 			UNREACHABLE();
 		}

+		if (qctx->rpz_st->m.rpz->ede != 0 &&
+		    qctx->rpz_st->m.rpz->ede != UINT16_MAX) {
+			ns_client_extendederror(qctx->client,
+						qctx->rpz_st->m.rpz->ede, NULL);
+		}
+
 		/*
 		 * Turn off DNSSEC because the results of a
 		 * response policy zone cannot verify.