unset the RA bit when a query is blocked by an unbound RPZ nxdomain reply

[jpgpi250]

Pi-hole + unbound user here (currently v1.14.0), using RPZ zones, this to ensure 'always blocked', using, for example, the list from urlhaus.

When using pi-hole + unbound, unbound is used as the upstream resolver.
The developer of pihole-FTL has added code to allow detection of responses, blocked by the upstream resolver.
Pi-hole (dnsmasq+++) can use a variety of upstream resolvers. Apparently, when using with upstream resolver quad9, the following code allows pi-hole to indicate the query was blocked by the upstream resolver:

[FR]: is it possible to provide this information from unbound to pi-hole, e.g. unset the RA bit when a query is blocked by an unbound RPZ nxdomain reply?

[wcawijngaards]

The commit adds the option rpz-signal-nxdomain-ra and if it is set, then the RA flag is turned off for NXDOMAIN blocked queries by the RPZ.

[jpgpi250]

tested, compiled unbound master branch 1.14.1 and used latest pi-hole version
added rpz-signal-nxdomain-ra: yes to the rpz config

works perfectly, result as expected in the pihole query log. thanks @wcawijngaards