-
-
Notifications
You must be signed in to change notification settings - Fork 340
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
unbound 1.15.0: A rpz-passthru action is not ending RPZ zone processing #628
Comments
Thanks for the report, fixed it! The issue was that the passthru would work correctly, also between RPZ zones, but only within a particular callback. It needed to be kept stored in a member variable to be used in subsequent callbacks, this is what caused the failure with another RPZ action applied at the later callback in the problem you found. |
I looked a little more on the blocked domain:
I tried to add the CNAME to wl.zone too, but the result becomes the same
|
Hmm... I cherry-picked your patch and rebuilt unbound, but it still fails:
@wcawijngaards any Ideas? |
So I reproduced it with a different code path, and the exact configuration that you used missed out. Fixed that in the commit and now it works also for qname trigger from the rpz localzone type. Thanks for the detailed report! I needed to know the exact rpz triggers that did not set the passthru correctly. |
Describe the bug
It seems that even thought "hiting" a rpz-passthru in a RPZ zone, unbound continues to process matching against the after-coming RPZ zones (removing the possibility to override entries in after-coming RPZ zones):
To reproduce
Run unbound with simple RPZ configuration:
Expected behavior
A rpz-passthru hit should end all further RPZ zone processing.
(However this is a tricky one as the QNAME is whitelisted but the hit is on the response IP...)
System:
unbound -V
output:The text was updated successfully, but these errors were encountered: