Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

rec: rpz tweaks and do not apply rpz-nsdname and rpz-nsip to forwarders #14694

Draft
wants to merge 2 commits into
base: master
Choose a base branch
from
Draft

rec: rpz tweaks and do not apply rpz-nsdname and rpz-nsip to forwarders #14694

wants to merge 2 commits into from

Conversation

omoerbeek
Copy link
Member

Short description

  • Log policyname on policyHit when updating root
  • Do not register invalid file-based RPZs
  • Do not return null SOA (this should no longer happen with the 2nd bullet, but better safe than sorry)

2nd commit: do not apply NS based policies to (recursive) forwarders. This commit is debatable, hence draft status.

Checklist

I have:

  • read the CONTRIBUTING.md document
  • compiled this code
  • tested this code
  • included documentation (including possible behaviour changes)
  • documented the code
  • added or modified regression test(s)
  • added or modified unit test(s)

@omoerbeek
rec: a few RPZ tweaks
439913b 
- Log policyname on policyHit when updating root
- Do not register invalid file-based RPZs
- Do not return null SOA
@omoerbeek
Don't apply NS RPZs to forwarders
8798773
@omoerbeek omoerbeek added this to the rec-5.2.0 milestone Sep 20, 2024
@coveralls
Copy link

Pull Request Test Coverage Report for Build 10955087378

Details

  • 5 of 14 (35.71%) changed or added relevant lines in 3 files are covered.
  • 5422 unchanged lines in 74 files lost coverage.
  • Overall coverage decreased (-3.4%) to 61.274%
Changes Missing Coverage Covered Lines Changed/Added Lines %
pdns/recursordist/filterpo.hh 0 1 0.0%
pdns/recursordist/syncres.cc 5 7 71.43%
pdns/recursordist/rec-main.cc 0 6 0.0%
Files with Coverage Reduction New Missed Lines %
pdns/webserver.hh 1 69.16%
pdns/recursordist/ext/protozero/include/protozero/config.hpp 1 0.0%
ext/json11/json11.cpp 1 64.49%
modules/gpgsqlbackend/gpgsqlbackend.cc 1 88.62%
pdns/recursordist/sortlist.hh 1 75.0%
pdns/iputils.hh 1 76.61%
pdns/dnstap.cc 2 68.82%
ext/probds/murmur3.cc 2 88.24%
pdns/dnsdistdist/dnsdist-crypto.cc 2 75.72%
pdns/dnsname.hh 2 91.52%
Totals Coverage Status
Change from base Build 10939216509: -3.4%
Covered Lines: 119185
Relevant Lines: 162007
💛 - Coveralls

@omoerbeek
Copy link
Member Author

BTW, the RPZ regression test failures are happening because they use forwarding, which with this PR are no longer subjected to RPZ policies. If we decide the 2nd commit is there to stay, we need to adapt the tests.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
enhancement rec
Projects
None yet
Milestone
rec-5.2.0
Development

Successfully merging this pull request may close these issues.
2 participants
@omoerbeek @coveralls