rec: a few RPZ tweaks

- Log policyname on policyHit when updating root - Do not register invalid file-based RPZs - Do not return null SOA
PowerDNS · Sep 20, 2024 · 439913b · 439913b
1 parent 72ae147
commit 439913b
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 6 deletions.
diff --git a/pdns/recursordist/filterpo.hh b/pdns/recursordist/filterpo.hh
@@ -212,7 +212,7 @@ public:
 
     [[nodiscard]] bool getSOA(DNSRecord& rec) const
     {
-      if (d_zoneData) {
+      if (d_zoneData && d_zoneData->d_soa.getContent()) {
         rec = d_zoneData->d_soa;
         return true;
       }

diff --git a/pdns/recursordist/rec-main.cc b/pdns/recursordist/rec-main.cc
@@ -3426,7 +3426,7 @@ static void* pleaseInitPolCounts(const string& name)
   return nullptr;
 }
 
-static void activateRPZFile(const RPZTrackerParams& params, LuaConfigItems& lci, shared_ptr<DNSFilterEngine::Zone>& zone)
+static bool activateRPZFile(const RPZTrackerParams& params, LuaConfigItems& lci, shared_ptr<DNSFilterEngine::Zone>& zone)
 {
   auto log = lci.d_slog->withValues("file", Logging::Loggable(params.name));
 
@@ -3441,7 +3441,10 @@ static void activateRPZFile(const RPZTrackerParams& params, LuaConfigItems& lci,
   catch (const std::exception& e) {
     SLOG(g_log << Logger::Error << "Unable to load RPZ zone from '" << params.name << "': " << e.what() << endl,
          log->error(Logr::Error, e.what(), "Exception while loading RPZ zone from file"));
+    zone->clear();
+    return false;
   }
+  return true;
 }
 
 static void activateRPZPrimary(RPZTrackerParams& params, LuaConfigItems& lci, shared_ptr<DNSFilterEngine::Zone>& zone, const DNSName& domain)
@@ -3500,8 +3503,9 @@ static void activateRPZs(LuaConfigItems& lci)
     zone->setIgnoreDuplicates(params.ignoreDuplicates);
 
     if (params.primaries.empty()) {
-      activateRPZFile(params, lci, zone);
-      lci.dfe.addZone(zone);
+      if (activateRPZFile(params, lci, zone)) {
+        lci.dfe.addZone(zone);
+      }
     }
     else {
       DNSName domain(params.name);

diff --git a/pdns/recursordist/syncres.cc b/pdns/recursordist/syncres.cc
@@ -6223,9 +6223,10 @@ int SyncRes::getRootNS(struct timeval now, asyncresolve_t asyncCallback, unsigne
     SLOG(g_log << Logger::Error << "Failed to update . records, got an exception: " << e.reason << endl,
          log->error(Logr::Error, e.reason, msg, "exception", Logging::Loggable("ImmediateServFailException")));
   }
-  catch (const PolicyHitException& e) {
+  catch (const PolicyHitException& policyHit) {
     SLOG(g_log << Logger::Error << "Failed to update . records, got a policy hit" << endl,
-         log->info(Logr::Error, msg, "exception", Logging::Loggable("PolicyHitException")));
+         log->info(Logr::Error, msg, "exception", Logging::Loggable("PolicyHitException"),
+                   "policyName", Logging::Loggable(resolver.d_appliedPolicy.getName())));
     ret.clear();
   }
   catch (const std::exception& e) {