Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

rec: rpz tweaks #14694

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

rec: rpz tweaks #14694

wants to merge 1 commit into from

Conversation

omoerbeek
Copy link
Member

Short description

  • Log policyname on policyHit when updating root
  • Do not register invalid file-based RPZs
  • Do not return null SOA (this should no longer happen with the 2nd bullet, but better safe than sorry)

2nd commit: do not apply NS based policies to (recursive) forwarders. This commit is debatable, hence draft status.

Checklist

I have:

  • read the CONTRIBUTING.md document
  • compiled this code
  • tested this code
  • included documentation (including possible behaviour changes)
  • documented the code
  • added or modified regression test(s)
  • added or modified unit test(s)

@omoerbeek
rec: a few RPZ tweaks
439913b 
- Log policyname on policyHit when updating root
- Do not register invalid file-based RPZs
- Do not return null SOA
@omoerbeek omoerbeek added this to the rec-5.2.0 milestone Sep 20, 2024
@coveralls
Copy link

coveralls commented Sep 20, 2024
edited
Loading

Pull Request Test Coverage Report for Build 10996038105

Warning: This coverage report may be inaccurate.

This pull request's base commit is no longer the HEAD commit of its target branch. This means it includes changes from outside the original pull request, including, potentially, unrelated coverage changes.

Details

  • 6 of 10 (60.0%) changed or added relevant lines in 3 files are covered.
  • 36 unchanged lines in 10 files lost coverage.
  • Overall coverage increased (+0.03%) to 64.712%
Changes Missing Coverage Covered Lines Changed/Added Lines %
pdns/recursordist/rec-main.cc 4 6 66.67%
pdns/recursordist/syncres.cc 1 3 33.33%
Files with Coverage Reduction New Missed Lines %
pdns/recursordist/rec-main.cc 1 62.16%
pdns/validate.cc 1 68.42%
modules/lmdbbackend/lmdbbackend.cc 2 73.46%
pdns/recursordist/syncres.cc 3 79.83%
pdns/opensslsigners.cc 3 61.41%
modules/gpgsqlbackend/spgsql.cc 3 67.7%
pdns/misc.cc 4 63.43%
pdns/recursordist/test-syncres_cc1.cc 5 89.63%
pdns/recursordist/rec-tcpout.cc 5 50.79%
pdns/dnsdistdist/dnsdist-carbon.cc 9 62.16%
Totals Coverage Status
Change from base Build 10994193892: 0.03%
Covered Lines: 124847
Relevant Lines: 162221
💛 - Coveralls

@omoerbeek
Copy link
Member Author

BTW, the RPZ regression test failures are happening because they use forwarding, which with this PR are no longer subjected to RPZ policies. If we decide the 2nd commit is there to stay, we need to adapt the tests.

@omoerbeek
Copy link
Member Author

I decided to drop the 2nd commit for this PR, and just keep logging- and bugfix.

@omoerbeek omoerbeek marked this pull request as ready for review September 23, 2024 14:09
@omoerbeek omoerbeek changed the title rec: rpz tweaks and do not apply rpz-nsdname and rpz-nsip to forwarders rec: rpz tweaks Sep 23, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
enhancement rec
Projects
None yet
Milestone
rec-5.2.0
Development

Successfully merging this pull request may close these issues.
2 participants
@omoerbeek @coveralls