- rpz-triggers, the added soa for client ip modified answers is affected

by the minimal-responses config option.

cachedb/cachedb.c

@@ -402,7 +402,7 @@ prep_data(struct module_qstate* qstate, struct sldns_buffer* buf)
 	                qstate->return_msg->rep);
 	if(!reply_info_answer_encode(&qstate->return_msg->qinfo,
 		qstate->return_msg->rep, 0, qstate->query_flags,
-		buf, 0, 1, qstate->env->scratch, 65535, &edns, 1, 0, 0))
+		buf, 0, 1, qstate->env->scratch, 65535, &edns, 1, 0))
 		return 0;
 
 	/* TTLs in the return_msg are relative to time(0) so we have to

daemon/worker.c

@@ -522,7 +522,7 @@ answer_norec_from_cache(struct worker* worker, struct query_info* qinfo,
 		repinfo->c, worker->scratchpad) ||
 		!reply_info_answer_encode(&msg->qinfo, msg->rep, id, flags, 
 		repinfo->c->buffer, 0, 1, worker->scratchpad,
-		udpsize, edns, (int)(edns->bits & EDNS_DO), secure, 0)) {
+		udpsize, edns, (int)(edns->bits & EDNS_DO), secure)) {
 		if(!inplace_cb_reply_servfail_call(&worker->env, qinfo, NULL, NULL,
 			LDNS_RCODE_SERVFAIL, edns, repinfo, worker->scratchpad,
 			worker->env.now_tv))
@@ -726,7 +726,7 @@ answer_from_cache(struct worker* worker, struct query_info* qinfo,
 		repinfo->c, worker->scratchpad) ||
 		!reply_info_answer_encode(qinfo, encode_rep, id, flags,
 		repinfo->c->buffer, timenow, 1, worker->scratchpad,
-		udpsize, edns, (int)(edns->bits & EDNS_DO), *is_secure_answer, 0)) {
+		udpsize, edns, (int)(edns->bits & EDNS_DO), *is_secure_answer)) {
 		if(!inplace_cb_reply_servfail_call(&worker->env, qinfo, NULL, NULL,
 			LDNS_RCODE_SERVFAIL, edns, repinfo, worker->scratchpad,
 			worker->env.now_tv))

services/authzone.c

@@ -3495,7 +3495,7 @@ auth_answer_encode(struct query_info* qinfo, struct module_env* env,
 		*(uint16_t*)sldns_buffer_begin(buf),
 		sldns_buffer_read_u16_at(buf, 2),
 		buf, 0, 0, temp, udpsize, edns,
-		(int)(edns->bits&EDNS_DO), 0, 0)) {
+		(int)(edns->bits&EDNS_DO), 0)) {
 		error_encode(buf, (LDNS_RCODE_SERVFAIL|BIT_AA), qinfo,
 			*(uint16_t*)sldns_buffer_begin(buf),
 			sldns_buffer_read_u16_at(buf, 2), edns);

services/localzone.c

@@ -1261,7 +1261,7 @@ local_encode(struct query_info* qinfo, struct module_env* env,
 	if(!inplace_cb_reply_local_call(env, qinfo, NULL, &rep, rcode, edns,
 		repinfo, temp, env->now_tv) || !reply_info_answer_encode(qinfo, &rep,
 		*(uint16_t*)sldns_buffer_begin(buf), sldns_buffer_read_u16_at(buf, 2),
-		buf, 0, 0, temp, udpsize, edns, (int)(edns->bits&EDNS_DO), 0, 0)) {
+		buf, 0, 0, temp, udpsize, edns, (int)(edns->bits&EDNS_DO), 0)) {
 		error_encode(buf, (LDNS_RCODE_SERVFAIL|BIT_AA), qinfo,
 			*(uint16_t*)sldns_buffer_begin(buf),
 			sldns_buffer_read_u16_at(buf, 2), edns);

services/mesh.c

@@ -1167,7 +1167,7 @@ mesh_do_callback(struct mesh_state* m, int rcode, struct reply_info* rep,
 			!reply_info_answer_encode(&m->s.qinfo, rep, r->qid, 
 			r->qflags, r->buf, 0, 1, 
 			m->s.env->scratch, udp_size, &r->edns, 
-			(int)(r->edns.bits & EDNS_DO), secure, 0)) 
+			(int)(r->edns.bits & EDNS_DO), secure)) 
 		{
 			fptr_ok(fptr_whitelist_mesh_cb(r->cb));
 			(*r->cb)(r->cb_arg, LDNS_RCODE_SERVFAIL, r->buf,
@@ -1313,7 +1313,7 @@ mesh_send_reply(struct mesh_state* m, int rcode, struct reply_info* rep,
 			!reply_info_answer_encode(&m->s.qinfo, rep, r->qid, 
 			r->qflags, r_buffer, 0, 1, m->s.env->scratch,
 			udp_size, &r->edns, (int)(r->edns.bits & EDNS_DO),
-			secure, 0)) 
+			secure)) 
 		{
 			if(!inplace_cb_reply_servfail_call(m->s.env, &m->s.qinfo, &m->s,
 			rep, LDNS_RCODE_SERVFAIL, &r->edns, &r->query_reply, m->s.region, &r->start_time))

services/rpz.c

@@ -1528,8 +1528,7 @@ rpz_local_encode(struct module_env* env, struct query_info* qinfo,
 		repinfo, temp, env->now_tv) ||
 	  !reply_info_answer_encode(qinfo, &rep,
 		*(uint16_t*)sldns_buffer_begin(buf), sldns_buffer_read_u16_at(buf, 2),
-		buf, 0, 0, temp, udpsize, edns, (int)(edns->bits&EDNS_DO), 0,
+		buf, 0, 0, temp, udpsize, edns, (int)(edns->bits&EDNS_DO), 0)) {
-		1 /* not minimal */ )) {
 		error_encode(buf, (LDNS_RCODE_SERVFAIL|BIT_AA), qinfo,
 			*(uint16_t*)sldns_buffer_begin(buf),
 			sldns_buffer_read_u16_at(buf, 2), edns);

testdata/rpz_clientip.rpl

@@ -3,6 +3,7 @@ server:
 	module-config: "respip validator iterator"
 	target-fetch-policy: "0 0 0 0 0"
 	qname-minimisation: no
+	minimal-responses: no
   access-control: 192.0.0.0/8 allow
 
 rpz:

util/data/msgencode.c

@@ -878,7 +878,7 @@ int
 reply_info_answer_encode(struct query_info* qinf, struct reply_info* rep, 
 	uint16_t id, uint16_t qflags, sldns_buffer* pkt, time_t timenow,
 	int cached, struct regional* region, uint16_t udpsize, 
-	struct edns_data* edns, int dnssec, int secure, int notminimal)
+	struct edns_data* edns, int dnssec, int secure)
 {
 	uint16_t flags;
 	unsigned int attach_edns = 0;
@@ -916,7 +916,7 @@ reply_info_answer_encode(struct query_info* qinf, struct reply_info* rep,
 	}
 
 	if(!reply_info_encode(qinf, rep, id, flags, pkt, timenow, region,
-		udpsize, dnssec, (notminimal?0:MINIMAL_RESPONSES))) {
+		udpsize, dnssec, MINIMAL_RESPONSES)) {
 		log_err("reply encode: out of memory");
 		return 0;
 	}

util/data/msgencode.h

@@ -64,14 +64,12 @@ struct edns_data;
  *	or if edns_present = 0, it is not included.
  * @param dnssec: if 0 DNSSEC records are omitted from the answer.
  * @param secure: if 1, the AD bit is set in the reply.
- * @param notminimal: if 1, ignore minimalresponses and include additional
- * 	section anyway.
  * @return: 0 on error (server failure).
  */
 int reply_info_answer_encode(struct query_info* qinf, struct reply_info* rep, 
 	uint16_t id, uint16_t qflags, struct sldns_buffer* dest, time_t timenow,
 	int cached, struct regional* region, uint16_t udpsize, 
-	struct edns_data* edns, int dnssec, int secure, int notminimal);
+	struct edns_data* edns, int dnssec, int secure);
 
 /**
  * Regenerate the wireformat from the stored msg reply.