summaryrefslogtreecommitdiff
path: root/iterator/iter_scrub.c
diff options
context:
space:
mode:
Diffstat (limited to 'iterator/iter_scrub.c')
-rw-r--r--iterator/iter_scrub.c16
1 files changed, 9 insertions, 7 deletions
diff --git a/iterator/iter_scrub.c b/iterator/iter_scrub.c
index 6147c96a9e37..a2407c27c840 100644
--- a/iterator/iter_scrub.c
+++ b/iterator/iter_scrub.c
@@ -62,7 +62,7 @@ static void
remove_rrset(const char* str, ldns_buffer* pkt, struct msg_parse* msg,
struct rrset_parse* prev, struct rrset_parse** rrset)
{
- if(verbosity >= VERB_QUERY
+ if(verbosity >= VERB_QUERY && str
&& (*rrset)->dname_len <= LDNS_MAX_DOMAINLEN) {
uint8_t buf[LDNS_MAX_DOMAINLEN+1];
dname_pkt_copy(pkt, buf, (*rrset)->dname);
@@ -520,7 +520,7 @@ store_rrset(ldns_buffer* pkt, struct msg_parse* msg, struct module_env* env,
struct ub_packed_rrset_key* k;
struct packed_rrset_data* d;
struct rrset_ref ref;
- uint32_t now = *env->now;
+ time_t now = *env->now;
k = alloc_special_obtain(env->alloc);
if(!k)
@@ -646,14 +646,16 @@ scrub_sanitize(ldns_buffer* pkt, struct msg_parse* msg,
/* remove private addresses */
if( (rrset->type == LDNS_RR_TYPE_A ||
- rrset->type == LDNS_RR_TYPE_AAAA) &&
- priv_rrset_bad(ie->priv, pkt, rrset)) {
+ rrset->type == LDNS_RR_TYPE_AAAA)) {
/* do not set servfail since this leads to too
* many drops of other people using rfc1918 space */
- remove_rrset("sanitize: removing public name with "
- "private address", pkt, msg, prev, &rrset);
- continue;
+ /* also do not remove entire rrset, unless all records
+ * in it are bad */
+ if(priv_rrset_bad(ie->priv, pkt, rrset)) {
+ remove_rrset(NULL, pkt, msg, prev, &rrset);
+ continue;
+ }
}
/* skip DNAME records -- they will always be followed by a
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-20 18:38:59 +0000