Lines Matching defs:rpz
399 * DNS64, RPZ, RRL, and the SERVFAIL cache. It also doesn't discuss
1309 /* It's possible to have a separate log channel for rpz passthru. */
1336 * bin/tests/system/rpz/tests.sh looks for "rpz.*failed" for problems.
1366 level, "rpz %s%s%s rewrite %s%s%s%s%s%s%s", rpztypestr1,
1409 "try rpz %s rewrite %s via %s",
3052 * the earliest configured policy zone (rpz->num)
3060 zbits &= DNS_RPZ_ZMASK(st->m.rpz->num);
3062 zbits &= DNS_RPZ_ZMASK(st->m.rpz->num) >> 1;
3121 CTRACE(ISC_LOG_ERROR, "RPZ recursing");
3210 rpz_get_p_name(ns_client_t *client, dns_name_t *p_name, dns_rpz_zone_t *rpz,
3227 suffix = &rpz->client_ip;
3230 suffix = &rpz->origin;
3233 suffix = &rpz->ip;
3236 suffix = &rpz->nsdname;
3239 suffix = &rpz->nsip;
3281 * Look in policy zone rpz for a policy of rpz_type by p_name.
3293 dns_name_t *p_name, dns_rpz_zone_t *rpz, dns_rpz_type_t rpz_type,
3409 *policyp = dns_rpz_decode_cname(rpz, *rdatasetp,
3450 rpz_save_p(dns_rpz_st_t *st, dns_rpz_zone_t *rpz, dns_rpz_type_t rpz_type,
3458 st->m.rpz = rpz;
3475 st->m.ttl = ISC_MIN(st->m.rdataset->ttl, rpz->max_policy_ttl);
3477 st->m.ttl = ISC_MIN(DNS_RPZ_TTL_DEFAULT, rpz->max_policy_ttl);
3484 * Check the results of a RPZ service interface lookup.
3769 dns_rpz_zone_t *rpz;
3812 rpz = rpzs->zones[rpz_num];
3814 if (st->m.rpz->num < rpz->num) {
3817 if (st->m.rpz->num == rpz->num &&
3829 result = rpz_get_p_name(client, p_name, rpz, rpz_type, ip_name);
3833 result = rpz_find_p(client, ip_name, qtype, p_name, rpz,
3864 * dns_rpz_find_ip() ensures st->m.rpz->num >= rpz->num.
3872 rpz->num == st->m.rpz->num &&
3884 if (rpz->policy != DNS_RPZ_POLICY_DISABLED) {
3887 rpz_save_p(st, rpz, rpz_type, policy, p_name,
4095 dns_rpz_zone_t *rpz;
4164 rpz = rpzs->zones[rpz_num];
4166 if (st->m.rpz->num < rpz->num) {
4169 if (st->m.rpz->num == rpz->num && st->m.type < rpz_type)
4178 result = rpz_get_p_name(client, p_name, rpz, rpz_type,
4183 result = rpz_find_p(client, trig_name, qtype, p_name, rpz,
4208 * We known st->m.rpz->num >= rpz->num and either
4209 * st->m.rpz->num > rpz->num or st->m.type >= rpz_type
4212 rpz->num == st->m.rpz->num &&
4220 if (rpz->policy != DNS_RPZ_POLICY_DISABLED) {
4223 rpz_save_p(st, rpz, rpz_type, policy, p_name, 0,
4270 * RPZ query result types
4379 /* Check if the initial loading of RPZ is complete. */
4389 "RPZ servfail-until-ready", DNS_R_WAIT);
4731 st->m.rpz
4733 st->m.policy = st->m.rpz->policy;
4744 st->m.rpz->num);
4749 CTRACE(ISC_LOG_ERROR, "SERVFAIL due to RPZ policy");
5791 qctx->rpz = false;
6119 if (qctx->dns64 && qctx->rpz) {
6160 if (qctx->dns64 && qctx->rpz) {
6656 CCTRACE(ISC_LOG_DEBUG(3), "resume from RPZ recursion");
6677 "rpz rname:%s, pname:%s, qctx->fname:%s", qbuf,
6779 "query_resume: RPZ settings out of date "
7126 * Don't mess with responses rewritten by RPZ
7299 if (qctx->rpz_st->m.rpz->ede != 0 &&
7300 qctx->rpz_st->m.rpz->ede != UINT16_MAX)
7302 dns_ede_add(&qctx->client->edectx, qctx->rpz_st->m.rpz->ede,
7308 * Do any RPZ rewriting that may be needed for this query.
7382 if (qctx->rpz_st->m.rpz->addsoa) {
7404 qctx->rpz_st->m.rpz->num);
7412 qctx->rpz_st->m.rpz->num);
7417 qctx->rpz = true;
7424 qctx->rpz = true;
7448 qctx->rpz = true;
7476 &qctx->rpz_st->m.rpz->cname);
7502 qctx->rpz_st->m.rpz->num);
7553 qctx->rpz_st->m.rpz->num);
7755 * RPZ not configured for this view.
7761 * We are recursing, and thus RPZ processing is not
7765 * we can't perform the RPZ rewrite rules.
9475 * The RPZ SOA has already been added to the additional section
9476 * if this was an RPZ rewrite, but if it wasn't, add it now.
9592 * RPZ rewrite.
9608 (qctx->rpz_st != NULL && qctx->rpz_st->m.rpz->addsoa))
10811 * by RPZ rewriting.)
Indexes created Tue Mar 31 00:22:50 UTC 2026