Skip to content

negative match on the 'blackhole' ACL could be treated as positive

Evan Hunt requested to merge 3157-blackhole-request into main

There was a bug in checking of the "blackhole" ACL in dns_request_create*(), causing an address to be treated as included in the ACL if it was explicitly excluded. Thus, leaving "blackhole" unset had no effect, but setting it to "none" would cause any destination addresses to be rejected for dns_request purposes. This would cause zone transfer requests and SOA queries to fail, among other things.

The bug has been fixed, and "blackhole { none; };" was added to the xfer system test as a regression test.

Closes #3157 (closed)

Merge request reports