Open deteque opened 1 week ago
Could it be that this is already fixed with https://github.com/NLnetLabs/unbound/commit/b6c7ea563f8c1c3c6753923a36e3e29c22f6b683 and https://github.com/NLnetLabs/unbound/commit/4b30e88eec76bc12819fe0fe1da97fad00ba7d98 ? These are also fixes for 1.20.0 for rpz and the use of tags.
Those fixes were made for #1079 .
The fixes are available from the code repository. That passes unit tests, and that includes a test for access-control-tag and rpz, in testdata/rpz_cname_tag.rpl
( https://github.com/NLnetLabs/unbound/blob/master/testdata/rpz_cname_tag.rpl ).
Describe the bug We have a cluster of unbound servers that utilize access-control-tags for RPZ access. On 1.19.3 these tags work as expected and only apply the RPZ zones to clients with the tag configured. After upgrading to 1.20.0 all configured RPZ zones are applied to all clients regardless of client IP
To reproduce Steps to reproduce the behavior:
Expected behavior Unbound should only apply RPZ zones to clients with the relevant access-control-tags set, instead all RPZ zones are being applied to all clients regardless of which access-control-tags are set.
System:
unbound -V
output:Configure line: --prefix=/usr --mandir=/usr/share/man --sysconfdir=/etc --with-libevent --enable-dnstap Linked libs: libevent 2.1.12-stable (it uses epoll), OpenSSL 3.0.11 19 Sep 2023 Linked modules: dns64 respip validator iterator
BSD licensed, see LICENSE in source package for details. Report bugs to unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues