From 12b0ff973d908c8802a5dd370ef454bdbd62bbc9 Mon Sep 17 00:00:00 2001 From: Daniel Date: Wed, 23 Sep 2020 14:12:14 +0200 Subject: [PATCH] Fix special responders --- nameserver/nameserver.go | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/nameserver/nameserver.go b/nameserver/nameserver.go index 2b8f77e7..121141b1 100644 --- a/nameserver/nameserver.go +++ b/nameserver/nameserver.go @@ -167,13 +167,6 @@ func handleRequest(ctx context.Context, w dns.ResponseWriter, request *dns.Msg) // Check request with the privacy filter before resolving. firewall.DecideOnConnection(ctx, conn, nil) - // Check if there is Verdict to act upon. - switch conn.Verdict { - case network.VerdictBlock, network.VerdictDrop, network.VerdictFailed: - tracer.Infof("nameserver: request for %s from %s %s", q.ID(), conn.Process(), conn.Verdict.Verb()) - return reply(conn, conn) - } - // Check if there is a responder from the firewall. // In special cases, the firewall might want to respond the query itself. // A reason for this might be that the request is sink-holed to a forced @@ -183,10 +176,17 @@ func handleRequest(ctx context.Context, w dns.ResponseWriter, request *dns.Msg) // Save the request as open, as we don't know if there will be a connection or not. network.SaveOpenDNSRequest(conn) - tracer.Infof("nameserver: handing over request for %s to filter responder: %s", q.ID(), conn.Reason) + tracer.Infof("nameserver: handing over request for %s to special filter responder: %s", q.ID(), conn.Reason) return reply(responder) } + // Check if there is Verdict to act upon. + switch conn.Verdict { + case network.VerdictBlock, network.VerdictDrop, network.VerdictFailed: + tracer.Infof("nameserver: request for %s from %s %s", q.ID(), conn.Process(), conn.Verdict.Verb()) + return reply(conn, conn) + } + // Save security level to query, so that the resolver can react to configuration. q.SecurityLevel = conn.Process().Profile().SecurityLevel()