From 83395f4cfb522df3eed4e673256bd8916c35d5ed Mon Sep 17 00:00:00 2001
From: Aram Sargsyan <aram@isc.org>
Date: Fri, 26 Aug 2022 14:15:16 +0000
Subject: [PATCH] Set the extended DNS error code for RPZ-modified queries

When enabled through a configuration option, set the configured EDE code
for the modified queries.
---
 lib/ns/query.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/lib/ns/query.c b/lib/ns/query.c
index c16cac61a2..d1c969ca16 100644
--- a/lib/ns/query.c
+++ b/lib/ns/query.c
@@ -16,6 +16,7 @@
 #include <ctype.h>
 #include <inttypes.h>
 #include <stdbool.h>
+#include <stdint.h>
 #include <string.h>
 
 #include <isc/hex.h>
@@ -7267,6 +7268,12 @@ query_checkrpz(query_ctx_t *qctx, isc_result_t result) {
 			UNREACHABLE();
 		}
 
+		if (qctx->rpz_st->m.rpz->ede != 0 &&
+		    qctx->rpz_st->m.rpz->ede != UINT16_MAX) {
+			ns_client_extendederror(qctx->client,
+						qctx->rpz_st->m.rpz->ede, NULL);
+		}
+
 		/*
 		 * Turn off DNSSEC because the results of a
 		 * response policy zone cannot verify.