policy.rpz: support local data with larger RRsets

modules/policy/policy.lua

@@ -445,7 +445,20 @@ local function rpz_parse(action, path)
 						path, tonumber(parser.line_counter), kres.tostring.type[parser.r_type])
 				elseif is_bad == nil then
 					if new_actions[name] == nil then new_actions[name] = {} end
-					new_actions[name][parser.r_type] = { ttl=parser.r_ttl, rdata=rdata }
+					local act = new_actions[name][parser.r_type]
+					if act == nil then
+						new_actions[name][parser.r_type] = { ttl=parser.r_ttl, rdata=rdata }
+					else -- mutiple RRs: no reordering or deduplication
+						if type(act.rdata) ~= 'table' then
+							act.rdata = { act.rdata }
+						end
+						table.insert(act.rdata, rdata)
+						if parser.r_ttl ~= act.ttl then -- be conservative
+							log('[poli] RPZ %s:%d warning: different TTLs in a set (minimum taken)',
+								path, tonumber(parser.line_counter))
+							act.ttl = math.min(act.ttl, parser.r_ttl)
+						end
+					end
 				else
 					assert(is_bad == false and prefix_labels == 0)
 				end

modules/policy/policy.rpz.test.lua

@@ -39,6 +39,9 @@ local function test_rpz()
 		'case.sensitive.', kres.type.A, kres.rcode.NOERROR, '192.168.8.8')
 	check_answer('"A 192.168.8.8" and domain with uppercase and lowercase letters',
 		'CASe.SENSItivE.', kres.type.A, kres.rcode.NOERROR, '192.168.8.8')
+	check_answer('two AAAA records',
+		'two.records.', kres.type.AAAA, kres.rcode.NOERROR,
+		{'2001:db8::2', '2001:db8::1'})
 end
 
 net.ipv4 = false

modules/policy/policy.test.rpz

@@ -13,3 +13,6 @@ rra-zonename-suffix			A 	192.168.6.6
 testdomain.rra.testdomain.	A 	192.168.7.7
 CaSe.SeNSiTiVe		A	192.168.8.8
 
+two.records		AAAA	2001:db8::2
+two.records		AAAA	2001:db8::1
+