unbound 1.13.1 rpz-ip with ‘cname rpz-drop.’ and rpz-ip with "rpz-action-override: drop" can't take effect

[siwangqishidk]

Hey Guys ，I meet a problem.help me please.

Describe the bug

rpz:
name: xxx
zonefile: /etc/unbound/zone/xxx
cat /etc/unbound/zone/xxx
32.24.10.68.1.rpz-ip IN CNAME rpz-drop.

To reproduce
Steps to reproduce the behavior:

1. Configure iteration server
2. use dig to send request and return www.mmm.com A 1.68.10.24
3. I configure ”32.24.10.68.1.rpz.ip CNAME rpz.drop. “ in /etc/unbound/zone/xxx
4. use dig to send request again and also return www.mmm.com A 1.68.10.24
5. open rpz-log . Can see it.
   info: RPZ applied [xxx] 1.68.10.24/32 drop 169.254.1.1@54743 www.mmm.com. A IN
6. I change rpz.drop. to . or *. 。 They can take effect and return NXDOMAIN or NODATA，so I think rpz.drop has wrong behavior.

Expected behavior
RPZ-DROP would be same as drop that local-data use.

System: linux

• Unbound version: 1.13.1
• OS:Linux localhost-8 4.9.230 Allow suppression of pidfiles. #1 SMP Thu Jul 29 19:22:53 CST 2021 x86_64 Intel(R) Core(TM)2 Duo CPU T7700 @ 2.40GHz GenuineIntel GNU/Linux
• unbound -V output: Version 1.13.1

Configure line: --enable-cachedb --with-libhiredis --with-libevent --enable-subnet
Linked libs: libevent 2.0.21-stable (it uses epoll), OpenSSL 1.0.1c 10 May 2012
Linked modules: respip subnetcache iterator

BSD licensed, see LICENSE in source package for details.
Report bugs to unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues

Additional information
Add any other information that you may have gathered about the issue here.