From 2e45866715e72df986b9887e85c7f5e54e095502 Mon Sep 17 00:00:00 2001
From: Evan Hunt <each@isc.org>
Date: Sat, 2 Dec 2023 21:01:06 -0800
Subject: [PATCH] use DNS_DB_NONSEC3 flag when copying non-dnssec records

when copying the non-dnssec records in receive_secure_db(),
use DNS_DB_NONSEC3 so we don't accidentally create nodes in
the main tree for NSEC3 records. this was a long-standing error
in the code, but was harmless in the RBTDB.
---
 lib/dns/zone.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/dns/zone.c b/lib/dns/zone.c
index 25a682005d..edac498c67 100644
--- a/lib/dns/zone.c
+++ b/lib/dns/zone.c
@@ -17220,7 +17220,7 @@ receive_secure_db(void *arg) {
 		goto failure;
 	}
 
-	result = dns_db_createiterator(rawdb, 0, &dbiterator);
+	result = dns_db_createiterator(rawdb, DNS_DB_NONSEC3, &dbiterator);
 	if (result != ISC_R_SUCCESS) {
 		goto failure;
 	}