Merge branch '390-do-not-treat-a-referral-with-a-non-empty-answer-section-as-an-error' into 'master'

Do not treat a referral with a non-empty ANSWER section as an error Closes #390 See merge request isc-projects/bind9!628
2026-06-10 21:00:00 -04:00 · 2018-08-22 04:42:58 -04:00 · 2018-08-22 04:42:58 -04:00 · 71793853df
commit 71793853df
parent 3596bad5ce 2923ab4945
5 changed files with 21 additions and 1 deletions
--- a/3
+++ b/3
@ -1,3 +1,6 @@
+5013.	[bug]		A referral response with a non-empty ANSWER section was
+			inadvertently being treated as an error. [GL #390]
+
 5012.	[bug]		Fix lock order reversal in pk11_initialize. [GL !590]

 5011.	[func]		Remove support for unthreaded named. [GL #478]
--- a/bin/tests/system/resolver/ans2/ans.pl
+++ b/bin/tests/system/resolver/ans2/ans.pl
@ -107,6 +107,10 @@ for (;;) {
 		# expected to be accepted regardless of the filter setting.
 		$packet->push("authority", new Net::DNS::RR("sub.example.org 300 NS ns.sub.example.org"));
 		$packet->push("additional", new Net::DNS::RR("ns.sub.example.org 300 A 10.53.0.3"));
+	} elsif ($qname =~ /glue-in-answer\.example\.org/) {
+		$packet->push("answer", new Net::DNS::RR("ns.glue-in-answer.example.org 300 A 10.53.0.3"));
+		$packet->push("authority", new Net::DNS::RR("glue-in-answer.example.org 300 NS ns.glue-in-answer.example.org"));
+		$packet->push("additional", new Net::DNS::RR("ns.glue-in-answer.example.org 300 A 10.53.0.3"));
 	} elsif ($qname =~ /\.broken/ || $qname =~ /^broken/) {
 		# Delegation to broken TLD.
 		$packet->push("authority", new Net::DNS::RR("broken 300 NS ns.broken"));
--- a/bin/tests/system/resolver/ans3/ans.pl
+++ b/bin/tests/system/resolver/ans3/ans.pl
@ -107,6 +107,8 @@ for (;;) {
 	} elsif ($qname eq "www.ok.sub.example.org") {
 		$packet->push("answer",
 			      new Net::DNS::RR($qname . " 300 A 192.0.2.1"));
+	} elsif ($qname eq "foo.glue-in-answer.example.org") {
+		$packet->push("answer", new Net::DNS::RR($qname . " 300 A 192.0.2.1"));
 	} else {
 		$packet->push("answer", new Net::DNS::RR("www.example.com 300 A 1.2.3.4"));
 	}
--- a/bin/tests/system/resolver/tests.sh
+++ b/bin/tests/system/resolver/tests.sh
@ -247,6 +247,15 @@ if [ -x ${RESOLVE} ] ; then
    status=`expr $status + $ret`
 fi

+n=`expr $n + 1`
+echo_i "check that the resolver accepts a referral response with a non-empty ANSWER section ($n)"
+ret=0
+$DIG $DIGOPTS @10.53.0.1 foo.glue-in-answer.example.org. A > dig.ns1.out.${n} || ret=1
+grep "status: NOERROR" dig.ns1.out.${n} > /dev/null || ret=1
+grep "foo.glue-in-answer.example.org.*192.0.2.1" dig.ns1.out.${n} > /dev/null || ret=1
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=`expr $status + $ret`
+
 n=`expr $n + 1`
 echo_i "RT21594 regression test check setup ($n)"
 ret=0
--- a/lib/dns/resolver.c
+++ b/lib/dns/resolver.c
@ -7881,7 +7881,9 @@ rctx_answer(respctx_t *rctx) {
 			}
 		}

-		if (result != DNS_R_DELEGATION) {
+		if (result == DNS_R_DELEGATION) {
+			result = ISC_R_SUCCESS;
+		} else {
 			/*
 			 * At this point, AA is not set, the response
 			 * is not a referral, and the server is not a