Merge branch '3071-signed-version-of-an-inline-signed-zone-may-be-dumped-without-unsigned-serial-number' into 'main'

Do not detach raw zone until dumping is complete

Closes #3071

See merge request isc-projects/bind9!5680

CHANGES

@@ -1,3 +1,9 @@
+5786.	[bug]		Defer detaching from zone->raw in zone_shutdown() if
+			the zone is in the process of being dumped to disk to
+			ensure that the unsigned serial number information is
+			always written in the raw-format header of the signed
+			version on an inline-signed zone. [GL #3071]
+
 5785.	[bug]		named could leak memory when two dnssec-policy clauses
 			had the same name. named failed to log this error.
 			[GL #3085]

doc/notes/notes-current.rst

@@ -43,3 +43,9 @@ Bug Fixes
 
 - On FreeBSD, a TCP connection would leak a small amount of heap memory leading
   to out-of-memory problem in a long run. This has been fixed. :gl:`#3051`
+
+- Under certain circumstances, the signed version of an inline-signed zone could
+  be dumped to disk without the serial number of the unsigned version of the
+  zone being saved. This could prevent resynchronization of zone contents after
+  ``named`` restarted, if the unsigned zone file had been modified while
+  ``named`` was not running. This has been fixed. :gl:`#3071`

lib/dns/zone.c

@@ -11947,6 +11947,9 @@ dump_done(void *arg, isc_result_t result) {
 		dns_dumpctx_detach(&zone->dctx);
 	}
 	zonemgr_putio(&zone->writeio);
+	if (DNS_ZONE_FLAG(zone, DNS_ZONEFLG_SHUTDOWN) && zone->raw != NULL) {
+		dns_zone_detach(&zone->raw);
+	}
 	UNLOCK_ZONE(zone);
 	if (again) {
 		(void)zone_dump(zone, false);
@@ -15028,7 +15031,7 @@ zone_shutdown(isc_task_t *task, isc_event_t *event) {
 	 */
 	DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_SHUTDOWN);
 	free_needed = exit_check(zone);
-	if (inline_secure(zone)) {
+	if (inline_secure(zone) && !DNS_ZONE_FLAG(zone, DNS_ZONEFLG_DUMPING)) {
 		raw = zone->raw;
 		zone->raw = NULL;
 	}