From 779980710c2ad6696fa8687ae19584ee65372f4e Mon Sep 17 00:00:00 2001
From: Mark Andrews <marka@isc.org>
Date: Wed, 13 Sep 2023 10:59:39 +1000
Subject: [PATCH 1/3] Correctly set the value of covered in dns_ncache_current

Fix the type and rdclass being passed to dns_rdata_tostruct so
that rrsig.covered is correctly set.
---
 lib/dns/ncache.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/dns/ncache.c b/lib/dns/ncache.c
index 26c92317a8..f6ec3cbb93 100644
--- a/lib/dns/ncache.c
+++ b/lib/dns/ncache.c
@@ -722,7 +722,7 @@ dns_ncache_current(dns_rdataset_t *ncacherdataset, dns_name_t *found,
 		raw += 2;
 		sigregion.base = raw;
 		dns_rdata_reset(&rdata);
-		dns_rdata_fromregion(&rdata, rdataset->rdclass, rdataset->type,
+		dns_rdata_fromregion(&rdata, ncacherdataset->rdclass, type,
 				     &sigregion);
 		(void)dns_rdata_tostruct(&rdata, &rrsig, NULL);
 		covers = rrsig.covered;

From 8ce359652a3e0c873520b319e9ee4d17e048d75c Mon Sep 17 00:00:00 2001
From: Mark Andrews <marka@isc.org>
Date: Fri, 15 Sep 2023 14:27:31 +1000
Subject: [PATCH 2/3] Check RRSIG covered type in negative cache entry

The covered type previously displayed as TYPE0 when it should
have reflected the records that was actually covered.
---
 bin/tests/system/dnssec/tests.sh | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/bin/tests/system/dnssec/tests.sh b/bin/tests/system/dnssec/tests.sh
index f3e579d1fd..5daa9bff50 100644
--- a/bin/tests/system/dnssec/tests.sh
+++ b/bin/tests/system/dnssec/tests.sh
@@ -377,6 +377,14 @@ if [ -x "${DELV}" ] ; then
    status=$((status+ret))
 fi
 
+echo_i "checking RRSIG covered type in negative cache entry ($n)"
+ret=0
+rndc_dumpdb ns4
+grep -F '; example. RRSIG NSEC ...' ns4/named_dump.db.test$n > /dev/null || ret=1
+n=$((n+1))
+test "$ret" -eq 0 || echo_i "failed"
+status=$((status+ret))
+
 echo_i "checking negative validation NXDOMAIN NSEC3 ($n)"
 ret=0
 dig_with_opts +noauth q.nsec3.example. \

From 80298ade33cfe63085fad2d4b80840e31ba348d3 Mon Sep 17 00:00:00 2001
From: Mark Andrews <marka@isc.org>
Date: Wed, 13 Sep 2023 11:22:30 +1000
Subject: [PATCH 3/3] Add a CHANGES note for [GL #4314]

---
 CHANGES | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/CHANGES b/CHANGES
index 45a341eb51..98b8314ab2 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,9 @@
+6250.	[bug]		The wrong covered value was being set by
+			dns_ncache_current for RRSIG records in the returned
+			rdataset structure. This resulted in TYPE0 being
+			reported as the covered value of the RRSIG when dumping
+			the cache contents. [GL #4314]
+
 6249.	[cleanup]	Reduce the number of reserved UDP dispatches
 			to the number of loops, replace the round-robin
 			mechanism in dns_dispatchset_t with dispatches