From 1c6a97055df8b0a069d985755e9454aae98766c1 Mon Sep 17 00:00:00 2001
From: Aram Sargsyan <aram@isc.org>
Date: Wed, 25 Dec 2024 14:30:53 +0000
Subject: [PATCH 1/2] Don't disable RPZ and CATZ for zones with an $INCLUDE
 statement

The code in zone_startload() disables RPZ and CATZ for a zone if
dns_master_loadfile() returns anything other than ISC_R_SUCCESS,
which makes sense, but it's an error because zone_startload() can
also return DNS_R_SEENINCLUDE upon success when the zone had an
$INCLUDE statement.

(cherry picked from commit 3d7a9fba3b41c97b9e536e17c0f711388f1c898a)
---
 lib/dns/zone.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/dns/zone.c b/lib/dns/zone.c
index 3888f71252..e8f824359d 100644
--- a/lib/dns/zone.c
+++ b/lib/dns/zone.c
@@ -2653,13 +2653,13 @@ zone_startload(dns_db_t *db, dns_zone_t *zone, isc_time_t loadtime) {
 	}
 
 cleanup:
-	if (result != ISC_R_SUCCESS) {
+	if (result != ISC_R_SUCCESS && result != DNS_R_SEENINCLUDE) {
 		dns_zone_rpz_disable_db(zone, load->db);
 		dns_zone_catz_disable_db(zone, load->db);
 	}
 
 	tresult = dns_db_endload(db, &load->callbacks);
-	if (result == ISC_R_SUCCESS) {
+	if (result == ISC_R_SUCCESS || result == DNS_R_SEENINCLUDE) {
 		result = tresult;
 	}
 

From c9ecf79e8953ff005f4605978e7ae13059919cf1 Mon Sep 17 00:00:00 2001
From: Aram Sargsyan <aram@isc.org>
Date: Wed, 25 Dec 2024 14:33:39 +0000
Subject: [PATCH 2/2] Fix a typo in dns/master.h

The ISC_R_SEENINCLUDE definition does not exist, the correct one
is DNS_R_SEENINCLUDE.

(cherry picked from commit d75bdabe511b47b33c94135ce9618ea3ddce3e2d)
---
 lib/dns/include/dns/master.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/dns/include/dns/master.h b/lib/dns/include/dns/master.h
index 2e9966f8d0..0a317acee8 100644
--- a/lib/dns/include/dns/master.h
+++ b/lib/dns/include/dns/master.h
@@ -179,7 +179,7 @@ dns_master_loadfileasync(const char *master_file, dns_name_t *top,
  *
  * Returns:
  *\li	ISC_R_SUCCESS upon successfully loading the master file.
- *\li	ISC_R_SEENINCLUDE upon successfully loading the master file with
+ *\li	DNS_R_SEENINCLUDE upon successfully loading the master file with
  *		a $INCLUDE statement.
  *\li	ISC_R_NOMEMORY out of memory.
  *\li	ISC_R_UNEXPECTEDEND expected to be able to read a input token and