From d4c4edff1fd88df3106703b7c0194f22ed4a8ad2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ond=C5=99ej=20Sur=C3=BD?= <ondrej@isc.org>
Date: Tue, 26 Aug 2025 17:52:45 +0200
Subject: [PATCH] Preserve ZEROTTL attribute when replacing NS RRset

Previously, BIND 9 would drop the ZEROTTL attribute when updating
previously cached NS entry with ZEROTTL attribute set.

Co-authored-by: Jinmei Tatuya <jtatuya@infoblox.com>
(cherry picked from commit 982ca161c26c2e6cd90b19888331bb015dcbae1f)
---
 lib/dns/rbtdb.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/lib/dns/rbtdb.c b/lib/dns/rbtdb.c
index b69b87bb0c..2ec9b93941 100644
--- a/lib/dns/rbtdb.c
+++ b/lib/dns/rbtdb.c
@@ -6642,7 +6642,7 @@ find_header:
 			return ISC_R_SUCCESS;
 		}
 		/*
-		 * If we have will be replacing a NS RRset force its TTL
+		 * If we will be replacing a NS RRset force its TTL
 		 * to be no more than the current NS RRset's TTL.  This
 		 * ensures the delegations that are withdrawn are honoured.
 		 */
@@ -6651,6 +6651,11 @@ find_header:
 		    !newheader_nx && header->trust <= newheader->trust)
 		{
 			if (newheader->rdh_ttl > header->rdh_ttl) {
+				if (ZEROTTL(header)) {
+					RDATASET_ATTR_SET(
+						newheader,
+						RDATASET_ATTR_ZEROTTL);
+				}
 				newheader->rdh_ttl = header->rdh_ttl;
 			}
 		}