From d6b3d06db7ce3b9229dc30cc0e3a72ba2603da28 Mon Sep 17 00:00:00 2001
From: Bob Halley <source@isc.org>
Date: Fri, 2 Feb 2001 00:10:26 +0000
Subject: [PATCH] Referrals whose NS RRs had a 0 TTL caused the resolver to
 return DNS_R_SERVFAIL.  [RT #783]

---
 CHANGES            |  5 ++++-
 lib/dns/resolver.c | 11 ++++++++++-
 2 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/CHANGES b/CHANGES
index 29757bc316..b4ddeeb72e 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,4 +1,7 @@
- 722.	[func]		Allow incrememtal loads to be canceled.
+ 723.	[bug]		Referrals whose NS RRs had a 0 TTL caused the resolver
+			to return DNS_R_SERVFAIL.  [RT #783]
+
+ 722.	[func]		Allow incremental loads to be canceled.
 
  721.	[cleanup]	Load manager and dns_master_loadfilequota() are no
 			more.
diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c
index 99e3ab7f09..16043badf6 100644
--- a/lib/dns/resolver.c
+++ b/lib/dns/resolver.c
@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: resolver.c,v 1.196 2001/01/19 22:22:16 bwelling Exp $ */
+/* $Id: resolver.c,v 1.197 2001/02/02 00:10:26 halley Exp $ */
 
 #include <config.h>
 
@@ -3495,6 +3495,15 @@ noanswer_response(fetchctx_t *fctx, dns_name_t *oqname) {
 		(void)dns_rdataset_additionaldata(ns_rdataset, check_related,
 						  fctx);
 		fctx->attributes &= ~FCTX_ATTR_GLUING;
+		/*
+		 * NS rdatasets with 0 TTL cause problems.
+		 * dns_view_findzonecut() will not find them when we
+		 * try to follow the referral, and we'll SERVFAIL
+		 * because the best nameservers are now above QDOMAIN.
+		 * We force the TTL to 1 second to prevent this.
+		 */
+		if (ns_rdataset->ttl == 0)
+			ns_rdataset->ttl = 1;
 		/*
 		 * Set the current query domain to the referral name.
 		 *