fix: usr: Fix errors when retrying over TCP in notify_send_toaddr

If the source address is not available do not attempt
to retry over TCP otherwise clear the TSIG key from the
message prior to retrying.

Closes #5457

Merge branch '5457-remove-tcp-retry-in-notify-send-toaddr' into 'main'

See merge request isc-projects/bind9!10805

bin/tests/system/notify/ns2/named.conf.j2

@@ -97,3 +97,19 @@ zone x18 { type primary; file "generic.db"; also-notify { 10.53.0.3; }; };
 zone x19 { type primary; file "generic.db"; also-notify { 10.53.0.3; }; };
 zone x20 { type primary; file "generic.db"; also-notify { 10.53.0.3; }; };
 zone x21 { type primary; file "x21.db"; allow-update { any; }; also-notify { x21; }; };
+
+key 10.53.0.53 {
+	algorithm hmac-sha256;
+	secret "aaaabbbbccccddddeeeeffffgggghhhhiiii";
+};
+
+server 10.53.0.53 {
+	notify-source 198.51.100.0; // non existant / not configured
+	keys 10.53.0.53;
+};
+
+zone "change-ns" {
+	type primary;
+	file "change-ns.db";
+	allow-update { any; };
+};

bin/tests/system/notify/setup.sh

@@ -15,3 +15,4 @@
 
 cp -f ns2/example1.db ns2/example.db
 cp -f ns2/generic.db ns2/x21.db
+cp -f ns2/generic.db ns2/change-ns.db

bin/tests/system/notify/tests.sh

@@ -237,5 +237,18 @@ nextpartreset ns3/named.run
 wait_for_log 30 'retries exceeded' ns3/named.run || ret=1
 test_end
 
+test_start "checking notify with bad notify source address and tsig"
+$NSUPDATE <<EOF
+server 10.53.0.2 ${PORT}
+zone change-ns
+update add change-ns 0 NS ns53.change-ns
+update add ns53.change-ns 0 A 10.53.0.53
+send
+EOF
+wait_for_log 10 "zone change-ns/IN: sending notify(SOA) to 10.53.0.53#${PORT} : TSIG (10.53.0.53)" ns2/named.run
+dig_plus_opts ns change-ns @10.53.0.2 >dig.out.test$n || ret=1
+grep "ns2.change-ns." dig.out.test$n >/dev/null || ret=1
+test_end
+
 echo_i "exit status: $status"
 [ $status -eq 0 ] || exit 1

bin/tests/system/notify/tests_sh_notify.py

@@ -15,6 +15,8 @@ pytestmark = pytest.mark.extra_artifacts(
     [
         "awk.out.*",
         "dig.out.*",
+        "ns2/change-ns.db",
+        "ns2/change-ns.db.jnl",
         "ns2/example.db",
         "ns2/named-tls.conf",
         "ns2/x21.db*",

lib/dns/notify.c

@@ -464,7 +464,8 @@ again:
 
 	isc_tlsctx_cache_detach(&zmgr_tlsctx_cache);
 
-	if (result == ISC_R_SUCCESS) {
+	switch (result) {
+	case ISC_R_SUCCESS:
 		if (isc_sockaddr_pf(&notify->dst) == AF_INET) {
 			dns__zone_stats_increment(
 				notify->zone, dns_zonestatscounter_notifyoutv4);
@@ -472,14 +473,25 @@ again:
 			dns__zone_stats_increment(
 				notify->zone, dns_zonestatscounter_notifyoutv6);
 		}
-	} else if (result == ISC_R_SHUTTINGDOWN || result == ISC_R_CANCELED) {
-		goto cleanup_key;
-	} else if ((notify->flags & DNS_NOTIFY_TCP) == 0) {
+		break;
+	case ISC_R_SHUTTINGDOWN:
+	case ISC_R_CANCELED:
+	case ISC_R_ADDRNOTAVAIL:
+	case DNS_R_BLACKHOLED:
+	case ISC_R_FAMILYNOSUPPORT:
 		notify_log(notify, ISC_LOG_NOTICE,
-			   "notify(%s) to %s failed: %s: retrying over TCP",
-			   typebuf, addrbuf, isc_result_totext(result));
-		notify->flags |= DNS_NOTIFY_TCP;
-		goto again;
+			   "notify(%s) to %s failed: %s", typebuf, addrbuf,
+			   isc_result_totext(result));
+		break;
+	default:
+		if ((notify->flags & DNS_NOTIFY_TCP) == 0) {
+			notify_log(notify, ISC_LOG_NOTICE,
+				   "notify(%s) to %s failed: %s: retrying over "
+				   "TCP",
+				   typebuf, addrbuf, isc_result_totext(result));
+			notify->flags |= DNS_NOTIFY_TCP;
+			goto again;
+		}
 	}
 
 cleanup_key:

lib/dns/request.c

@@ -632,6 +632,7 @@ again:
 
 cleanup:
 	if (result != ISC_R_SUCCESS) {
+		dns_message_settsigkey(message, NULL);
 		req_cleanup(request);
 		dns_request_detach(&request);
 		req_log(ISC_LOG_DEBUG(3), "%s: failed %s", __func__,