From e7684c7b640c838308e43911477ace171db1597a Mon Sep 17 00:00:00 2001
From: Evan Hunt <each@isc.org>
Date: Mon, 17 Jun 2019 17:11:00 -0700
Subject: [PATCH 1/3] allow glue in authoritative responses to root priming
 queries

- when processing authoritative queries for ./NS, set 'gluedb' so
  that glue will be included in the response, regardless of how
  'minimal-responses' has been configured.
---
 lib/ns/query.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/lib/ns/query.c b/lib/ns/query.c
index d990f4a150..9c8086cfc9 100644
--- a/lib/ns/query.c
+++ b/lib/ns/query.c
@@ -7279,11 +7279,13 @@ query_respond(query_ctx_t *qctx) {
 		}
 
 		/*
-		 * BIND 8 priming queries need the additional section.
+		 * Always add glue for root priming queries, regardless
+		 * of "minimal-responses" setting.
 		 */
 		if (dns_name_equal(qctx->client->query.qname, dns_rootname)) {
 			qctx->client->query.attributes &=
 				~NS_QUERYATTR_NOADDITIONAL;
+			dns_db_attach(qctx->db, &qctx->client->query.gluedb);
 		}
 	}
 
@@ -10671,6 +10673,10 @@ ns_query_done(query_ctx_t *qctx) {
 	qctx_clean(qctx);
 	qctx_freedata(qctx);
 
+	if (qctx->client->query.gluedb != NULL) {
+		dns_db_detach(&qctx->client->query.gluedb);
+	}
+
 	/*
 	 * Clear the AA bit if we're not authoritative.
 	 */

From 9a1f0ea873624b1ffd0891717401c386fec2749f Mon Sep 17 00:00:00 2001
From: Evan Hunt <each@isc.org>
Date: Mon, 17 Jun 2019 19:12:02 -0700
Subject: [PATCH 2/3] add system test to confirm glue is returned in priming
 queries

---
 .../system/additional/ns1/named1.conf.in      |  5 +++
 .../system/additional/ns1/named2.conf.in      |  5 +++
 .../system/additional/ns1/named3.conf.in      |  5 +++
 .../system/additional/ns1/named4.conf.in      |  5 +++
 bin/tests/system/additional/ns1/root.db       | 19 +++++++++++
 bin/tests/system/additional/tests.sh          | 32 +++++++++++++++++++
 6 files changed, 71 insertions(+)
 create mode 100644 bin/tests/system/additional/ns1/root.db

diff --git a/bin/tests/system/additional/ns1/named1.conf.in b/bin/tests/system/additional/ns1/named1.conf.in
index 1fb8e7a601..4c850109d9 100644
--- a/bin/tests/system/additional/ns1/named1.conf.in
+++ b/bin/tests/system/additional/ns1/named1.conf.in
@@ -29,6 +29,11 @@ controls {
 	inet 10.53.0.1 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
 };
 
+zone "." {
+        type master;
+        file "root.db";
+};
+
 zone "rt.example" {
 	type master;
 	file "rt.db";
diff --git a/bin/tests/system/additional/ns1/named2.conf.in b/bin/tests/system/additional/ns1/named2.conf.in
index 84a55481e7..b71434892c 100644
--- a/bin/tests/system/additional/ns1/named2.conf.in
+++ b/bin/tests/system/additional/ns1/named2.conf.in
@@ -29,6 +29,11 @@ controls {
 	inet 10.53.0.1 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
 };
 
+zone "." {
+        type master;
+        file "root.db";
+};
+
 zone "rt.example" {
 	type master;
 	file "rt.db";
diff --git a/bin/tests/system/additional/ns1/named3.conf.in b/bin/tests/system/additional/ns1/named3.conf.in
index c0b697986a..3df718436a 100644
--- a/bin/tests/system/additional/ns1/named3.conf.in
+++ b/bin/tests/system/additional/ns1/named3.conf.in
@@ -30,6 +30,11 @@ controls {
 	inet 10.53.0.1 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
 };
 
+zone "." {
+        type master;
+        file "root.db";
+};
+
 zone "rt.example" {
 	type master;
 	file "rt.db";
diff --git a/bin/tests/system/additional/ns1/named4.conf.in b/bin/tests/system/additional/ns1/named4.conf.in
index a8f0aa4beb..f7947c2e2a 100644
--- a/bin/tests/system/additional/ns1/named4.conf.in
+++ b/bin/tests/system/additional/ns1/named4.conf.in
@@ -29,6 +29,11 @@ controls {
 	inet 10.53.0.1 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
 };
 
+zone "." {
+        type master;
+        file "root.db";
+};
+
 zone "mx.example" {
 	type master;
 	file "mx.db";
diff --git a/bin/tests/system/additional/ns1/root.db b/bin/tests/system/additional/ns1/root.db
new file mode 100644
index 0000000000..7db363b2bf
--- /dev/null
+++ b/bin/tests/system/additional/ns1/root.db
@@ -0,0 +1,19 @@
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, You can obtain one at http://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+. IN SOA ns2. hostmaster ( 2 8H 2H 4W 1D);
+. NS ns1.rt.example.
+. NS ns2.rt.example.
+ns1.rt.example. A 10.53.0.1
+ns2.rt.example. A 10.53.0.2
+rt.example. NS ns1.
+naptr.example. NS ns1.
+rt2.example. NS ns1.
+naptr2.example. NS ns1.
+nid.example. NS ns1.
diff --git a/bin/tests/system/additional/tests.sh b/bin/tests/system/additional/tests.sh
index e3e9a3da25..40642869b1 100644
--- a/bin/tests/system/additional/tests.sh
+++ b/bin/tests/system/additional/tests.sh
@@ -210,6 +210,38 @@ dotests() {
     if [ $ret -eq 1 ] ; then
             echo_i " failed"; status=1
     fi
+
+    n=`expr $n + 1`
+    echo_i "test with NS, root zone ($n)"
+    ret=0
+    $DIG $DIGOPTS -t NS . @10.53.0.1 > dig.out.$n || ret=1
+    # Always expect glue for root priming queries, regardless $minimal
+    grep 'ADDITIONAL: 3' dig.out.$n > /dev/null || ret=1
+    if [ $ret -eq 1 ] ; then
+            echo_i " failed"; status=1
+    fi
+
+    n=`expr $n + 1`
+    echo_i "test with NS, non-root zone ($n)"
+    ret=0
+    $DIG $DIGOPTS -t NS rt.example @10.53.0.1 > dig.out.$n || ret=1
+    case $minimal in
+    yes)
+      grep 'ADDITIONAL: 1' dig.out.$n > /dev/null || ret=1
+      ;;
+    no)
+      grep 'ADDITIONAL: 2' dig.out.$n > /dev/null || ret=1
+      ;;
+    no-auth)
+      grep 'ADDITIONAL: 2' dig.out.$n > /dev/null || ret=1
+      ;;
+    no-auth-recursive)
+      grep 'ADDITIONAL: 2' dig.out.$n > /dev/null || ret=1
+      ;;
+    esac
+    if [ $ret -eq 1 ] ; then
+            echo_i " failed"; status=1
+    fi
 }
 
 echo_i "testing with 'minimal-responses yes;'"

From 03a6a78b553e5ee569650188ddf4fb2851e53acc Mon Sep 17 00:00:00 2001
From: Evan Hunt <each@isc.org>
Date: Mon, 17 Jun 2019 19:13:59 -0700
Subject: [PATCH 3/3] CHANGES, release note

---
 CHANGES           | 4 ++++
 doc/arm/notes.xml | 6 ++++++
 2 files changed, 10 insertions(+)

diff --git a/CHANGES b/CHANGES
index dc2390118d..99fa2d096b 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,7 @@
+5256.	[bug]		Ensure that glue records are included in root
+			priming responses if "minimal-responses" is not
+			set to "yes". [GL #1092]
+
 5255.	[bug]		Errors encountered while reloading inline-signing
 			zones could be ignored, causing the zone content to
 			be left in an incompletely updated state rather than
diff --git a/doc/arm/notes.xml b/doc/arm/notes.xml
index 275e6489d5..b5db249e82 100644
--- a/doc/arm/notes.xml
+++ b/doc/arm/notes.xml
@@ -265,6 +265,12 @@
 	  <command>$prefix/var</command> are respected.
 	</para>
       </listitem>
+      <listitem>
+	<para>
+	  Glue address records were not being returned in responses
+	  to root priming queries; this has been corrected. [GL #1092]
+	</para>
+      </listitem>
     </itemizedlist>
   </section>