The changes making BIND 9 parent-centric !11621 introduced an issue where it could be possible, when processing a referral, to use the glue to a nameserver which has a different parent than the zonecut. For instance:
AUTHORITY
test.example. NS ns.test.example.
test.example. NS ns.foo.example.
test.example. NS ns.bar.
ADDITIONAL
ns.bar. A 1.2.3.4
ns.foo.example. A 5.6.7.8
ns.test.example. A 9.8.7.6
In such situation, only the glues for `ns.foo.example.` and `ns.test.example.` should be used, and the glue from `ns.bar.` must be ignored as this is not either a sub-domain or a sibling domain, the parent is different (`bar.` instead of `example.`). This is now fixed.
Sibling glue and cyclic sibling glues are defined in RFC 9471 section 2.2 and section 2.3.
Merge branch 'colin/cyclic-glues-test' into 'main'
See merge request isc-projects/bind9!11873
projects / thirdparty / bind9.git / commitdiff
