Do not cache NS from referral in negative responses

author Colin Vidal <colin@isc.org>

Fri, 27 Feb 2026 16:07:31 +0000 (17:07 +0100)

committer Colin Vidal <colin@isc.org>

Mon, 30 Mar 2026 18:41:13 +0000 (20:41 +0200)
author Colin Vidal <colin@isc.org>
Fri, 27 Feb 2026 16:07:31 +0000 (17:07 +0100)
committer Colin Vidal <colin@isc.org>
Mon, 30 Mar 2026 18:41:13 +0000 (20:41 +0200)
diff --git a/bin/tests/system/dnssec/tests_validation.py b/bin/tests/system/dnssec/tests_validation.py

index ed848619b8e5639144087044e2f0480892d17c8c..ed920749cf9547838a0f283641fdbf86e3ad04fb 100644 (file)
--- a/bin/tests/system/dnssec/tests_validation.py
+++ b/bin/tests/system/dnssec/tests_validation.py
@@ -990,14 +990,14 @@ def test_validation_recovery(ns2, ns4):
      msg = isctest.query.create("inconsistent", "NS", dnssec=False, cd=True)
      res = isctest.query.tcp(msg, "10.53.0.4")
      isctest.check.noadflag(res)
-    isctest.check.rr_count_eq(res.answer, 1)
-    isctest.check.rr_count_eq(res.additional, 1)
+    isctest.check.rr_count_eq(res.answer, 2)
+    isctest.check.rr_count_eq(res.additional, 0)
  
      msg = isctest.query.create("inconsistent", "NS", cd=True)
      res = isctest.query.tcp(msg, "10.53.0.4")
      isctest.check.noadflag(res)
-    isctest.check.rr_count_eq(res.answer, 1)
-    isctest.check.rr_count_eq(res.additional, 1)
+    isctest.check.rr_count_eq(res.answer, 3)
+    isctest.check.rr_count_eq(res.additional, 0)
  
      msg = isctest.query.create("inconsistent", "NS")
      res = isctest.query.tcp(msg, "10.53.0.4")
@@ -1058,7 +1058,7 @@ def test_validating_forwarder(ns4, ns9):
      msg = isctest.query.create("inconsistent", "NS", dnssec=False, cd=True)
      res = isctest.query.tcp(msg, "10.53.0.9")
      isctest.check.noerror(res)
-    isctest.check.rr_count_eq(res.answer, 1)
+    isctest.check.rr_count_eq(res.answer, 2)
      isctest.check.rr_count_eq(res.additional, 0)
      isctest.check.noadflag(res)
  
@@ -1066,7 +1066,7 @@ def test_validating_forwarder(ns4, ns9):
      res = isctest.query.tcp(msg, "10.53.0.9")
      isctest.check.rr_count_eq(res.additional, 0)
      isctest.check.noadflag(res)
-    isctest.check.rr_count_eq(res.answer, 1)
+    isctest.check.rr_count_eq(res.answer, 3)
      isctest.check.rr_count_eq(res.authority, 0)
      isctest.check.rr_count_eq(res.additional, 0)
  
diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c

index 29bf22389e49e688c7ad6ff74bab9783beae446d..c9e38fc678cafe9fa299264e19efab35f1a934dc 100644 (file)
--- a/lib/dns/resolver.c
+++ b/lib/dns/resolver.c
@@ -9028,9 +9028,6 @@ rctx_authority_negative(respctx_t *rctx) {
                                         rctx->ns_name = name;
                                         rctx->ns_rdataset = rdataset;
                                 }
-                               name->attributes.cache = true;
-                               rdataset->attributes.cache = true;
-                               rdataset->trust = dns_trust_glue;
                                 break;
                         case dns_rdatatype_soa:
                                 /*
author	Colin Vidal <colin@isc.org>
	Fri, 27 Feb 2026 16:07:31 +0000 (17:07 +0100)
committer	Colin Vidal <colin@isc.org>
	Mon, 30 Mar 2026 18:41:13 +0000 (20:41 +0200)
bin/tests/system/dnssec/tests_validation.py		patch \| blob \| blame \| history
lib/dns/resolver.c		patch \| blob \| blame \| history