From: Ondřej Surý <ondrej@isc.org>
Date: Fri, 20 Feb 2026 18:17:12 +0000 (+0100)
Subject: [9.20] fix: usr: fetch loop detection improvements
X-Git-Tag: v9.20.20~15
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=892c3e78926b63a426c509d50a7efb14ad06b920;p=thirdparty%2Fbind9.git

[9.20] fix: usr: fetch loop detection improvements

Fixes a case where an in-domain NS with an expired glue would fail to resolve.

Let's consider the following parent-side delegation (both for `foo.example.` and `dnshost.example.`

```
foo.example.            3600    NS      ns.dnshost.example.
dnshost.example.        3600    NS      ns.dnshost.example.
ns.dnshost.example.     3600    A       1.2.3.4
```

Then the child-side of `dnshost.example.`:

```
dnshost.example.        300     NS      ns.dnshost.example.
ns.dnshost.example.     300     A       1.2.3.4
```

And then the child-side of `foo.example.`:

```
foo.example             3600    NS      ns.dnshost.example.
a.foo.example           300     A       5.6.7.8
```

While there is a zone misconfiguration (the TTL of the delegation and glue doesn't match in the parent and the child), it is possible to resolve `a.foo.example` on a cold-cache resolver. However, after the `ns.dnshost.example.` glue expires, the resolution would have failed with a "fetch loop detected" error. This is now fixed.

Closes #5588

Backport of MR !11535

Merge branch 'backport-5588-loopfetches-9.20' into 'bind-9.20'

See merge request isc-projects/bind9!11547
---

892c3e78926b63a426c509d50a7efb14ad06b920