From: Ondřej Surý <ondrej@isc.org>
Date: Fri, 17 Apr 2026 17:24:17 +0000 (+0200)
Subject: [9.20] fix: usr: Fix named crash when processing SIG records in dynamic updates
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9e34ef0f7ed6b359da45b1874263abc602876f51;p=thirdparty%2Fbind9.git

[9.20] fix: usr: Fix named crash when processing SIG records in dynamic updates

Previously, :iscman:`named` could abort if a client sent a dynamic update containing a SIG record (the legacy signature type) to a zone configured with an update-policy. The function `dns_db_findrdataset` had an incorrect requirements prerequisite that prevented SIG records being looked up, which was triggered as part of processing an UPDATE request and could be triggered remotely by any client permitted to send updates. This has been fixed by ensuring that SIG records are handled consistently with RRSIG records during update processing.

Closes #5818

Backport of MR !11864

Merge branch 'backport-5818-fix-update-of-sig-9.20' into 'bind-9.20'

See merge request isc-projects/bind9!11876
---

9e34ef0f7ed6b359da45b1874263abc602876f51