- Fix that unbound-control auth_zone_reload stops the

  server answering from the zone after a failure to read.
  Thanks to Qifan Zhang, Palo Alto Networks, for the report.

diff --git a/daemon/remote.c b/daemon/remote.c
index aa05e85e165e3892006e5c56fd04b058fdca711c..eeea9383340c2907726fdb8d1b2fd94f7b96ab43 100644 (file)
--- a/daemon/remote.c
+++ b/daemon/remote.c
@@ -3225,6 +3225,9 @@ do_auth_zone_reload(RES* ssl, struct worker* worker, char* arg)
                return;
        }
        if(!auth_zone_read_zonefile(z, worker->env.cfg)) {
+               /* The old tree was already cleared. Do not answer from the
+                * failed load. */
+               z->zone_expired = 1;
                auth_zone_clear_data(z);
                lock_rw_unlock(&z->lock);
                if(xfr) {

diff --git a/doc/Changelog b/doc/Changelog
index 37762f6eedf143ac458178998ad84e403275a1f3..dced5c76c9f609fd5d9a5c9079845e8791e337e5 100644 (file)
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -11,6 +11,9 @@
          not create an empty node and does not cause an infinite
          loop. Thanks to Qifan Zhang, Palo Alto Networks, for
          the report.
+       - Fix that unbound-control auth_zone_reload stops the
+         server answering from the zone after a failure to read.
+         Thanks to Qifan Zhang, Palo Alto Networks, for the report.
 
 16 June 2026: Wouter
        - Fix to disallow $INCLUDE for secondary zones. Start up