git.ipfire.org Git - thirdparty/bind9.git/commit

author	Ondřej Surý <ondrej@isc.org>
	Wed, 29 Apr 2026 17:23:19 +0000 (19:23 +0200)
committer	Ondřej Surý <ondrej@isc.org>
	Thu, 30 Apr 2026 05:38:57 +0000 (07:38 +0200)
commit	36897a087246779e5b14d1be796e78cc2d67c4d3
tree	659d39d7c10b98916536d30826d3415b4490c413	tree \| snapshot
parent	7e1eace6cd64835357c7491b653c0d4475be7c4d	commit \| diff

Fix swapped arguments in redirect2() single-label branch

For a query whose qname is the root, the labels==1 branch in
redirect2() called dns_name_copy(redirectname, view->redirectzone)
with arguments reversed, overwriting the view-global
nxdomain-redirect target with the empty redirectname rather than
copying the configured target into the per-query lookup name. After
the corruption, view->redirectzone names the root, so
dns_name_issubdomain() makes redirect2() short-circuit for every
subsequent query and the nxdomain-redirect feature stops working
until named is restarted.

Triggering this needs the resolver to receive an NXDOMAIN for the
root from upstream, which does not happen in normal DNS operation.

Swap the arguments to match the dns_name_copy(source, dest)
signature. Add a system test that issues a root query through the
nxdomain-redirect resolver and verifies the redirect feature still
works for a normal NXDOMAIN-producing query afterwards.

Assisted-by: Claude:claude-opus-4-7
(cherry picked from commit c62f24f7eea4447609e4e3f14773ae7a1beb6709)

bin/tests/system/redirect/tests.sh		diff \| blob \| blame \| history
lib/ns/query.c		diff \| blob \| blame \| history