git.ipfire.org Git - thirdparty/bind9.git/commit

author	Ondřej Surý <ondrej@isc.org>
	Thu, 16 Apr 2026 11:25:03 +0000 (13:25 +0200)
committer	Ondřej Surý <ondrej@isc.org>
	Fri, 17 Apr 2026 14:09:39 +0000 (16:09 +0200)
commit	e9f880c78ff3c2f799763628060eca0f0d64e70f
tree	ebe51c603a60d7b3000ae03272a307bf283fa9ba	tree \| snapshot
parent	3a44a13232991ba054aa157a1c3ffb8376359b42	commit \| diff

Add AXFR regression test for SIG covers preservation

diff.c rdata_covers() runs on both dns_diff_apply (IXFR, ns/update.c
dynamic updates) and dns_diff_load (AXFR). After the previous commit
refused SIG and NXT in dynamic updates, the AXFR path remains the
most natural way to drive legacy SIG records into a secondary's zone
DB and regression-gate the rdata_covers() fix.

The test adds ans11 as an AsyncDnsServer primary for a small zone
whose AXFR carries two SIG rdatas at the same owner with different
covered types (A, MX) and different TTLs (600, 1200), and declares
ns6 a secondary of that zone. With the bug present, dns_diff_load
groups both tuples at typepair (SIG, 0) and the MX-covering record
inherits the first-seen TTL (600); the fix keeps them at (SIG, A)
and (SIG, MX) with their original TTLs.

rndc dumpdb -zones on the secondary is used to inspect stored state
directly, because the wire-level SIG query response merges
same-(owner,type,class) RRs and masks the per-rdataset TTLs.

bin/tests/system/nsupdate/ans11/ans.py	[new file with mode: 0644]	blob
bin/tests/system/nsupdate/ns6/named.conf.j2		diff \| blob \| blame \| history
bin/tests/system/nsupdate/tests_tcp_self_sig.py		diff \| blob \| blame \| history