use DNS_DB_NONSEC3 flag when copying non-dnssec records

when copying the non-dnssec records in receive_secure_db(),
use DNS_DB_NONSEC3 so we don't accidentally create nodes in
the main tree for NSEC3 records. this was a long-standing error
in the code, but was harmless in the RBTDB.

diff --git a/lib/dns/zone.c b/lib/dns/zone.c
index 25a682005d33a2ece96ce3bac464aeb5a0152354..edac498c67e30f4464b6b2d2e64519f6f3e40f03 100644 (file)
--- a/lib/dns/zone.c
+++ b/lib/dns/zone.c
@@ -17220,7 +17220,7 @@ receive_secure_db(void *arg) {
                goto failure;
        }
 
-       result = dns_db_createiterator(rawdb, 0, &dbiterator);
+       result = dns_db_createiterator(rawdb, DNS_DB_NONSEC3, &dbiterator);
        if (result != ISC_R_SUCCESS) {
                goto failure;
        }