Preserve ZEROTTL attribute when replacing NS RRset

Previously, BIND 9 would drop the ZEROTTL attribute when updating
previously cached NS entry with ZEROTTL attribute set.

Co-authored-by: Jinmei Tatuya <jtatuya@infoblox.com>
(cherry picked from commit 982ca161c26c2e6cd90b19888331bb015dcbae1f)

diff --git a/lib/dns/rbtdb.c b/lib/dns/rbtdb.c
index b69b87bb0c714ce3937eee299583609dca274102..2ec9b9394149daea0fc827af503121e42bce3fd5 100644 (file)
--- a/lib/dns/rbtdb.c
+++ b/lib/dns/rbtdb.c
@@ -6642,7 +6642,7 @@ find_header:
                        return ISC_R_SUCCESS;
                }
                /*
-                * If we have will be replacing a NS RRset force its TTL
+                * If we will be replacing a NS RRset force its TTL
                 * to be no more than the current NS RRset's TTL.  This
                 * ensures the delegations that are withdrawn are honoured.
                 */
@@ -6651,6 +6651,11 @@ find_header:
                    !newheader_nx && header->trust <= newheader->trust)
                {
                        if (newheader->rdh_ttl > header->rdh_ttl) {
+                               if (ZEROTTL(header)) {
+                                       RDATASET_ATTR_SET(
+                                               newheader,
+                                               RDATASET_ATTR_ZEROTTL);
+                               }
                                newheader->rdh_ttl = header->rdh_ttl;
                        }
                }