From 0ad024cc4272894e877e3a7896f80a2892bc703c Mon Sep 17 00:00:00 2001
From: Mark Andrews <marka@isc.org>
Date: Tue, 8 Feb 2005 23:51:32 +0000
Subject: [PATCH] 1806.   [bug]           The resolver returned the wrong
 result when a CNAME /                         DNAME was encountered when
 fetching glue from a                         secure namespace. [RT #13501]

1805.   [bug]           Pending status was not being cleared when DLV was
                        active. [RT #13501]
---
 CHANGES             |  7 +++++--
 lib/dns/resolver.c  | 10 +++++++++-
 lib/dns/validator.c | 14 ++++++++++++--
 3 files changed, 26 insertions(+), 5 deletions(-)

diff --git a/CHANGES b/CHANGES
index 97179864c9..82bc02e06b 100644
--- a/CHANGES
+++ b/CHANGES
@@ -9,9 +9,12 @@
 
 1807.	[placeholder]	rt13526
 
-1806.	[placeholder]	rt13501
+1806.	[bug]		The resolver returned the wrong result when a CNAME /
+			DNAME was encountered when fetching glue from a
+			secure namespace. [RT #13501]
 
-1805.	[placeholder]	rt13501
+1805.	[bug]		Pending status was not being cleared when DLV was
+			active. [RT #13501]
 
 1804.	[placeholder]	rt10114
 
diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c
index cbb2cee73e..9680424404 100644
--- a/lib/dns/resolver.c
+++ b/lib/dns/resolver.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: resolver.c,v 1.302 2005/02/07 00:53:28 marka Exp $ */
+/* $Id: resolver.c,v 1.303 2005/02/08 23:51:31 marka Exp $ */
 
 #include <config.h>
 
@@ -3587,6 +3587,14 @@ cache_name(fetchctx_t *fctx, dns_name_t *name, isc_stdtime_t now) {
 							fctx->validators,
 							validator, link);
 				}
+			} else if (CHAINING(rdataset)) {
+				if (rdataset->type == dns_rdatatype_cname)
+					eresult = DNS_R_CNAME;
+				else {
+					INSIST(rdataset->type ==
+					       dns_rdatatype_dname);
+					eresult = DNS_R_DNAME;
+				}
 			}
 		} else if (!EXTERNAL(rdataset)) {
 			/*
diff --git a/lib/dns/validator.c b/lib/dns/validator.c
index ef1dc75920..612e24ef8f 100644
--- a/lib/dns/validator.c
+++ b/lib/dns/validator.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: validator.c,v 1.124 2004/11/17 23:52:31 marka Exp $ */
+/* $Id: validator.c,v 1.125 2005/02/08 23:51:32 marka Exp $ */
 
 #include <config.h>
 
@@ -2356,8 +2356,18 @@ proveunsecure(dns_validator_t *val, isc_boolean_t resume) {
 	}
 
 	if (result == ISC_R_NOTFOUND) {
-		if (!val->havedlvsep)
+		if (!val->havedlvsep) {
+			validator_log(val, ISC_LOG_DEBUG(3),
+				      "not beneath secure root / DLV");
+			if (val->mustbesecure) {
+				validator_log(val, ISC_LOG_WARNING,
+					      "must be secure failure");
+				result = DNS_R_MUSTBESECURE;
+				goto out;
+			}
+			val->event->rdataset->trust = dns_trust_answer;
 			return (ISC_R_SUCCESS);
+		}
 		dns_name_copy(dns_fixedname_name(&val->dlvsep),
 			      dns_fixedname_name(&secroot), NULL);
 	} else if (result != ISC_R_SUCCESS)