From 2ebe19d1a2b5381dcd6dce5882dfd5c98ab6db6d Mon Sep 17 00:00:00 2001
From: Andreas Gustafsson <source@isc.org>
Date: Tue, 8 Aug 2000 00:46:00 +0000
Subject: [PATCH] SOA in authoritative negative responses had wrong TTL (RT
 #212)

---
 bin/named/query.c | 21 ++++++++++++++++++++-
 1 file changed, 20 insertions(+), 1 deletion(-)

diff --git a/bin/named/query.c b/bin/named/query.c
index 1b5b2d3b0a..aa4f158868 100644
--- a/bin/named/query.c
+++ b/bin/named/query.c
@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: query.c,v 1.120 2000/08/01 01:11:57 tale Exp $ */
+/* $Id: query.c,v 1.121 2000/08/08 00:46:00 gson Exp $ */
 
 #include <config.h>
 
@@ -29,6 +29,7 @@
 #include <dns/rdatalist.h>
 #include <dns/rdataset.h>
 #include <dns/rdatasetiter.h>
+#include <dns/rdatastruct.h>
 #include <dns/rdatatype.h>
 #include <dns/resolver.h>
 #include <dns/result.h>
@@ -1454,6 +1455,24 @@ query_addsoa(ns_client_t *client, dns_db_t *db) {
 		 */
 		eresult = DNS_R_SERVFAIL;
 	} else {
+		/*
+		 * Extract the SOA MINIMUM.
+		 */
+		dns_rdata_soa_t soa;
+		dns_rdata_t rdata;
+		result = dns_rdataset_first(rdataset);
+		RUNTIME_CHECK(result == ISC_R_SUCCESS);
+		dns_rdataset_current(rdataset, &rdata);
+		dns_rdata_tostruct(&rdata, &soa, NULL);
+
+		/*
+		 * Add the SOA and its SIG to the response, with the
+		 * TTLs adjusted per RFC2308 section 3.
+		 */
+		if (rdataset->ttl > soa.minimum)
+			rdataset->ttl = soa.minimum;
+		if (sigrdataset->ttl > soa.minimum)
+			sigrdataset->ttl = soa.minimum;
 		query_addrrset(client, &name, &rdataset, &sigrdataset, NULL,
 			       DNS_SECTION_AUTHORITY);
 	}