Merge branch 'wpk-servfail-on-upstream-formerr' into 'master'

Set result to SERVFAIL if upstream responded with FORMERR

See merge request isc-projects/bind9!876

bin/tests/system/resolver/ans8/ans.pl

@@ -74,6 +74,9 @@ sub handleUDP {
 	} elsif ($qname eq "ns.no-questions") {
 		$packet->push("answer", new Net::DNS::RR($qname . " 300 A 10.53.0.8"));
 		return $packet->data;
+	} elsif ($qname =~ /\.formerr-to-all$/) {
+		$packet->header->rcode("FORMERR");
+		return $packet->data;
 	}
 
 	# don't use Net::DNS to construct the header only reply as early

bin/tests/system/resolver/ns4/root.db

@@ -24,3 +24,5 @@ example.net.		NS	ns.example.net.
 ns.example.net.		A	10.53.0.6
 no-questions.		NS	ns.no-questions.
 ns.no-questions.	A	10.53.0.8
+formerr-to-all.		NS	ns.formerr-to-all.
+ns.formerr-to-all.	A	10.53.0.8

bin/tests/system/resolver/tests.sh

@@ -788,5 +788,13 @@ grep "1.2.3.4" dig.ns5.out.${n} > /dev/null && ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`
 
+n=`expr $n + 1`
+echo_i "checking SERVFAIL is returned when all authoritative servers return FORMERR ($n)"
+ret=0
+$DIG $DIGOPTS @10.53.0.5 ns.formerr-to-all. a > dig.ns5.out.${n} || ret=1
+grep "status: SERVFAIL" dig.ns5.out.${n} > /dev/null || ret=1
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=`expr $status + $ret`
+
 echo_i "exit status: $status"
 [ $status -eq 0 ] || exit 1

lib/ns/query.c

@@ -6737,6 +6737,10 @@ query_gotanswer(query_ctx_t *qctx, isc_result_t result) {
 	case DNS_R_DNAME:
 		return (query_dname(qctx));
 
+	case DNS_R_FORMERR:
+		QUERY_ERROR(qctx, DNS_R_SERVFAIL);
+		return (query_done(qctx));
+
 	default:
 		/*
 		 * Something has gone wrong.