From 95f4bac00236fd430131b8db8009de777d8db444 Mon Sep 17 00:00:00 2001
From: Aram Sargsyan <aram@isc.org>
Date: Fri, 17 Feb 2023 12:38:40 +0000
Subject: [PATCH 1/3] Add an "rpz" system test check for a failed
 reconfiguration

The faulty "DLZ" configuration triggers a reconfiguration failure
in such a place where view reverting code is covered.
---
 bin/tests/system/rpz/ns3/named.conf.in | 10 ++++++++++
 bin/tests/system/rpz/tests.sh          | 10 ++++++++++
 2 files changed, 20 insertions(+)

diff --git a/bin/tests/system/rpz/ns3/named.conf.in b/bin/tests/system/rpz/ns3/named.conf.in
index b0f6804bd2..80a9d832f0 100644
--- a/bin/tests/system/rpz/ns3/named.conf.in
+++ b/bin/tests/system/rpz/ns3/named.conf.in
@@ -148,3 +148,13 @@ zone "static-stub-nomatch." {
 	type static-stub;
 	server-addresses { 10.53.0.10; };
 };
+
+# A faulty dlz configuration to check if named with response policy zones
+# survives a certain class of failed configuration attempts (see GL #3880).
+# "dlz" is used because the dlz processing code is located in an ideal place in
+# the view configuration function for the test to cover the view reverting code.
+# The "BAD" comments below are necessary, because they will be removed using
+# 'sed' by tests.sh in order to activate the faulty configuration.
+#BAD	dlz "bad-dlz" {
+#BAD		database "dlopen bad-dlz.so example.org";
+#BAD	};
diff --git a/bin/tests/system/rpz/tests.sh b/bin/tests/system/rpz/tests.sh
index 1cfafbe813..4e83a6b702 100644
--- a/bin/tests/system/rpz/tests.sh
+++ b/bin/tests/system/rpz/tests.sh
@@ -848,6 +848,16 @@ EOF
     stop_server --use-rndc --port ${CONTROLPORT} ns3
     restart 3 "rebuild-bl-rpz"
 
+    t=`expr $t + 1`
+    echo_i "checking if rpz survives a certain class of failed reconfiguration attempts (${t})"
+    sed -e "s/^#BAD//" < ns3/named.conf.in > ns3/named.conf.tmp
+    copy_setports ns3/named.conf.tmp ns3/named.conf
+    rm ns3/named.conf.tmp
+    $RNDCCMD $ns3 reconfig > /dev/null 2>&1 && setret "failed"
+    sleep 1
+    copy_setports ns3/named.conf.in ns3/named.conf
+    $RNDCCMD $ns3 reconfig || setret "failed"
+
     t=`expr $t + 1`
     echo_i "checking the configured extended DNS error code (EDE) (${t})"
     $DIG -p ${PORT} @$ns3 walled.tld2 > dig.out.$t

From 121a095a22302472bc545476ea64f6b79bef9da6 Mon Sep 17 00:00:00 2001
From: Aram Sargsyan <aram@isc.org>
Date: Fri, 17 Feb 2023 12:41:29 +0000
Subject: [PATCH 2/3] Detach rpzs and catzs from the previous view

When switching to a new view during a reconfiguration (or reverting
to the old view), detach the 'rpzs' and 'catzs' from the previuos view.

The 'catzs' case was earlier solved slightly differently, by detaching
from the new view when reverting to the old view, but we can not solve
this the same way for 'rpzs', because now in BIND 9.19 and BIND 9.18
a dns_rpz_shutdown_rpzs() call was added in view's destroy() function
before detaching the 'rpzs', so we can not leave the 'rpzs' attached to
the previous view and let it be shut down when we intend to continue
using it with the new view.

Instead, "re-fix" the issue for the 'catzs' pointer the same way as
for 'rpzs' for consistency, and also because a similar shutdown call
is likely to be implemented for 'catzs' in the near future.
---
 bin/named/server.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/bin/named/server.c b/bin/named/server.c
index 87df9669b3..44d706bdc0 100644
--- a/bin/named/server.c
+++ b/bin/named/server.c
@@ -2646,6 +2646,7 @@ configure_rpz(dns_view_t *view, dns_view_t *pview, const cfg_obj_t **maps,
 		dns_rpz_shutdown_rpzs(view->rpzs);
 		dns_rpz_detach_rpzs(&view->rpzs);
 		dns_rpz_attach_rpzs(pview->rpzs, &view->rpzs);
+		dns_rpz_detach_rpzs(&pview->rpzs);
 	} else if (old != NULL && pview != NULL) {
 		++pview->rpzs->rpz_ver;
 		view->rpzs->rpz_ver = pview->rpzs->rpz_ver;
@@ -3179,6 +3180,7 @@ configure_catz(dns_view_t *view, dns_view_t *pview, const cfg_obj_t *config,
 	if (old != NULL) {
 		dns_catz_catzs_detach(&view->catzs);
 		dns_catz_catzs_attach(pview->catzs, &view->catzs);
+		dns_catz_catzs_detach(&pview->catzs);
 		dns_catz_prereconfig(view->catzs);
 	}
 
@@ -6012,9 +6014,6 @@ cleanup:
 			    named_config_get(maps, "catalog-zones", &obj) ==
 				    ISC_R_SUCCESS)
 			{
-				if (pview->catzs != NULL) {
-					dns_catz_catzs_detach(&pview->catzs);
-				}
 				/*
 				 * We are swapping the places of the `view` and
 				 * `pview` in the function's parameters list

From b086374b1de40e5b98adc0d1f8d66bdf31249f56 Mon Sep 17 00:00:00 2001
From: Aram Sargsyan <aram@isc.org>
Date: Fri, 17 Feb 2023 13:12:05 +0000
Subject: [PATCH 3/3] Add a CHANGES note for [GL #3880]

---
 CHANGES | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/CHANGES b/CHANGES
index cb3c764c13..cccd100926 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,7 @@
+6105.	[bug]		Detach 'rpzs' and 'catzs' from the previous view in
+			configure_rpz() and configure_catz(), respectively,
+			just after attaching it to the new view. [GL #3880]
+
 6104.	[cleanup]	Move libbind9's configuration checking code into
 			libisccfg alongside the other configuration code.
 			[GL !7461]