Merge branch '3839-fix-resume_dslookup-bug' into 'main'

Fix a bug in resolver's resume_dslookup() function

Closes #3839

See merge request isc-projects/bind9!7476

CHANGES

@@ -1,3 +1,8 @@
+6090.	[bug]		Fix a bug in resolver's resume_dslookup() function by
+			making sure that dns_resolver_createfetch() is called
+			with valid parameters, as required by the function.
+			[GL #3839]
+
 6089.	[bug]		Source ports configured for query-source,
 			transfer-source, etc, were being ignored. (This
 			feature is deprecated, but it is not yet removed,

bin/tests/system/digdelv/clean.sh

@@ -29,7 +29,9 @@ rm -f ./host.out.test*
 rm -f ./ns*/managed-keys.bind*
 rm -f ./ns*/named.lock
 rm -f ./ns2/dsset-example.
+rm -f ./ns2/dsset-example.tld.
 rm -f ./ns2/example.db ./ns2/K* ./ns2/keyid ./ns2/keydata
+rm -f ./ns2/example.tld.db
 rm -f ./nslookup.out.test*
-rm -f ./yamlget.out.*
 rm -f ./nsupdate.out.test*
+rm -f ./yamlget.out.*

bin/tests/system/digdelv/ns2/named.conf.in

@@ -32,3 +32,8 @@ zone "example" {
 	type primary;
 	file "example.db";
 };
+
+zone "example.tld" {
+	type primary;
+	file "example.tld.db";
+};

bin/tests/system/digdelv/ns2/sign.sh

@@ -27,3 +27,6 @@ grep -Ev '^;' < "$ksk.key" | cut -f 7- -d ' ' > keydata
 
 keyfile_to_initial_keys "$ksk" > ../ns3/anchor.dnskey
 keyfile_to_initial_ds "$ksk" > ../ns3/anchor.ds
+
+ksk=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone example.tld.)
+"$SIGNER" -Sz -f example.tld.db -o example.tld example.db.in > /dev/null 2>&1

bin/tests/system/digdelv/tests.sh

@@ -1396,6 +1396,14 @@ if [ -x "$DELV" ] ; then
     if [ $ret -ne 0 ]; then echo_i "failed"; fi
     status=$((status+ret))
   fi
+
+  n=$((n+1))
+  echo_i "check that delv handles REFUSED when chasing DS records ($n)"
+  delv_with_opts @10.53.0.2 +root xxx.example.tld A > delv.out.test$n 2>&1 || ret=1
+  grep ";; resolution failed: broken trust chain" delv.out.test$n > /dev/null || ret=1
+  if [ $ret -ne 0 ]; then echo_i "failed"; fi
+  status=$((status+ret))
+
 else
   echo_i "$DELV is needed, so skipping these delv tests"
 fi

lib/dns/resolver.c

@@ -7217,6 +7217,8 @@ resume_dslookup(isc_task_t *task, isc_event_t *event) {
 	dns_resolver_t *res = NULL;
 	dns_rdataset_t *nsrdataset = NULL;
 	dns_rdataset_t nameservers;
+	dns_fixedname_t fixed;
+	dns_name_t *domain = NULL;
 	unsigned int n;
 	dns_fetch_t *fetch = NULL;
 
@@ -7291,12 +7293,16 @@ resume_dslookup(isc_task_t *task, isc_event_t *event) {
 			goto cleanup;
 		}
 
-		/* Get nameservers from fctx->nsfetch before we destroy it. */
+		/* Get nameservers from fetch before we destroy it. */
 		dns_rdataset_init(&nameservers);
 		if (dns_rdataset_isassociated(&fetch->private->nameservers)) {
 			dns_rdataset_clone(&fetch->private->nameservers,
 					   &nameservers);
 			nsrdataset = &nameservers;
+
+			/* Get domain from fetch before we destroy it. */
+			domain = dns_fixedname_initname(&fixed);
+			dns_name_copy(fetch->private->domain, domain);
 		}
 
 		n = dns_name_countlabels(fctx->nsname);
@@ -7306,10 +7312,10 @@ resume_dslookup(isc_task_t *task, isc_event_t *event) {
 
 		fetchctx_ref(fctx);
 		result = dns_resolver_createfetch(
-			res, fctx->nsname, dns_rdatatype_ns,
-			fetch->private->domain, nsrdataset, NULL, NULL, 0,
-			fctx->options, 0, NULL, task, resume_dslookup, fctx,
-			&fctx->nsrrset, NULL, &fctx->nsfetch);
+			res, fctx->nsname, dns_rdatatype_ns, domain, nsrdataset,
+			NULL, NULL, 0, fctx->options, 0, NULL, task,
+			resume_dslookup, fctx, &fctx->nsrrset, NULL,
+			&fctx->nsfetch);
 		if (result != ISC_R_SUCCESS) {
 			fetchctx_unref(fctx);
 			if (result == DNS_R_DUPLICATE) {