From 2e4187afd5f1a0cd0a265858e4f4db5f9313323e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Micha=C5=82=20K=C4=99pie=C5=84?= <michal@isc.org>
Date: Thu, 7 Feb 2019 21:56:59 +0100
Subject: [PATCH] Add a comment explaining a mirror zone glitch

Explain why in a certain edge case mirror zone data may not be used for
resolution purposes despite being available.
---
 lib/dns/zt.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/lib/dns/zt.c b/lib/dns/zt.c
index 62b0e4a053..7576396830 100644
--- a/lib/dns/zt.c
+++ b/lib/dns/zt.c
@@ -179,6 +179,16 @@ dns_zt_find(dns_zt_t *zt, const dns_name_t *name, unsigned int options,
 		 * a mirror zone which is expired or not yet loaded, treat it
 		 * as non-existent.  This will trigger a fallback to recursion
 		 * instead of returning a SERVFAIL.
+		 *
+		 * Note that currently only the deepest match in the zone table
+		 * is checked.  Consider a server configured with two mirror
+		 * zones: "bar" and its child, "foo.bar".  If zone data is
+		 * available for "bar" but not for "foo.bar", a query with
+		 * QNAME equal to or below "foo.bar" will cause ISC_R_NOTFOUND
+		 * to be returned, not DNS_R_PARTIALMATCH, despite zone data
+		 * being available for "bar".  This is considered to be an edge
+		 * case, handling which more appropriately is possible, but
+		 * arguably not worth the added complexity.
 		 */
 		if ((options & DNS_ZTFIND_MIRROR) != 0 &&
 		    dns_zone_gettype(dummy) == dns_zone_mirror &&
-- 
GitLab