Change default minimal-responses setting to no-auth-recursive (#46016)

CHANGES

+4782.	[func]		Change default minimal-responses setting to
+			no-auth-recursive. [RT #46016]
+
 4781.	[bug]		Fix use after free when closing an LMDB. [RT #46000]
 
 4780.	[bug]		Fix out of bounds access in DHCID totext() method.

bin/named/config.c

@@ -181,7 +181,7 @@ options {\n\
 	message-compression yes;\n\
 #	min-roots <obsolete>;\n\
 	minimal-any false;\n\
-	minimal-responses true;\n\
+	minimal-responses no-auth-recursive;\n\
 	notify-source *;\n\
 	notify-source-v6 *;\n\
 	nsec3-test-zone no;\n\

bin/tests/system/resolver/ns4/tld1.db

@@ -19,7 +19,8 @@ ns			A	10.53.0.4
 $TTL 5
 to-be-removed 		NS	ns.to-be-removed
 ns.to-be-removed	A	10.53.0.6
-fetch	10		TXT	A short ttl
+fetch.tld.		NS	ns.fetch.tld.
+ns.fetch.tld.		A	10.53.0.6
 no-edns-version.tld.	NS	ns.no-edns-version.tld.
 ns.no-edns-version.tld.	A	10.53.0.6
 edns-version.tld.	NS	ns.edns-version.tld.

bin/tests/system/resolver/ns4/tld2.db

@@ -16,7 +16,8 @@ $TTL 300
 				)
 @			NS	ns.tld.
 ns			A	10.53.0.4
-fetch  10              TXT     A short ttl
+fetch.tld.		NS	ns.fetch.tld.
+ns.fetch.tld.		A	10.53.0.6
 fetchall  10              TXT     A short ttl
 fetchall  10              A     1.2.3.4
 fetchall  10              AAAA    ::1

bin/tests/system/resolver/ns6/fetch.tld.db

+; Copyright (C) 2011, 2016  Internet Systems Consortium, Inc. ("ISC")
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+; $Id: moves.db,v 1.3 2011/03/13 23:47:36 tbox Exp $
+
+$TTL 300
+@ 			IN SOA	marka.isc.org. ns.fetch.tld. (
+				2010   	; serial
+				600         	; refresh
+				600         	; retry
+				1200    	; expire
+				600       	; minimum
+				)
+@			NS	ns.fetch.tld.
+ns.fetch.tld.		A	10.53.0.6
+
+@	10		TXT	A short ttl

bin/tests/system/resolver/ns6/named.conf

@@ -68,3 +68,8 @@ zone "delegation-only" {
 	type master;
 	file "delegation-only.db";
 };
+
+zone "fetch.tld" {
+	type master;
+	file "fetch.tld.db";
+};

doc/arm/Bv9ARM-book.xml

@@ -6239,7 +6239,9 @@ options {
 		  unless they are required, but it may still add
 		  records to the additional section.  When set to
 		  <userinput>no-auth-recursive</userinput>, this
-		  is only done if the query is recursive.  These
+		  is only done if the query is recursive.  When the
+		  query is not recursive, the effect is same as if
+		  <userinput>no</userinput> was specified. These
 		  settings are useful when answering stub clients,
 		  which usually ignore the authority section.
 		  <userinput>no-auth-recursive</userinput> is
@@ -6247,7 +6249,8 @@ options {
 		  both authoritative and recursive queries.
 		</para>
 		<para>
-		  The default is <userinput>yes</userinput>.
+		  The default is
+		  <userinput>no-auth-recursive</userinput>.
 		</para>
 	      </listitem>
 	    </varlistentry>
@@ -6269,11 +6272,6 @@ options {
 		  at the cost of increased memory usage for the zone. If
 		  you don't want this, set it to <userinput>no</userinput>.
 		</para>
-		<para>
-		  The glue cache is only used when
-		  <userinput>minimal-responses</userinput> is also set
-		  to <userinput>yes</userinput>.
-		</para>
 	      </listitem>
 	    </varlistentry>
 

lib/ns/query.c

@@ -2063,10 +2063,12 @@ query_addadditional(void *arg, const dns_name_t *name, dns_rdatatype_t qtype) {
 	return (eresult);
 }
 
-static inline void
-query_addrdataset(ns_client_t *client, dns_name_t *fname,
-		  dns_rdataset_t *rdataset)
+static void
+query_addrdataset(ns_client_t *client, dns_section_t section,
+		  dns_name_t *fname, dns_rdataset_t *rdataset)
 {
+	UNUSED(section);
+
 	/*
 	 * Add 'rdataset' and any pertinent additional data to
 	 * 'fname', a name in the response message for 'client'.
@@ -2089,7 +2091,6 @@ query_addrdataset(ns_client_t *client, dns_name_t *fname,
 	 * Try to process glue directly.
 	 */
 	if (client->view->use_glue_cache &&
-	    (client->view->minimalresponses == dns_minimal_yes) &&
 	    (rdataset->type == dns_rdatatype_ns) &&
 	    (client->query.gluedb != NULL) &&
 	    dns_db_iszone(client->query.gluedb))
@@ -2191,7 +2192,7 @@ query_addrrset(ns_client_t *client, dns_name_t **namep,
 	 * we do not need to check if the SIG rdataset is already in the
 	 * response.
 	 */
-	query_addrdataset(client, mname, rdataset);
+	query_addrdataset(client, section, mname, rdataset);
 	*rdatasetp = NULL;
 	if (sigrdataset != NULL && dns_rdataset_isassociated(sigrdataset)) {
 		/*
@@ -7051,6 +7052,7 @@ query_dns64(query_ctx_t *qctx) {
 	isc_netaddr_t netaddr;
 	dns_dns64_t *dns64;
 	unsigned int flags = 0;
+	const dns_section_t section = DNS_SECTION_ANSWER;
 
 	/*%
 	 * To the current response for 'qctx->client', add the answer RRset
@@ -7074,7 +7076,7 @@ query_dns64(query_ctx_t *qctx) {
 	dns64_rdata = NULL;
 	dns64_rdataset = NULL;
 	dns64_rdatalist = NULL;
-	result = dns_message_findname(client->message, DNS_SECTION_ANSWER,
+	result = dns_message_findname(client->message, section,
 				      name, dns_rdatatype_aaaa,
 				      qctx->rdataset->covers,
 				      &mname, &mrdataset);
@@ -7094,7 +7096,7 @@ query_dns64(query_ctx_t *qctx) {
 		 */
 		if (qctx->dbuf != NULL)
 			query_keepname(client, name, qctx->dbuf);
-		dns_message_addname(client->message, name, DNS_SECTION_ANSWER);
+		dns_message_addname(client->message, name, section);
 		qctx->fname = NULL;
 		mname = name;
 	} else {
@@ -7187,7 +7189,7 @@ query_dns64(query_ctx_t *qctx) {
 	dns_rdataset_setownercase(dns64_rdataset, mname);
 	client->query.attributes |= NS_QUERYATTR_NOADDITIONAL;
 	dns64_rdataset->trust = qctx->rdataset->trust;
-	query_addrdataset(client, mname, dns64_rdataset);
+	query_addrdataset(client, section, mname, dns64_rdataset);
 	dns64_rdataset = NULL;
 	dns64_rdatalist = NULL;
 	dns_message_takebuffer(client->message, &buffer);
@@ -7232,6 +7234,7 @@ query_filter64(query_ctx_t *qctx) {
 	isc_region_t r;
 	isc_result_t result;
 	unsigned int i;
+	const dns_section_t section = DNS_SECTION_ANSWER;
 
 	CTRACE(ISC_LOG_DEBUG(3), "query_filter64");
 
@@ -7245,7 +7248,7 @@ query_filter64(query_ctx_t *qctx) {
 	myrdata = NULL;
 	myrdataset = NULL;
 	myrdatalist = NULL;
-	result = dns_message_findname(client->message, DNS_SECTION_ANSWER,
+	result = dns_message_findname(client->message, section,
 				      name, dns_rdatatype_aaaa,
 				      qctx->rdataset->covers,
 				      &mname, &myrdataset);
@@ -7322,11 +7325,11 @@ query_filter64(query_ctx_t *qctx) {
 		if (qctx->dbuf != NULL)
 			query_keepname(client, name, qctx->dbuf);
 		dns_message_addname(client->message, name,
-				    DNS_SECTION_ANSWER);
+				    section);
 		qctx->dbuf = NULL;
 	}
 	myrdataset->trust = qctx->rdataset->trust;
-	query_addrdataset(client, mname, myrdataset);
+	query_addrdataset(client, section, mname, myrdataset);
 	myrdataset = NULL;
 	myrdatalist = NULL;
 	dns_message_takebuffer(client->message, &buffer);