named does not check RDATA of the SOA record ending an AXFR

While lib/dns/xfrin.c:xfr_rr() checks whether the last RR in the AXFR stream is an SOA record, it does not check its RDATA.

RFC 5936 section 2.2 says:

   An AXFR response that is transferring the zone's contents will
   consist of a series (which could be a series of length 1) of DNS
   messages.  In such a series, the first message MUST begin with the
   SOA resource record of the zone, and the last message MUST conclude
   with the same SOA resource record.

Meanwhile, named accepts the following AXFR stream as valid:

nil.      	300	SOA	localhost. root.nil. 3 300 300 604800 300
nil.      	300	NS	localhost.
nil.      	300	SOA	localhost. root.nil. 1 300 300 604800 300

This results in the following (rather confusing) set of log messages being generated (note the serial number discrepancies):

24-Feb-2021 22:36:49.732 zone nil/IN: transferred serial 1
24-Feb-2021 22:36:49.732 transfer of 'nil/IN' from 10.53.0.2#5300: Transfer status: success
24-Feb-2021 22:36:49.732 transfer of 'nil/IN' from 10.53.0.2#5300: Transfer completed: 1 messages, 3 records, 121 bytes, 0.001 secs (121000 bytes/sec) (serial 3)

After processing the above transfer, named puts the SOA record with serial number 1 into the zone database.

I do not think this problem poses a security threat, but I am reporting it in a confidential issue to rather be safe than sorry.