lib/dns/ncache.c:rdataset_settrust() fails to set trust on called rdataset
I was exploring making the dnssec system test do more tests via a forwarder and had an unexpected validation failure.
Daisy chaining the lookup via ns9 resulted in the subsequent direct lookup failing as ns9 sets CD=1 resulting in a pending ncache entry for insecure.example/DS existing. When the NSEC record was validated as secure only the trust in the slab was updated resulting in the NODATA proof not being found as rdataset->trust was still pending. Subsequent lookups should succeed as the next time the rdataset is retrieved the trust will be secure making this a transient failure.
diff --git a/bin/tests/system/dnssec/tests.sh b/bin/tests/system/dnssec/tests.sh
index 29044e18fe..caee6d78e3 100644
--- a/bin/tests/system/dnssec/tests.sh
+++ b/bin/tests/system/dnssec/tests.sh
@@ -122,6 +122,7 @@ check_secroots_layout () {
# in the additional section
echo_i "checking that additional glue is returned for unsigned delegation ($n)"
ret=0
+$DIG +tcp +dnssec -p "$PORT" a.insecure.example. @10.53.0.9 a > dig.out.ns9.test$n || ret=1
$DIG +tcp +dnssec -p "$PORT" a.insecure.example. @10.53.0.4 a > dig.out.ns4.test$n || ret=1
grep "ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2" dig.out.ns4.test$n > /dev/null || ret=1
grep "ns\\.insecure\\.example\\..*A.10\\.53\\.0\\.3" dig.out.ns4.test$n > /dev/null || ret=1diff --git a/lib/dns/ncache.c b/lib/dns/ncache.c
index 2316eb04a7..7bea3d376c 100644
--- a/lib/dns/ncache.c
+++ b/lib/dns/ncache.c
@@ -504,6 +504,7 @@ rdataset_settrust(dns_rdataset_t *rdataset, dns_trust_t trust) {
unsigned char *raw = rdataset->private3;
raw[-1] = (unsigned char)trust;
+ rdataset->trust = trust;
}
static dns_rdatasetmethods_t rdataset_methods = {