2900. [bug] The placeholder negative caching element was not

properly constructed triggering a INSIST in
                        dns_ncache_towire(). [RT #21346]

CHANGES

@@ -1,3 +1,7 @@
+2900.	[bug]		The placeholder negative caching element was not
+			properly constructed triggering a INSIST in 
+			dns_ncache_towire(). [RT #21346]
+			
 2899.	[port]		win32: Support linking against OpenSSL 1.0.0.
 
 2898.	[bug]		nslookup leaked memory when -domain=value was 

bin/tests/system/resolver/ans2/ans.pl

@@ -15,7 +15,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: ans.pl,v 1.13 2009/11/04 02:15:30 marka Exp $
+# $Id: ans.pl,v 1.14 2010/05/19 06:39:50 marka Exp $
 
 #
 # Ad hoc name server
@@ -84,6 +84,11 @@ for (;;) {
 		# delegation to avoid automatic acceptance for subdomain aliases
 		$packet->push("authority", new Net::DNS::RR("example.net 300 NS ns.example.net"));
 		$packet->push("additional", new Net::DNS::RR("ns.example.net 300 A 10.53.0.3"));
+	} elsif ($qname =~ /^nodata\.example\.net$/i) {
+		$packet->header->aa(1);
+	} elsif ($qname =~ /^nxdomain\.example\.net$/i) {
+		$packet->header->aa(1);
+		$packet->header->rcode(NXDOMAIN);
 	} elsif ($qname =~ /sub\.example\.org/) {
 		# Data for CNAME/DNAME filtering.  The final answers are
 		# expected to be accepted regardless of the filter setting.

bin/tests/system/resolver/tests.sh

@@ -15,13 +15,27 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: tests.sh,v 1.11 2009/05/29 23:47:49 tbox Exp $
+# $Id: tests.sh,v 1.12 2010/05/19 06:39:50 marka Exp $
 
 SYSTEMTESTTOP=..
 . $SYSTEMTESTTOP/conf.sh
 
 status=0
 
+echo "I:checking non-cachable NXDOMAIN response handling"
+ret=0
+$DIG +tcp nxdomain.example.net @10.53.0.1 a -p 5300 > dig.out || ret=1
+grep "status: NXDOMAIN" dig.out > /dev/null || ret=1
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+echo "I:checking non-cachable NODATA response handling"
+ret=0
+$DIG +tcp nodata.example.net @10.53.0.1 a -p 5300 > dig.out || ret=1
+grep "status: NOERROR" dig.out > /dev/null || ret=1
+
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
 echo "I:checking handling of bogus referrals"
 # If the server has the "INSIST(!external)" bug, this query will kill it.
 $DIG +tcp www.example.com. a @10.53.0.1 -p 5300 >/dev/null || status=1
@@ -105,5 +119,6 @@ grep "status: NOERROR" dig.out > /dev/null || ret=1
 if [ $ret != 0 ]; then echo "I:failed"; fi
 status=`expr $status + $ret`
 
+
 echo "I:exit status: $status"
 exit $status

lib/dns/ncache.c

@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: ncache.c,v 1.48 2010/05/18 06:28:29 marka Exp $ */
+/* $Id: ncache.c,v 1.49 2010/05/19 06:39:50 marka Exp $ */
 
 /*! \file */
 
@@ -248,10 +248,9 @@ dns_ncache_addoptout(dns_message_t *message, dns_db_t *cache,
 		 * Copy the type and a zero rdata count to the buffer.
 		 */
 		isc_buffer_availableregion(&buffer, &r);
-		if (r.length < 4)
+		if (r.length < 5)
 			return (ISC_R_NOSPACE);
-		isc_buffer_putuint16(&buffer, 0);
-		isc_buffer_putuint16(&buffer, 0);
+		isc_buffer_putuint16(&buffer, 0);	/* type */
 		/*
 		 * RFC2308, section 5, says that negative answers without
 		 * SOAs should not be cached.
@@ -269,6 +268,9 @@ dns_ncache_addoptout(dns_message_t *message, dns_db_t *cache,
 			trust = dns_trust_authauthority;
 		} else
 			trust = dns_trust_additional;
+		isc_buffer_putuint8(&buffer, trust);	/* trust */
+		isc_buffer_putuint16(&buffer, 0);	/* count */
+
 		/*
 		 * Now add it to the cache.
 		 */