[9.18] fix: usr: Allow glue in delegations with QTYPE=ANY

When a query for type ANY triggered a delegation response, all additional data was omitted from the response, including mandatory glue. This has been corrected.


Closes #5659

Backport of MR !11283

Merge branch 'backport-5659-any-glue-9.18' into 'bind-9.18'

See merge request isc-projects/bind9!11368

bin/tests/system/auth/ns1/example.net.db

@@ -20,3 +20,5 @@ $TTL 300        ; 5 minutes
 			NS      ns
 ns                      A       10.53.0.1
 server			A	10.53.0.100
+child			NS	ns.child
+ns.child		A	10.53.0.1

bin/tests/system/auth/tests.sh

@@ -186,5 +186,15 @@ lines=$(wc -l <dig.out.test$n)
 [ $ret -eq 0 ] || echo_i "failed"
 status=$((status + ret))
 
+n=$((n + 1))
+echo_i "check delegation response to ANY query ($n)"
+ret=0
+$DIG $DIGOPTS @10.53.0.1 foo.child.example.net any >dig.out.test$n || ret=1
+grep "ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 2" dig.out.test$n >/dev/null || ret=1
+grep 'child\.example\.net\..300.IN.NS.ns\.child\.example\.net\.$' dig.out.test$n >/dev/null || ret=1
+grep 'ns\.child\.example\.net\..300.IN.A.10\.53\.0\.1$' dig.out.test$n >/dev/null || ret=1
+[ $ret -eq 0 ] || echo_i "failed"
+status=$((status + ret))
+
 echo_i "exit status: $status"
 [ $status -eq 0 ] || exit 1

lib/ns/query.c

@@ -2281,7 +2281,10 @@ query_addrrset(query_ctx_t *qctx, dns_name_t **namep,
 	 */
 	query_addtoname(mname, rdataset);
 	query_setorder(qctx, mname, rdataset);
-	if (qctx->qtype != dns_rdatatype_any) {
+	if (qctx->qtype != dns_rdatatype_any ||
+	    (!qctx->authoritative && section == DNS_SECTION_AUTHORITY &&
+	     rdataset->type == dns_rdatatype_ns))
+	{
 		query_additional(qctx, mname, rdataset);
 	}