[#1,!2] Fix server interpretation of guard record results in DSMM

Added a release note

common/dns.c
    build_dsmm_fwd_add3() -  modified to add a prerequisite when
    ddns-guard-id-must-match is enabled.

2 files changed, 30 insertions, 3 deletions

diff --git a/RELNOTES b/RELNOTES
index ad9cab2c..9d1080d2 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -107,7 +107,15 @@ by Eric Young (eay@cryptsoft.com).
 - Bind9 now defaults to requiring python to build. The Makefile for
   building Bind9 when bundled with ISC DHCP was modified to turn off
   this dependency.
-  [ISC-Bugs #3,!1   git #cc35f84943df44dac2499f3e16e8aaba7d54191d]
+  [ISC-Bugs #3,!1	git #cc35f84943df44dac2499f3e16e8aaba7d54191d]
+
+- Corrected a dual-stack mixed-mode issue that occurs when both
+  ddns-guard-id-must-match and ddns-other-guard-is-dynamic
+  are enabled and that caused the server to incorrectly interpret
+  the presence of a guard record belonging to another client as
+  a case of no guard record at all.  Thanks to Fernando Soto
+  from BlueCat Networks for reporting this issue.
+  [ISC-Bugs #1, !2	git TBD]
 
 		Changes since 4.4.0 (New Features)
 - none
diff --git a/common/dns.c b/common/dns.c
index bcebc635..5b097b69 100644
--- a/common/dns.c
+++ b/common/dns.c
@@ -3,7 +3,7 @@
    Domain Name Service subroutines. */
 
 /*
- * Copyright (c) 2004-2017 by Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (c) 2004-2019 by Internet Systems Consortium, Inc. ("ISC")
  * Copyright (c) 2001-2003 by Internet Software Consortium
  *
  * This Source Code Form is subject to the terms of the Mozilla Public
@@ -2047,7 +2047,7 @@ build_dsmm_fwd_add3(dhcp_ddns_cb_t   *ddns_cb,
  * When we're In Dual Stack Mixed Mode and ddns-other-guard-is-dynamic is ON
  * we need only determine if a guard record of the other type exists, to know
  * if we can add/replace and address record of our type.   In other words,
- * the presence of a dynamic entry made belonging to the "other" stack means
+ * the presence of a dynamic entry belonging to the "other" stack means
  * all entries for this name should be dynamic and we overwrite an unguarded
  * address record of our type.
  *
@@ -2073,6 +2073,25 @@ build_dsmm_fwd_add3_other(dhcp_ddns_cb_t   *ddns_cb,
 	log_call("build_fwd_add3_other", pname, uname);
 #endif
 	/* Construct the prereq list */
+
+	// If ID matching is on, a result of NXRRSET from add2 means
+	// either there is no guard of my type, or there is but
+	// it does not match this client.  We need to distinguish
+	// between those two cases here and only allow this add
+	// if there is no guard of my type.
+	if (ddns_cb->flags & DDNS_GUARD_ID_MUST_MATCH) {
+		/* No guard record of my type exists */
+		result = make_dns_dataset(dns_rdataclass_none,
+					  ddns_cb->dhcid_class,
+					  dataspace, NULL, 0, 0);
+		if (result != ISC_R_SUCCESS) {
+			return(result);
+		}
+
+		ISC_LIST_APPEND(pname->list, &dataspace->rdataset, link);
+		dataspace++;
+	}
+
 	/* A guard record of the other type exists */
 	result = make_dns_dataset(dns_rdataclass_any,
 				  ddns_cb->other_dhcid_class,