Description: fix controls for zone transfers not being properly applied to
 Dynamically Loadable Zones (DLZs) if the zones are writable
Origin: provided by ISC

Index: bind9-9.11.4+dfsg/bin/named/xfrout.c
===================================================================
--- bind9-9.11.4+dfsg.orig/bin/named/xfrout.c	2019-02-20 09:02:00.710689380 +0100
+++ bind9-9.11.4+dfsg/bin/named/xfrout.c	2019-02-20 09:02:00.706689381 +0100
@@ -803,12 +803,12 @@ ns_xfr_start(ns_client_t *client, dns_rd
 	result = dns_zt_find(client->view->zonetable, question_name, 0, NULL,
 			     &zone);
 
-	if (result != ISC_R_SUCCESS) {
+	if (result != ISC_R_SUCCESS || dns_zone_gettype(zone) == dns_zone_dlz) {
 		/*
-		 * Normal zone table does not have a match.
-		 * Try the DLZ database
+		 * The normal zone table does not have a match, or this is
+		 * marked in the zone table as a DLZ zone. Check the DLZ
+		 * databases for a match.
 		 */
-		// Temporary: only searching the first DLZ database
 		if (! ISC_LIST_EMPTY(client->view->dlz_searched)) {
 			result = dns_dlzallowzonexfr(client->view,
 						     question_name,