From ad64a3713b778c164121462d230f2d40976f2059 Mon Sep 17 00:00:00 2001
From: Ximon Eighteen <3304436+ximon18@users.noreply.github.com>
Date: Tue, 14 Oct 2025 16:38:40 +0200
Subject: [PATCH] HACK: Serve the original TTL of the RRSIG via XFR, not the
 RRSIG RRSET TTL.

As RRSIGs should not be grouped into RRSETs with a common TTL.
---
 src/net/server/middleware/xfr/responder.rs | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/net/server/middleware/xfr/responder.rs b/src/net/server/middleware/xfr/responder.rs
index 3b0f64b97..79a3d62d7 100644
--- a/src/net/server/middleware/xfr/responder.rs
+++ b/src/net/server/middleware/xfr/responder.rs
@@ -102,8 +102,13 @@ where
             for rr in rrset.data() {
                 last_rr_rtype = Some(rr.rtype());
 
+                let ttl = match rr {
+                    crate::rdata::ZoneRecordData::Rrsig(rrsig) => rrsig.original_ttl(),
+                    _ => rrset.ttl(),
+                };
+
                 if let Err(err) =
-                    batcher.push((owner.clone(), qclass, rrset.ttl(), rr))
+                    batcher.push((owner.clone(), qclass, ttl, rr))
                 {
                     match err {
                         BatchReadyError::MustFitInSingleMessage => {