Bug 1404412

Description of problem:
Bind 9.9.4-29.el7_2.4 will not cache URI RR from remote servers, if they use more recent format that it recognizes. If RHEL 7 servers are used as your network cache, you will be unable to resolve any URI record from internet.

Version-Release number of selected component (if applicable):
bind-9.9.4-29.el7_2.4

How reproducible:
Always

Steps to Reproduce:
1. setup BIND as caching server, listening on localhost
2. Use more recent bind-utils, for example on fedora 24
3. send dig @cache _kerberos.fedoraproject.org URI, where cache is your RHEL7 cache server with BIND 9.9

Actual results:
$ dig +cd @rhel7 _kerberos.fedoraproject.org uri

; <<>> DiG 9.10.4-P4-RedHat-9.10.4-2.P4.fc24 <<>> +cd @rhel7 _kerberos.fedoraproject.org uri
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 3367
;; flags: qr rd ra cd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;_kerberos.fedoraproject.org.	IN	URI


Expected results:
$ dig +cd @rhel6 _kerberos.fedoraproject.org uri

; <<>> DiG 9.10.4-P4-RedHat-9.10.4-2.P4.fc24 <<>> +cd @rhel6 _kerberos.fedoraproject.org uri
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40510
;; flags: qr rd ra cd; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 6

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;_kerberos.fedoraproject.org.	IN	URI

;; ANSWER SECTION:
_kerberos.fedoraproject.org. 300 IN	URI	10 1 "krb5srv:m:kkdcp:https://id.fedoraproject.org/KdcProxy/"


Additional info:
Surprising fact is, older BIND 9.8.2 from RHEL 6 does work as expected. It can cache the record, because it does not try to understand it. It is regression since RHEL6. But 9.9 will refuse current URI record as invalid. But it is in fact more valid, conforming to RFC 7553.