BIND 10 trac1584review, updated. 863e56e656f11f8bd37ed75564d01640076d0215 [1584review] simplification: we actually didn't have to calculate the next closer from the wildcard; the next closer of the closest encloser must be it by definition.

BIND 10 source code commits bind10-changes at lists.isc.org
Thu Feb 16 22:38:57 UTC 2012 

The branch, trac1584review has been updated
       via  863e56e656f11f8bd37ed75564d01640076d0215 (commit)
      from  80df2d4fcda75c7b9e8ca0e8d2e4824c13ff2867 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 863e56e656f11f8bd37ed75564d01640076d0215
Author: JINMEI Tatuya <jinmei at isc.org>
Date:   Thu Feb 16 14:38:01 2012 -0800

    [1584review] simplification: we actually didn't have to calculate the next
    closer from the wildcard; the next closer of the closest encloser must be it
    by definition.

-----------------------------------------------------------------------

Summary of changes:
 src/bin/auth/query.cc |   13 ++++---------
 1 files changed, 4 insertions(+), 9 deletions(-)

-----------------------------------------------------------------------
diff --git a/src/bin/auth/query.cc b/src/bin/auth/query.cc
index 4e0d7e3..07b0307 100644
--- a/src/bin/auth/query.cc
+++ b/src/bin/auth/query.cc
@@ -189,6 +189,10 @@ Query::addWildcardProof(ZoneFinder& finder,
                            dnssec_);
     } else if (db_result.isNSEC3Signed() && db_result.isWildcard()) {
         // case for RFC5155 Section 7.2.6
+        // Note that the closest encloser must be the immediate ancestor
+        // of the matching wildcard, so NSEC3 for its next closer is what
+        // we are expected to provided per the RFC (if this assumption isn't
+        // met the zone is broken anyway).
         const ZoneFinder::FindNSEC3Result NSEC3Result(
             finder.findNSEC3(qname_, true));
         if (NULL == NSEC3Result.next_proof) {
@@ -198,15 +202,6 @@ Query::addWildcardProof(ZoneFinder& finder,
         response_.addRRset(Message::SECTION_AUTHORITY,
                            boost::const_pointer_cast<AbstractRRset>(
                                NSEC3Result.next_proof), dnssec_);
-        const Name wname =
-            qname_.split(qname_.getLabelCount() -
-                         NSEC3Result.closest_labels - 1);
-        const ZoneFinder::FindNSEC3Result wresult(
-            finder.findNSEC3(wname, false));
-        if (wresult.matched) {
-            isc_throw(BadNSEC3, "Unexpected NSEC3 "
-                      "found for existing domain " << wname);
-        }
     }
 }

More information about the bind10-changes mailing list