BIND 10 trac1584review, updated. cb086eeafa84b7cbc30ef2da3e3f8bae3e58a473 [1584review] cleanup and comment update: removed redundant check for isWildcard. also updated method description in .h to clarify it also handles NSEC3.
BIND 10 source code commits
bind10-changes at lists.isc.org
Thu Feb 16 22:52:56 UTC 2012
The branch, trac1584review has been updated
via cb086eeafa84b7cbc30ef2da3e3f8bae3e58a473 (commit)
from 694ee39256cd2ebad4b1f5b657fd2a2556ad10a5 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit cb086eeafa84b7cbc30ef2da3e3f8bae3e58a473
Author: JINMEI Tatuya <jinmei at isc.org>
Date: Thu Feb 16 14:51:45 2012 -0800
[1584review] cleanup and comment update: removed redundant check for isWildcard.
also updated method description in .h to clarify it also handles NSEC3.
-----------------------------------------------------------------------
Summary of changes:
src/bin/auth/query.cc | 15 +++++++++------
src/bin/auth/query.h | 7 ++++---
2 files changed, 13 insertions(+), 9 deletions(-)
-----------------------------------------------------------------------
diff --git a/src/bin/auth/query.cc b/src/bin/auth/query.cc
index ec648f4..6e0b215 100644
--- a/src/bin/auth/query.cc
+++ b/src/bin/auth/query.cc
@@ -171,10 +171,12 @@ void
Query::addWildcardProof(ZoneFinder& finder,
const ZoneFinder::FindResult& db_result)
{
- // The query name shouldn't exist in the zone if there were no wildcard
- // substitution. Confirm that by specifying NO_WILDCARD. It should result
- // in NXDOMAIN and an NSEC RR that proves it should be returned.
- if (db_result.isNSECSigned() && db_result.isWildcard()){
+ if (db_result.isNSECSigned()) {
+ // Case for RFC4035 Section 3.1.3.3.
+ //
+ // The query name shouldn't exist in the zone if there were no wildcard
+ // substitution. Confirm that by specifying NO_WILDCARD. It should
+ // result in NXDOMAIN and an NSEC RR that proves it should be returned.
const ZoneFinder::FindResult fresult =
finder.find(qname_, RRType::NSEC(),
dnssec_opt_ | ZoneFinder::NO_WILDCARD);
@@ -187,8 +189,9 @@ Query::addWildcardProof(ZoneFinder& finder,
boost::const_pointer_cast<AbstractRRset>(
fresult.rrset),
dnssec_);
- } else if (db_result.isNSEC3Signed() && db_result.isWildcard()) {
- // case for RFC5155 Section 7.2.6
+ } else if (db_result.isNSEC3Signed()) {
+ // Case for RFC5155 Section 7.2.6.
+ //
// Note that the closest encloser must be the immediate ancestor
// of the matching wildcard, so NSEC3 for its next closer is what
// we are expected to provided per the RFC (if this assumption isn't
diff --git a/src/bin/auth/query.h b/src/bin/auth/query.h
index 1007a3b..208058f 100644
--- a/src/bin/auth/query.h
+++ b/src/bin/auth/query.h
@@ -104,9 +104,10 @@ private:
void addNXDOMAINProof(isc::datasrc::ZoneFinder& finder,
isc::dns::ConstRRsetPtr nsec);
- /// Add NSEC RRs that prove a wildcard answer is the best one.
+ /// Add NSEC or NSEC3 RRs that prove a wildcard answer is the best one.
///
- /// This corresponds to Section 3.1.3.3 of RFC 4035.
+ /// This corresponds to Section 3.1.3.3 of RFC 4035 and Section 7.2.6
+ /// of RFC5155.
void addWildcardProof(
isc::datasrc::ZoneFinder& finder,
const isc::datasrc::ZoneFinder::FindResult& dbResult);
@@ -122,7 +123,7 @@ private:
/// <QNAME,QTTYPE>.
void addWildcardNXRRSETProof(isc::datasrc::ZoneFinder& finder,
isc::dns::ConstRRsetPtr nsec);
-
+
/// \brief Look up additional data (i.e., address records for the names
/// included in NS or MX records) and add them to the additional section.
///
More information about the bind10-changes
mailing list