BIND 10 trac1579, updated. 0b1b0da6ffc60991c0ccad85695631dec02db4da [1579] add RESULT_NSEC3_SIGNED flag if the zone is signed using nsec3 in the response of NXDOMAIN and NXRRSET
BIND 10 source code commits
bind10-changes at lists.isc.org
Tue Mar 13 01:47:36 UTC 2012
The branch, trac1579 has been updated
via 0b1b0da6ffc60991c0ccad85695631dec02db4da (commit)
from 6e7eee31fa6b4884490778ce4148eb346fa4bf28 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 0b1b0da6ffc60991c0ccad85695631dec02db4da
Author: haikuo zhang <zhanghaikuo at cnnic.cn>
Date: Tue Mar 13 09:43:56 2012 +0800
[1579] add RESULT_NSEC3_SIGNED flag if the zone is signed using nsec3 in
the response of NXDOMAIN and NXRRSET
-----------------------------------------------------------------------
Summary of changes:
src/lib/datasrc/database.cc | 31 ++++++++++++++++++++++++++-----
1 files changed, 26 insertions(+), 5 deletions(-)
-----------------------------------------------------------------------
diff --git a/src/lib/datasrc/database.cc b/src/lib/datasrc/database.cc
index 4e2fb15..25351e3 100644
--- a/src/lib/datasrc/database.cc
+++ b/src/lib/datasrc/database.cc
@@ -812,7 +812,18 @@ DatabaseClient::Finder::findNoNameResult(const Name& name, const RRType& type,
target)
{
const bool dnssec_data = ((options & FIND_DNSSEC) != 0);
-
+ //verify whether the zonefile is signed by NSEC3 method
+ //If the NSEC3PARAMETER type exists in the zonefile,NSEC3 is definitly used
+ //in this zone signature.
+ bool is_NSEC3 = false;
+ WantedTypes nsec3PARAM;
+ nsec3PARAM.insert(RRType::NSEC3PARAM());
+ const FoundRRsets NSEC3Found = getRRsets(origin_.toText(),nsec3PARAM,
+ false);
+ const FoundIterator nfi(NSEC3Found.second.find(RRType::NSEC3PARAM()));
+ if (nfi != NSEC3Found.second.end()) {
+ is_NSEC3 = true;
+ }
// On entry to this method, we know that the database doesn't have any
// entry for this name. Before returning NXDOMAIN, we need to check
// for special cases.
@@ -826,8 +837,13 @@ DatabaseClient::Finder::findNoNameResult(const Name& name, const RRType& type,
arg(accessor_->getDBName()).arg(name);
const ConstRRsetPtr nsec = dnssec_data ? findNSECCover(name) :
ConstRRsetPtr();
- return (ResultContext(NXRRSET, nsec,
- nsec ? RESULT_NSEC_SIGNED : RESULT_DEFAULT));
+ if (is_NSEC3 == true) {
+ return (ResultContext(NXRRSET, nsec,
+ nsec ? RESULT_NSEC_SIGNED : RESULT_NSEC3_SIGNED));
+ } else {
+ return (ResultContext(NXRRSET, nsec,
+ nsec ? RESULT_NSEC_SIGNED : RESULT_DEFAULT));
+ }
} else if ((options & NO_WILDCARD) == 0) {
// It's not an empty non-terminal and wildcard matching is not
// disabled, so check for wildcards. If there is a wildcard match
@@ -846,8 +862,13 @@ DatabaseClient::Finder::findNoNameResult(const Name& name, const RRType& type,
arg(accessor_->getDBName()).arg(name).arg(type).arg(getClass());
const ConstRRsetPtr nsec = dnssec_data ? findNSECCover(name) :
ConstRRsetPtr();
- return (ResultContext(NXDOMAIN, nsec,
- nsec ? RESULT_NSEC_SIGNED : RESULT_DEFAULT));
+ if (is_NSEC3 == true ) {
+ return (ResultContext(NXDOMAIN, nsec,
+ nsec ? RESULT_NSEC_SIGNED : RESULT_NSEC3_SIGNED));
+ } else {
+ return (ResultContext(NXDOMAIN, nsec,
+ nsec ? RESULT_NSEC_SIGNED : RESULT_DEFAULT));
+ }
}
ZoneFinder::ResultContext
More information about the bind10-changes
mailing list