[bind10-dev] BIND 10 trac2165_2, updated. ef85853043e2d5f1fe3c2d494cd4af3b553d88fa [2165] Strip RRSIGs from addditional records in DB datasource when DNSSEC is not asked
JINMEI Tatuya / 神明達哉
jinmei at isc.org
Mon Aug 20 21:12:17 UTC 2012
At Mon, 20 Aug 2012 20:46:45 +0000,
BIND 10 source code commits <bind10-changes at lists.isc.org> wrote:
This doesn't seem to be correct (or not really what we wanted to see):
> diff --git a/src/lib/datasrc/zone_finder_context.cc b/src/lib/datasrc/zone_finder_context.cc
> index 7913d71..019707b 100644
> --- a/src/lib/datasrc/zone_finder_context.cc
> +++ b/src/lib/datasrc/zone_finder_context.cc
> @@ -47,7 +47,24 @@ getAdditionalAddrs(ZoneFinder& finder, const Name& name,
> BOOST_FOREACH(RRType rrtype, requested_types) {
> ConstZoneFinderContextPtr ctx = finder.find(name, rrtype, options);
> if (ctx->code == ZoneFinder::SUCCESS) {
> - result_rrsets.push_back(ctx->rrset);
> + ConstRRsetPtr rr = ctx->rrset;
> + ConstRRsetPtr sig_rrset = rr->getRRsig();
> + if (sig_rrset &&
> + ((options & ZoneFinder::FIND_DNSSEC) == 0)) {
> + RRsetPtr result_base(new RRset(rr->getName(),
> + rr->getClass(),
> + rr->getType(),
> + rr->getTTL()));
> + for (RdataIteratorPtr i(rr->getRdataIterator());
> + !i->isLast();
> + i->next()) {
> + result_base->addRdata(i->getCurrent());
> + }
> +
> + result_rrsets.push_back(result_base);
> + } else {
> + result_rrsets.push_back(rr);
> + }
if we see an attached RRSIG in these RRsets in the finder context even
if the original query doesn't require DNSSEC records, the original
code is broken and should be fixed. getAdditionalAddrs() should be
able to be agnostics about this.
---
JINMEI, Tatuya
More information about the bind10-dev
mailing list