BIND 10 #1310: auth NSEC support: Handle WILDCARD_NXRRSET case
BIND 10 Development
do-not-reply at isc.org
Thu Nov 17 05:37:52 UTC 2011
#1310: auth NSEC support: Handle WILDCARD_NXRRSET case
-------------------------------------+-------------------------------------
Reporter: | Owner: UnAssigned
jinmei | Status: reviewing
Type: task | Milestone:
Priority: major | Sprint-20111122
Component: | Resolution:
b10-auth | Sensitive: 0
Keywords: | Sub-Project: DNS
Defect Severity: N/A | Estimated Difficulty: 3
Feature Depending on Ticket: | Total Hours: 0
Add Hours to Ticket: |
Internal?: 0 |
-------------------------------------+-------------------------------------
Comment (by kevin_tes):
handle the WILDCARD_NXRRSET.
In this case,if zone is secure and support NSEC,
an NSEC RR proving that there is no exact match for QNAME,
an NSEC RR proving that the zone contains no RRsets that
would match <QNAME,QTYPE>,via wildcard name expansion,
should add those to the authority section.
Some times one NSEC RR can do the same thing.
In case of this,the respone should remove the duplicate one.
I only test the one NSEC RR can do the same thing( that to say: the
respone should remove the duplicate one.)
Because:i found that in the query_unittest.cc:
ZoneFinder::FindResult
MockZoneFinder::find():
when it goes down to wildcard branch:
if ((options & NO_WILDCARD) == 0) {
const Name wild_suffix("wild.example.com");
I am not sure why fixed this domain("wild.example.com") here.
If added new unit test not using this domain,,,this branch should be
overrided, this may affect other unit test.
But used this domain("wild.example.com"), i can not write unit test about
two NSEC RRs.
--
Ticket URL: <http://bind10.isc.org/ticket/1310#comment:10>
BIND 10 Development <http://bind10.isc.org>
BIND 10 Development
More information about the bind10-tickets
mailing list