BIND 10 #1891: implement addRecordToNSEC3Zone and deleteRecordInNSEC3Zone for SQLite3 accessor

Wed Apr 18 04:26:35 UTC 2012

#1891: implement addRecordToNSEC3Zone and deleteRecordInNSEC3Zone for SQLite3
accessor
-------------------------------------+-------------------------------------
                   Reporter:         |                 Owner:  jinmei
  jinmei                             |                Status:  accepted
                       Type:  task   |             Milestone:
                   Priority:  low    |  Sprint-20120501
                  Component:  data   |            Resolution:
  source                             |             Sensitive:  0
                   Keywords:         |           Sub-Project:  DNS
            Defect Severity:  N/A    |  Estimated Difficulty:  0
Feature Depending on Ticket:  NSEC3  |           Total Hours:  0
        Add Hours to Ticket:  0      |
                  Internal?:  0      |
-------------------------------------+-------------------------------------

Comment (by jinmei):

 trac1891 is (basically) ready for review.

 It depends on #1781, and I believe it's close to merge, but this
 branch should be reviewed after #1781 is completed.

 The first commit was to incorporate a snapshot of trac1781 branch
 and should be ignored for review.

 I also made a few cleanups and not-directly-related bug fixes in
 358beb2, d7cf5f8, bea9aaf and e7c91fe.

 And I extended a lettuce test so we can be really sure that
 NSEC3-containing zone can be transferred in or out.  It's 14a13b8.
 (This relies on the number of RRs of the zone and may be fragile, so
 once #1794 is ready we should probably do it there).

 I think other main changes are generally straightforward, but there's
 one possibly controversial point: the current addNSEC3RecordToZone()
 interface doesn't pass the complete "owner" of the record while the
 full-iterator implementation relies on this column.  So this branch
 internally generates the complete owner name in addNSEC3RecordToZone()
 and stores it in the nsec3 table.  Personally, however, I would
 rather deprecate this column and update the iterator so it won't rely
 on it; even if this is not convincing, creating the complete owner
 name in addNSEC3RecordToZone() is probably a bad approach, and in that
 case we should pass it as part of the API.  For now, however, I
 suggest moving forward with this workaround.  I plan to trigger a
 discussion on this on the dev list.

 Finally, I think we'll need a changelog for this.  This is the
 proposed entry:

 {{{
 427.?   [bug]           jinmei
         libdatasrc, b10-xfrin: the zone updater for database-based data
         sources now correctly distinguishes NSEC3-related RRs (NSEC3 and
         NSEC3-covering RRSIG) from others, and the SQLite3 implementation
         now manipulates them in the separate table for the NSEC3
 namespace.
         As a result b10-xfrin now correctly updates NSEC3-signed zones by
         inbound zone transfers.
         (Trac #1891, git TBD)
 }}}

-- 
Ticket URL: <http://bind10.isc.org/ticket/1891#comment:3>
BIND 10 Development <http://bind10.isc.org>
BIND 10 Development