BIND 10 #1583: auth::Query NSEC3 support: Wildcard no data case
BIND 10 Development
do-not-reply at isc.org
Wed Feb 15 01:45:45 UTC 2012
#1583: auth::Query NSEC3 support: Wildcard no data case
-------------------------------------+-------------------------------------
Reporter: | Owner: kevin_tes
jinmei | Status: reviewing
Type: task | Milestone:
Priority: major | Sprint-20120221
Component: | Resolution:
b10-auth | Sensitive: 0
Keywords: | Sub-Project: DNS
Defect Severity: N/A | Estimated Difficulty: 5
Feature Depending on Ticket: | Total Hours: 0
Add Hours to Ticket: 0 |
Internal?: 0 |
-------------------------------------+-------------------------------------
Comment (by kevin_tes):
Hello,
All seems ok to me.except that:
+ // Construct the matched wildcard name and add NSEC3 for it.
+ const Name wname = Name("*").concatenate(
+ qname_.split(qname_.getLabelCount() -
result.closest_labels));
+ const ZoneFinder::FindNSEC3Result
wresult(finder.findNSEC3(wname,
+
false));
+ if (wresult.matched) {
+ response_.addRRset(Message::SECTION_AUTHORITY,
+
boost::const_pointer_cast<AbstractRRset>(
+ wresult.closest_proof), dnssec_);
+ } else {
+ isc_throw(BadNSEC3, "No matching NSEC3 found for existing
domain "
+ << wname);
}
Does these mean in WILDCARD_NXRRSET, there must be 3 NSEC3 RRs to prove
this case?
Though i have not get one example,but i think may be in some case
next_proof equals this wresult.closest_proof.
Thanks.
--
Ticket URL: <http://bind10.isc.org/ticket/1583#comment:11>
BIND 10 Development <http://bind10.isc.org>
BIND 10 Development
More information about the bind10-tickets
mailing list