BIND 10 #1580: auth::Query NSEC3 support: Name Error case
BIND 10 Development
do-not-reply at isc.org
Wed Jan 18 07:33:48 UTC 2012
#1580: auth::Query NSEC3 support: Name Error case
-------------------------------------+-------------------------------------
Reporter: jinmei | Owner:
Type: task | Status: new
Priority: major | Milestone: Year
Component: b10-auth | 3 Task Backlog
Sensitive: 0 | Keywords:
Sub-Project: DNS | Defect Severity: N/A
Estimated Difficulty: 0 | Feature Depending on Ticket: NSEC3
Total Hours: 0 | Add Hours to Ticket: 0
| Internal?: 0
-------------------------------------+-------------------------------------
This task implements RFC5155 7.2.2 (and (7.2.9) and
update ZoneFinder::NXDOMAIN case of Query::process():
- call findNSEC3(recursive = true) for the returned rrset.getName().
it will return the NSEC3 of the closest provable enclosure.
- construct the next closer name and call findNSEC3(recursive =
false) for it. It will return NSEC3 covering the next closer.
The result should be covering (not exact); otherwise it means a
run-time collision, so we should return SERVFAIL as described
in RFC5155 7.2.9.
- construct the possible best wildcard name from the closest
provable enclosure and call findNSEC3(recursive = false) for it.
It will return NSEC3 covering the wildcard name.
- add the returned NSEC3s to the authority section
This task depends on #1431.
--
Ticket URL: <http://bind10.isc.org/ticket/1580>
BIND 10 Development <http://bind10.isc.org>
BIND 10 Development
More information about the bind10-tickets
mailing list