BIND 10 #1583: auth::Query NSEC3 support: Wildcard no data case
BIND 10 Development
do-not-reply at isc.org
Wed Jan 18 07:42:06 UTC 2012
#1583: auth::Query NSEC3 support: Wildcard no data case
-------------------------------------+-------------------------------------
Reporter: jinmei | Owner:
Type: task | Status: new
Priority: major | Milestone: Next-
Component: b10-auth | Sprint-Proposed
Sensitive: 0 | Keywords:
Sub-Project: DNS | Defect Severity: N/A
Estimated Difficulty: 0 | Feature Depending on Ticket:
Total Hours: 0 | Add Hours to Ticket: 0
| Internal?: 0
-------------------------------------+-------------------------------------
This task implements RFC5155 7.2.5 and updates
ZoneFinder::WILDCARD_NXRRSET case of Query::process():
- call findNSEC3(recursive = false) for rrset.getName() of the
returned rrset (it's for the matching wildcard). It will return
the NSEC3 that matches the wildcard. If the result is not exact
matching we'd probably return SERVFAIL.
- call findNSEC3(recursive = true) for qname. It will return the
NSEC3 of the provable closest enclosure. Its label length should
be shorter than that of qname; otherwise we'd probably return
SERVFAIL.
- construct the next closer name based on the closest enclosure and
qname, and call findNSEC3(recursive = false) for it. It will
return the NSEC3 covering the next closer. This shouldn't be an
exact match; otherwise we'd probably return SERVFAIL.
- add the returned NSEC3s to the authority section
Depends on #1431.
--
Ticket URL: <https://bind10.isc.org/ticket/1583>
BIND 10 Development <http://bind10.isc.org>
BIND 10 Development
More information about the bind10-tickets
mailing list