BIND 10 #1585: auth::Query NSEC3 support: Unsigned referrals case
BIND 10 Development
do-not-reply at isc.org
Wed Jan 18 07:46:19 UTC 2012
#1585: auth::Query NSEC3 support: Unsigned referrals case
-------------------------------------+-------------------------------------
Reporter: jinmei | Owner:
Type: task | Status: new
Priority: major | Milestone: Next-
Component: b10-auth | Sprint-Proposed
Sensitive: 0 | Keywords:
Sub-Project: DNS | Defect Severity: N/A
Estimated Difficulty: 0 | Feature Depending on Ticket: NSEC3
Total Hours: 0 | Add Hours to Ticket: 0
| Internal?: 0
-------------------------------------+-------------------------------------
This task implements RFC5155 7.2.7 and further updates #1573 in case
it results in NXRRSET, and if the returned RRset is not of NSEC:
- call findNSEC3(recursive = true) for the delegation name. It will
return either the NSEC3 that matches the delegation name or the
NSEC3 that matches the closest provable enclosure of the
delegation name (but different from it). These two cases can be
distinguished by label comparison.
- If it's the NSEC3 of the closest provable enclosure, construct the
next closer name and call findNSEC3(recursive = false) for it. It
will return the NSEC3 that covers the next closer. The result
shouldn't be an exact match; otherwise wed' probably return
SERVFAIL.
- add the returned NSEC3s to the authority section.
Depends on #1431 and #1573.
--
Ticket URL: <https://bind10.isc.org/ticket/1585>
BIND 10 Development <http://bind10.isc.org>
BIND 10 Development
More information about the bind10-tickets
mailing list