BIND 10 #1431: NSEC3: closest provable encloser proof
BIND 10 Development
do-not-reply at isc.org
Sat Jan 21 02:05:47 UTC 2012
#1431: NSEC3: closest provable encloser proof
-------------------------------------+-------------------------------------
Reporter: | Owner: vorner
stephen | Status: reviewing
Type: | Milestone:
enhancement | Sprint-20120124
Priority: major | Resolution:
Component: | Sensitive: 0
Unclassified | Sub-Project: DNS
Keywords: | Estimated Difficulty: 6
Defect Severity: N/A | Total Hours: 0
Feature Depending on Ticket: NSEC3 |
Add Hours to Ticket: 0 |
Internal?: 0 |
-------------------------------------+-------------------------------------
Comment (by jinmei):
Replying to [comment:17 jinmei]:
> Would something like this make sense? If so, what I'd propose for
> this ticket is:
>
> - introduce the flag field to FindResult and update the find()
> interface so that if the zone is signed with NSEC/NSEC3 the
> corresponding flags are set, and same for wildcard.
> - deprecate WILDCARD_xxx and have the caller refer to this flag
> - remove the idea of returning NSEC3 RRset from find() and allowing
> the caller to use it for findNSEC3() for now. The idea of
> FindContext will be big enough (and non urgent), so it's probably
> better to postpone it.
I've updated the branch toward this direction, but not completely
deprecated WILDCARD_xxx as it would require rather big changes to the
existing database data source implementation. For now, I introduced a
quick hack wrapper in the auth Query code to convert the old format to
the new one.
If this approach is okay I'll create a separate ticket for the
subsequent refactoring.
--
Ticket URL: <http://bind10.isc.org/ticket/1431#comment:19>
BIND 10 Development <http://bind10.isc.org>
BIND 10 Development
More information about the bind10-tickets
mailing list