BIND 10 #1578: Update in memory ZoneFinder::find() for negative cases of NSEC3-signed zones

BIND 10 Development do-not-reply at isc.org
Sat Jan 21 02:15:39 UTC 2012 

#1578: Update in memory ZoneFinder::find() for negative cases of NSEC3-signed
zones
-------------------------------------+-------------------------------------
                   Reporter:         |                 Owner:
  jinmei                             |                Status:  new
                       Type:  task   |             Milestone:  Next-Sprint-
                   Priority:  major  |  Proposed
                  Component:  data   |            Resolution:
  source                             |             Sensitive:  0
                   Keywords:         |           Sub-Project:  DNS
            Defect Severity:  N/A    |  Estimated Difficulty:  0
Feature Depending on Ticket:  NSEC3  |           Total Hours:  0
        Add Hours to Ticket:  0      |
                  Internal?:  0      |
-------------------------------------+-------------------------------------
Description changed by jinmei:

Old description:

> The find() method will be expected to provide some useful information
> with negative results to help the upper layer collect necessary NSEC3
> RRs.  Specifically:
>
> - in case of NXDOMAIN, return an empty NSEC3 RRset whose owner name is
>   the closest enclosure of the name (which may or may not be provable)
> - in case of NXRRSET, return an empty NSEC3 RRset whose owner name is
>   the query name.
> - in case of WILDCARD_NXRRSET, return an empty NSEC3 RRset whose owner
>   name is the matching wildcard name.
>
> This task implements these in in-memory data source.
>
> This is independent from other NSEC3 tasks.

New description:

 (updated based on #1431 discussion)

 The find() method will be expected to provide some useful information
 with negative results to help the upper layer collect necessary NSEC3
 RRs.  Specifically:

 - For wildcard involved results, set the RESULT_WILDCARD flag
 - in case of NXDOMAIN and NXRRSET, if the zone is signed with NSEC3
   set the RESULT_NSEC3_SIGNED flag

 This task implements these in in-memory data source.

 It depends on #1431 (for the flag definitions), and possibly on #1574
 to know whether the zone is signed with NSEC3 (but these could be done
 in parallel with adjusting interfaces on merge).

--

-- 
Ticket URL: <http://bind10.isc.org/ticket/1578#comment:2>
BIND 10 Development <http://bind10.isc.org>
BIND 10 Development

More information about the bind10-tickets mailing list