BIND 10 #1582: auth::Query NSEC3 support: No Data, DS case
BIND 10 Development
do-not-reply at isc.org
Sat Jan 21 02:29:26 UTC 2012
#1582: auth::Query NSEC3 support: No Data, DS case
-------------------------------------+-------------------------------------
Reporter: | Owner:
jinmei | Status: new
Type: task | Milestone: Next-Sprint-
Priority: major | Proposed
Component: | Resolution:
b10-auth | Sensitive: 0
Keywords: | Sub-Project: DNS
Defect Severity: N/A | Estimated Difficulty: 0
Feature Depending on Ticket: NSEC3 | Total Hours: 0
Add Hours to Ticket: 0 |
Internal?: 0 |
-------------------------------------+-------------------------------------
Description changed by jinmei:
Old description:
> This task implements RFC5155 7.2.3 and updates ZoneFinder::NXRRSET case
> of Query::process():
> - call findNSEC3(recursive = true) for the returned rrset.getName()
> (or qname). It will return the NSEC3 of the DS name (if exist)
> or the NSEC3 of the provable closest enclosure.
> - Check the # of label of the returned nsec.getName().
> If it's smaller than that of qname, It's a provable closest
> enclosure (different from the DS name). Construct the next closer
> name and call findNSEC3(recursive = false). It will return the
> NSEC3 covering the next closer.
> - add the returned NSEC3s to the authority section
>
> Depends on #1431 (and probably on #1570)
New description:
(updated based on #1431 discussion)
This task implements RFC5155 7.2.3 and updates ZoneFinder::NXRRSET case of
Query::process():
- call findNSEC3(qname, recursive=true). It will return either the
closest encloser proof (in case of opt out) or the NSEC3 that
matches the DS (query) name. These cases can be distinguished by
seeing whether next_proof is null.
- add the returned NSEC3s to the authority section
Depends on #1431 (and probably on #1570)
--
--
Ticket URL: <http://bind10.isc.org/ticket/1582#comment:1>
BIND 10 Development <http://bind10.isc.org>
BIND 10 Development
More information about the bind10-tickets
mailing list