BIND 10 #1583: auth::Query NSEC3 support: Wildcard no data case

BIND 10 Development do-not-reply at isc.org
Sat Jan 21 03:13:39 UTC 2012 

#1583: auth::Query NSEC3 support: Wildcard no data case
-------------------------------------+-------------------------------------
                   Reporter:         |                 Owner:
  jinmei                             |                Status:  new
                       Type:  task   |             Milestone:  Next-Sprint-
                   Priority:  major  |  Proposed
                  Component:         |            Resolution:
  b10-auth                           |             Sensitive:  0
                   Keywords:         |           Sub-Project:  DNS
            Defect Severity:  N/A    |  Estimated Difficulty:  0
Feature Depending on Ticket:         |           Total Hours:  0
        Add Hours to Ticket:  0      |
                  Internal?:  0      |
-------------------------------------+-------------------------------------
Description changed by jinmei:

Old description:

> (updated based on #1431 discussion)
>
> This task implements RFC5155 7.2.5 and updates ZoneFinder::NXRRSET
> case (with RESULT_WILDCARD and RESULT_NSEC3_SIGNED flags) of
> Query::process():
>
> - call findNSEC3(recursive=true) for qname.  It will return the
>   closest encloser proof of the non existence of the qname.  If
>   next_proof is null, it's a run time collision or otherwise broken
>   zone, so return SERVFAIL.
> - construct the matching wildcard name.  it's a wildcard label (*)
>   prepended to the closest enclosure identified in the first step.
>   then call findNSEC3(recursive=false) for the wildcard name.  It
>   should return the matching NSEC for the wildcard.  If it's not
>   matching, return SERVFAIL.
> - add the returned NSEC3s to the authority section
>
> Depends on #1431.

New description:

 (updated based on #1431 discussion)

 This task implements RFC5155 7.2.5 and updates ZoneFinder::NXRRSET
 case (with RESULT_WILDCARD and RESULT_NSEC3_SIGNED flags) of
 Query::process():

 - call findNSEC3(recursive=true) for qname.  It will return the
   closest encloser proof of the non existence of the qname.  If
   next_proof is null, it's a run time collision or otherwise broken
   zone, so return SERVFAIL.
 - construct the matching wildcard name.  it's a wildcard label (*)
   prepended to the closest enclosure identified in the first step
   (the closest encloser can be constructed from the qname and
   closest_labels of the return value of first call to findNSEC3()).
   then call findNSEC3(recursive=false) for the wildcard name.  It
   should return the matching NSEC for the wildcard.  If it's not
   matching, return SERVFAIL.
 - add the returned NSEC3s to the authority section

 Depends on #1431.

--

-- 
Ticket URL: <http://bind10.isc.org/ticket/1583#comment:2>
BIND 10 Development <http://bind10.isc.org>
BIND 10 Development

More information about the bind10-tickets mailing list