BIND 10 #1573: auth::Query needs to return DS for secure delegation

BIND 10 Development do-not-reply at isc.org
Mon Jan 30 10:29:25 UTC 2012 

#1573: auth::Query needs to return DS for secure delegation
-------------------------------------+-------------------------------------
                   Reporter:         |                 Owner:  jinmei
  jinmei                             |                Status:  reviewing
                       Type:  task   |             Milestone:
                   Priority:         |  Sprint-20120207
  critical                           |            Resolution:
                  Component:         |             Sensitive:  0
  b10-auth                           |           Sub-Project:  DNS
                   Keywords:         |  Estimated Difficulty:  5
            Defect Severity:  N/A    |           Total Hours:  4
Feature Depending on Ticket:         |
        Add Hours to Ticket:  0      |
                  Internal?:  0      |
-------------------------------------+-------------------------------------
Changes (by jelte):

 * owner:  jelte => jinmei


Comment:

 Replying to [comment:9 jinmei]:
 > '''query.cc'''
 >
 > - If we name addNXRRsetDenial with the postfix of "Denial", maybe we
 >   should be consistent for addNXDOMAINProof, addWildcardProof, and
 >   addWildcardNXRRSETProof?
 >

 I've renamed addNXRRset to Proof to be consistent with the existent ones.

 > '''query_unittest.cc'''
 >
 > - I'd add one-line comment before this to explain what will follow.
 > {{{#!c++
 > const char* const signed_delegation_txt =
 >     "signed-delegation.example.com. 3600 IN NS ns.example.net.\n";
 > }}}
 >

 Added one for each type of delegation I added.

 > > > maybe we need a changelog for this?
 > >
 > > Ack.
 > >
 > > [func] jelte
 > > The in-memory datasource now correctly includes DS records (or the
 denial of its existence if NSEC is used) when returning a delegation from
 a signed zone.
 > > (Trac 1573, git ###)
 >
 > The auth::Query class is not intended to be in-memory only, so I'd say
 > something like
 > {{{
 > The new query handling module of b10-auth (currently only used with the
 > in-memory data source) now correctly...
 > }}}

 Ah doh, of course.

 > Also, we might say this is a "bug" (fix), but I'd leave it to you.

 Ok.

 [bug] jelte
 The new query handling module of b10-auth (currently only used with the
 in-memory data source) now correctly includes the DS record (or the denial
 of its existence if NSEC is used).

-- 
Ticket URL: <http://bind10.isc.org/ticket/1573#comment:11>
BIND 10 Development <http://bind10.isc.org>
BIND 10 Development

More information about the bind10-tickets mailing list