BIND 10 #1579: Update database ZoneFinder::find() for negative cases of NSEC3-signed zones
BIND 10 Development
do-not-reply at isc.org
Tue Mar 6 06:21:23 UTC 2012
#1579: Update database ZoneFinder::find() for negative cases of NSEC3-signed zones
-------------------------------------+-------------------------------------
Reporter: | Owner:
jinmei | Status: new
Type: task | Milestone: Next-Sprint-
Priority: major | Proposed
Component: data | Resolution:
source | Sensitive: 0
Keywords: | Sub-Project: DNS
Defect Severity: N/A | Estimated Difficulty: 0
Feature Depending on Ticket: | Total Hours: 0
Add Hours to Ticket: 0 |
Internal?: 0 |
-------------------------------------+-------------------------------------
Comment (by jinmei):
This task should be easy once find() knows it's NSEC3-signed.
The difficult part is how to get that information. My current idea
is that when find() is called with DNSSEC required, it first gets
all records at the zone origin anyway (it may cache the result for
some period) and sees if the apex name has NSEC or NSEC3PARAM, and uses
that information to detect whether and how the zone is signed.
This lookup result could also be used for subsequent NS or SOA lookup,
so it wouldn't be that much heavy overhead.
--
Ticket URL: <http://bind10.isc.org/ticket/1579#comment:2>
BIND 10 Development <http://bind10.isc.org>
BIND 10 Development
More information about the bind10-tickets
mailing list