BIND 10 #1806: support NSEC for empty non-terminal in in-memory (1/2)

BIND 10 Development do-not-reply at isc.org
Sun Mar 18 08:41:38 UTC 2012 

#1806: support NSEC for empty non-terminal in in-memory (1/2)
-------------------------------------+-------------------------------------
                   Reporter:         |                 Owner:
  jinmei                             |                Status:  new
                       Type:  task   |             Milestone:  New Tasks
                   Priority:         |            Resolution:
  medium                             |             Sensitive:  0
                  Component:  data   |           Sub-Project:  DNS
  source                             |  Estimated Difficulty:  0
                   Keywords:         |           Total Hours:  0
            Defect Severity:  N/A    |
Feature Depending on Ticket:  in-    |
  memory NSEC                        |
        Add Hours to Ticket:  0      |
                  Internal?:  0      |
-------------------------------------+-------------------------------------
Description changed by jinmei:

Old description:

> We'll update this case InMemoryZoneFinder::find().  it's an empty non
> terminal case (and shouldn't be wildcard, but check that)
>
> {{{#!c++
>                 if (node_path.getLastComparisonResult().getRelation() ==
>                     NameComparisonResult::SUPERDOMAIN) {
>                     LOG_DEBUG(logger, DBG_TRACE_DATA,
> DATASRC_MEM_SUPER_STOP).
>                         arg(name);
>                     return (createFindResult(NXRRSET,
> ConstRBNodeRRsetPtr()));
>                 }
> }}}
>
> It uses getClosestNSEC() (see #1805) to get the NSEC for the previous
> name of the empty name and includes it in the answer.  Note that it
> shouldn't do this extra work unless DNSSEC is required and the zone is
> known to be NSEC-signed (because the cost is not zero).
>
> It depends on #1803 and #1805.  It doesn't need #1804.

New description:

 We'll update this case InMemoryZoneFinder::find().  it's an empty non
 terminal case (and shouldn't be wildcard, but check that)

 {{{#!c++
                 if (node_path.getLastComparisonResult().getRelation() ==
                     NameComparisonResult::SUPERDOMAIN) {
                     LOG_DEBUG(logger, DBG_TRACE_DATA,
 DATASRC_MEM_SUPER_STOP).
                         arg(name);
                     return (createFindResult(NXRRSET,
 ConstRBNodeRRsetPtr()));
                 }
 }}}

 It uses getClosestNSEC() (see #1805) to get the NSEC for the previous
 name of the empty name and includes it in the answer.  Note that it
 shouldn't do this extra work unless DNSSEC is required and the zone is
 known to be NSEC-signed (because the cost is not zero).

 It depends on #1802, #1803 and #1805.  It doesn't need #1804.

--

-- 
Ticket URL: <http://bind10.isc.org/ticket/1806#comment:1>
BIND 10 Development <http://bind10.isc.org>
BIND 10 Development

More information about the bind10-tickets mailing list