BIND 10 #1807: support NSEC for empty non-terminal in in-memory (2/2)

BIND 10 Development do-not-reply at isc.org
Tue May 8 18:09:37 UTC 2012 

#1807: support NSEC for empty non-terminal in in-memory (2/2)
-------------------------------------+-------------------------------------
                   Reporter:         |                 Owner:
  jinmei                             |                Status:  new
                       Type:  task   |             Milestone:
                   Priority:         |  Sprint-20120515
  medium                             |            Resolution:
                  Component:  data   |             Sensitive:  0
  source                             |           Sub-Project:  DNS
                   Keywords:         |  Estimated Difficulty:  3
            Defect Severity:  N/A    |           Total Hours:  0
Feature Depending on Ticket:  in-    |
  memory NSEC                        |
        Add Hours to Ticket:  0      |
                  Internal?:  0      |
-------------------------------------+-------------------------------------
Description changed by jinmei:

Old description:

> We'll update this case of InMemoryZoneFinder::find().  it's another empty
> non terminal case (may or may not be wildcard)
>
> {{{#!c++
>         // If there is an exact match but the node is empty, it's
> equivalent
>         // to NXRRSET.
>         if (node->isEmpty()) {
>             LOG_DEBUG(logger, DBG_TRACE_DATA, DATASRC_MEM_DOMAIN_EMPTY).
>                 arg(name);
>             return (createFindResult(NXRRSET, ConstRBNodeRRsetPtr(),
> rename));
>         }
> }}}
>
> It uses getClosestNSEC() to get the NSEC for the previous name of the
> empty name and includes it in the answer.  Note that it shouldn't do
> this extra work unless DNSSEC is required and the zone is known to be
> NSEC-signed (because the cost is not zero).
>
> Test both wildcard and non-wildcard cases.
>
> Depends on #1802, #1803 and #1805 (no need for #1804).

New description:

 We'll update this case of InMemoryZoneFinder::find().  it's another empty
 non terminal case (may or may not be wildcard)

 {{{#!c++
         // If there is an exact match but the node is empty, it's
 equivalent
         // to NXRRSET.
         if (node->isEmpty()) {
             LOG_DEBUG(logger, DBG_TRACE_DATA, DATASRC_MEM_DOMAIN_EMPTY).
                 arg(name);
             return (createFindResult(NXRRSET, ConstRBNodeRRsetPtr(),
 rename));
         }
 }}}

 It uses getClosestNSEC() to get the NSEC for the previous name of the
 empty name and includes it in the answer.  Note that it shouldn't do
 this extra work unless DNSSEC is required and the zone is known to be
 NSEC-signed (because the cost is not zero).

 Test both wildcard and non-wildcard cases.

 Depends on #1802, #1803 and #1805 (no need for #1804).

 REVISED: a revised version of #1805 doesn't need #1803. This task can
 be started once the revised version of #1805 is ready.

--

-- 
Ticket URL: <http://bind10.isc.org/ticket/1807#comment:4>
BIND 10 Development <http://bind10.isc.org>
BIND 10 Development

More information about the bind10-tickets mailing list