BIND 10 #1809: support NSEC for NXDOMAIN in in-memory

BIND 10 Development do-not-reply at isc.org
Tue May 8 18:10:28 UTC 2012 

#1809: support NSEC for NXDOMAIN in in-memory
-------------------------------------+-------------------------------------
                   Reporter:         |                 Owner:
  jinmei                             |                Status:  new
                       Type:  task   |             Milestone:
                   Priority:         |  Sprint-20120515
  medium                             |            Resolution:
                  Component:  data   |             Sensitive:  0
  source                             |           Sub-Project:  DNS
                   Keywords:         |  Estimated Difficulty:  3
            Defect Severity:  N/A    |           Total Hours:  0
Feature Depending on Ticket:  in-    |
  memory NSEC                        |
        Add Hours to Ticket:  0      |
                  Internal?:  0      |
-------------------------------------+-------------------------------------
Description changed by jinmei:

Old description:

> We'll update this case of InMemoryZoneFinder::find().
>
> {{{#!c++
>                 // fall through
>             case DomainTree::NOTFOUND:
>                 LOG_DEBUG(logger, DBG_TRACE_DATA, DATASRC_MEM_NOT_FOUND).
>                     arg(name);
>                 return (createFindResult(NXDOMAIN, ConstRBNodeRRsetPtr(),
>                                          false));
> }}}
>
> It uses getClosestNSEC() to get the NSEC for the previous name of the
> non-existent name and includes it in the answer.  Note that it
> shouldn't do this extra work unless DNSSEC is required and the zone is
> known to be NSEC-signed (because the cost is not zero).
>
> It dpends on #1802, #1803, #1804, dnd #1805.

New description:

 We'll update this case of InMemoryZoneFinder::find().

 {{{#!c++
                 // fall through
             case DomainTree::NOTFOUND:
                 LOG_DEBUG(logger, DBG_TRACE_DATA, DATASRC_MEM_NOT_FOUND).
                     arg(name);
                 return (createFindResult(NXDOMAIN, ConstRBNodeRRsetPtr(),
                                          false));
 }}}

 It uses getClosestNSEC() to get the NSEC for the previous name of the
 non-existent name and includes it in the answer.  Note that it
 shouldn't do this extra work unless DNSSEC is required and the zone is
 known to be NSEC-signed (because the cost is not zero).

 It dpends on #1802, #1803, #1804, dnd #1805.

 REVISED: a revised version of #1805 doesn't need #1803 or #1804. This
 task can be started once the revised version of #1805 is ready.

--

-- 
Ticket URL: <http://bind10.isc.org/ticket/1809#comment:3>
BIND 10 Development <http://bind10.isc.org>
BIND 10 Development

More information about the bind10-tickets mailing list