BIND 10 #1808: support NSEC for normal NXRRSET in in-memory

BIND 10 Development do-not-reply at isc.org
Wed May 9 23:03:41 UTC 2012 

#1808: support NSEC for normal NXRRSET in in-memory
-------------------------------------+-------------------------------------
                   Reporter:         |                 Owner:  jinmei
  jinmei                             |                Status:  reviewing
                       Type:  task   |             Milestone:
                   Priority:         |  Sprint-20120515
  medium                             |            Resolution:
                  Component:  data   |             Sensitive:  0
  source                             |           Sub-Project:  DNS
                   Keywords:         |  Estimated Difficulty:  3
            Defect Severity:  N/A    |           Total Hours:  0
Feature Depending on Ticket:  in-    |
  memory NSEC                        |
        Add Hours to Ticket:  0      |
                  Internal?:  0      |
-------------------------------------+-------------------------------------

Comment (by jinmei):

 - I made some editorial fixes to the branch.  I think I've pointed out
   these things several times.  Things like redundant white space or
   space after comma should be avoidable using some tool.  If you
   cannot avoid introducing these in editing, please seriously consider
   using some tool before asking for review.  Discussing such primitive
   things in review cycles is not a very efficient way of using our
   time.

 - about the main change: unlike the comment it doesn't seem to check
   whether DNSSEC are requested.  Also there's no test for that case to
   confirm or deny the suspicion.

 - DATASRC_MEM_NXRRSET is used in two different places.  We must not do
   it for our logging policy.

 - I'd combine the with-or-without NSEC case using a small helper
   function.  See, e.g., trac1805 and how getClosestNSEC() is used in
   the NXDOMAIN case.  This would also solve the duplicated log ID
   issue.

 - As noted above, we need to test the case when DNSSEC records are not
   requested but the zone is NSEC signed.

 - Why did you remove the findNSECSigned test?  Due to that some test
   cases were lost.

 - This comment doesn't seem to be very helpful.  In some sense, it's
   too trivial; on the other hand, it's too blunt and not clear what it
   tries to comment.
 {{{#!cpp
 // Test if NSEC works
 }}}

-- 
Ticket URL: <http://bind10.isc.org/ticket/1808#comment:8>
BIND 10 Development <http://bind10.isc.org>
BIND 10 Development

More information about the bind10-tickets mailing list