BIND 10 #2659: handle empty-nonterminal name with opt-outed NSEC3
BIND 10 Development
do-not-reply at isc.org
Wed Jan 23 19:30:54 UTC 2013
#2659: handle empty-nonterminal name with opt-outed NSEC3
-------------------------------------+-------------------------------------
Reporter: | Owner:
jinmei | Status: new
Type: | Milestone: Previous-
defect | Sprint-Proposed
Priority: | Keywords:
medium | Sensitive: 0
Component: | Sub-Project: DNS
b10-auth | Estimated Difficulty: 0
CVSS Scoring: | Total Hours: 0
Defect Severity: N/A |
Feature Depending on Ticket: |
Add Hours to Ticket: 0 |
Internal?: 0 |
-------------------------------------+-------------------------------------
See the discussion at bind10-dev
https://lists.isc.org/pipermail/bind10-dev/2013-January/004279.html
An errata about the spec was submitted, which seems to be based on
the consensus of the dnsext wg:
https://lists.isc.org/pipermail/bind10-dev/2013-January/004279.html
We should implement it.
Specifically we should change the `Query::addNSEC3ForName` method of
b10-auth. BIND 9 has code handling opt-out in
bin/named/query.c:query_findclosestnsec3(). It's probably better to
check it. We should probably also have to check why we didn't
implement it that way in our first implementation as this behavior gap
may mean we overlooked some other things.
--
Ticket URL: <http://bind10.isc.org/ticket/2659>
BIND 10 Development <http://bind10.isc.org>
BIND 10 Development
More information about the bind10-tickets
mailing list