Commit 5b301ea5 authored by JINMEI Tatuya's avatar JINMEI Tatuya
Browse files

[1587] unified non-recursive findNSEC3 cases into a helper method,

addNSEC3ForName().
parent d121f511
......@@ -191,6 +191,20 @@ Query::addClosestEncloserProof(ZoneFinder& finder, const Name& name,
return (result.closest_labels);
}
void
Query::addNSEC3ForName(ZoneFinder& finder, const Name& name, bool match) {
const ZoneFinder::FindNSEC3Result result = finder.findNSEC3(name, false);
if (match != result.matched) {
isc_throw(BadNSEC3, "Unexpected "
<< (result.matched ? "matching" : "covering")
<< " NSEC3 found for " << name);
}
response_.addRRset(Message::SECTION_AUTHORITY,
boost::const_pointer_cast<AbstractRRset>(
result.closest_proof),
dnssec_);
}
void
Query::addNXDOMAINProofByNSEC3(ZoneFinder& finder) {
// Firstly get the NSEC3 proves for Closest Encloser Proof
......@@ -202,16 +216,7 @@ Query::addNXDOMAINProofByNSEC3(ZoneFinder& finder) {
// '*' followed by the closest encloser, and add NSEC3 for it.
const Name wildname(Name("*").concatenate(
qname_.split(qname_.getLabelCount() - closest_labels)));
const ZoneFinder::FindNSEC3Result fresult2 =
finder.findNSEC3(wildname, false);
if (fresult2.matched) {
isc_throw(BadNSEC3, "Matching NSEC3 found for nonexistent domain "
<< wildname);
}
response_.addRRset(Message::SECTION_AUTHORITY,
boost::const_pointer_cast<AbstractRRset>(
fresult2.closest_proof),
dnssec_);
addNSEC3ForName(finder, wildname, false);
}
void
......@@ -306,44 +311,22 @@ Query::addNXRRsetProof(ZoneFinder& finder,
addWildcardNXRRSETProof(finder, db_result.rrset);
}
} else if (db_result.isNSEC3Signed() && !db_result.isWildcard()) {
// Handling depends on whether query type is DS or not
// (see RFC5155, 7.2.3 and 7.2.4): If qtype == DS, do
// recursive search (and add next_proof, if necessary),
// otherwise, do non-recursive search
const bool qtype_ds = (qtype_ == RRType::DS());
if (qtype_ds) {
if (qtype_ == RRType::DS()) {
// RFC5155, 7.2.4. Add either NSEC3 for the qname or closest
// (provable) encloser proof in case of optout.
addClosestEncloserProof(finder, qname_, true);
} else {
ZoneFinder::FindNSEC3Result result(finder.findNSEC3(qname_,
false));
if (result.matched) {
response_.addRRset(Message::SECTION_AUTHORITY,
boost::const_pointer_cast<AbstractRRset>(
result.closest_proof), dnssec_);
} else {
isc_throw(BadNSEC3,
"No matching NSEC3 found for existing domain "
<< qname_);
}
// RFC5155, 7.2.3. Just add NSEC3 for the qname.
addNSEC3ForName(finder, qname_, true);
}
} else if (db_result.isNSEC3Signed() && db_result.isWildcard()) {
// Case for RFC5155 Section 7.2.5
// Case for RFC5155 Section 7.2.5: add closest encloser proof for the
// qname, construct the matched wildcard name and add NSEC3 for it.
const uint8_t closest_labels =
addClosestEncloserProof(finder, qname_, false);
// Construct the matched wildcard name and add NSEC3 for it.
const Name wname = Name("*").concatenate(
qname_.split(qname_.getLabelCount() - closest_labels));
const ZoneFinder::FindNSEC3Result wresult(finder.findNSEC3(wname,
false));
if (wresult.matched) {
response_.addRRset(Message::SECTION_AUTHORITY,
boost::const_pointer_cast<AbstractRRset>(
wresult.closest_proof), dnssec_);
} else {
isc_throw(BadNSEC3, "No matching NSEC3 found for existing domain "
<< wname);
}
addNSEC3ForName(finder, wname, true);
}
}
......
......@@ -208,6 +208,9 @@ private:
const isc::dns::Name& name, bool exact_ok,
bool add_closet = true);
void addNSEC3ForName(isc::datasrc::ZoneFinder& finder,
const isc::dns::Name& name, bool match);
public:
/// Constructor from query parameters.
///
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment