Commit 52e97185 authored by JINMEI Tatuya's avatar JINMEI Tatuya
Browse files

[1579] suggested change: made findNoNameResult completely DNSSEC-agnostic.

same adjustment as the previous comment was made for tests.
also fixed a small bug in getDNSSECRRset(): I should have reversed the
logic for need_nscheck.
parent 07274f66
......@@ -783,7 +783,7 @@ DatabaseClient::Finder::FindDNSSECContext::getDNSSECRRset(const Name &name,
try {
const Name& nsec_name =
covering ? finder_.findPreviousName(name) : name;
const bool need_nscheck = (nsec_name == finder_.getOrigin());
const bool need_nscheck = (nsec_name != finder_.getOrigin());
const FoundRRsets found = finder_.getRRsets(nsec_name.toText(),
NSEC_TYPES(),
need_nscheck);
......@@ -955,12 +955,8 @@ DatabaseClient::Finder::findNoNameResult(const Name& name, const RRType& type,
// NSEC records if requested).
LOG_DEBUG(logger, DBG_TRACE_DETAILED, DATASRC_DATABASE_NO_MATCH).
arg(accessor_->getDBName()).arg(name).arg(type).arg(getClass());
const ConstRRsetPtr nsec = dnssec_ctx.isNSEC() ? findNSECCover(name) :
ConstRRsetPtr();
if (dnssec_ctx.isNSEC() && !nsec) {
isc_throw(DataSourceError, "no NSEC RR covers in the NSEC signed zone");
}
return (ResultContext(NXDOMAIN, nsec, dnssec_ctx.getResultFlags()));
return (ResultContext(NXDOMAIN, dnssec_ctx.getDNSSECRRset(name, true),
dnssec_ctx.getResultFlags()));
}
bool
......
......@@ -2444,14 +2444,13 @@ TYPED_TEST(DatabaseClientTest, NXDOMAIN_NSEC) {
if (!this->is_mock_) {
return; // We don't make the real DB to throw
}
// If the zone is signed with NSEC, find function should throw an error
// when no NSEC RRset for NXDOMAIN case.
EXPECT_THROW(doFindTest(*finder, Name("notimplnsec.example.org."),
RRType::TXT(), RRType::NSEC(), this->rrttl_,
ZoneFinder::NXDOMAIN, this->empty_rdatas_,
this->empty_rdatas_, ZoneFinder::RESULT_DEFAULT,
Name::ROOT_NAME(), ZoneFinder::FIND_DNSSEC),
DataSourceError);
// In this case the accessor doesn't support findPreviousName(), but the
// zone apex has NSEC, and the zone itself is considered NSEC-signed.
doFindTest(*finder, Name("notimplnsec.example.org."),
RRType::TXT(), RRType::NSEC(), this->rrttl_,
ZoneFinder::NXDOMAIN, this->empty_rdatas_,
this->empty_rdatas_, ZoneFinder::RESULT_NSEC_SIGNED,
Name::ROOT_NAME(), ZoneFinder::FIND_DNSSEC);
}
TYPED_TEST(DatabaseClientTest, emptyNonterminalNSEC) {
......@@ -2471,8 +2470,7 @@ TYPED_TEST(DatabaseClientTest, emptyNonterminalNSEC) {
if (!this->is_mock_) {
return; // We don't make the real DB to throw
}
// In this case the accessor doesn't support findPreviousName(), but the
// zone apex has NSEC, and the zone itself is considered NSEC-signed.
// See the corresponding case of NXDOMAIN_NSEC.
doFindTest(*finder, Name("here.wild.example.org."),
RRType::TXT(), RRType::NSEC(), this->rrttl_,
ZoneFinder::NXRRSET, this->empty_rdatas_,
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment