Commit 863e56e6 authored by JINMEI Tatuya's avatar JINMEI Tatuya
Browse files

[1584review] simplification: we actually didn't have to calculate the next

closer from the wildcard; the next closer of the closest encloser must be it
by definition.
parent 80df2d4f
......@@ -189,6 +189,10 @@ Query::addWildcardProof(ZoneFinder& finder,
dnssec_);
} else if (db_result.isNSEC3Signed() && db_result.isWildcard()) {
// case for RFC5155 Section 7.2.6
// Note that the closest encloser must be the immediate ancestor
// of the matching wildcard, so NSEC3 for its next closer is what
// we are expected to provided per the RFC (if this assumption isn't
// met the zone is broken anyway).
const ZoneFinder::FindNSEC3Result NSEC3Result(
finder.findNSEC3(qname_, true));
if (NULL == NSEC3Result.next_proof) {
......@@ -198,15 +202,6 @@ Query::addWildcardProof(ZoneFinder& finder,
response_.addRRset(Message::SECTION_AUTHORITY,
boost::const_pointer_cast<AbstractRRset>(
NSEC3Result.next_proof), dnssec_);
const Name wname =
qname_.split(qname_.getLabelCount() -
NSEC3Result.closest_labels - 1);
const ZoneFinder::FindNSEC3Result wresult(
finder.findNSEC3(wname, false));
if (wresult.matched) {
isc_throw(BadNSEC3, "Unexpected NSEC3 "
"found for existing domain " << wname);
}
}
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment