Commit cb086eea authored by JINMEI Tatuya's avatar JINMEI Tatuya
Browse files

[1584review] cleanup and comment update: removed redundant check for isWildcard.

also updated method description in .h to clarify it also handles NSEC3.
parent 694ee392
...@@ -171,10 +171,12 @@ void ...@@ -171,10 +171,12 @@ void
Query::addWildcardProof(ZoneFinder& finder, Query::addWildcardProof(ZoneFinder& finder,
const ZoneFinder::FindResult& db_result) const ZoneFinder::FindResult& db_result)
{ {
if (db_result.isNSECSigned()) {
// Case for RFC4035 Section 3.1.3.3.
//
// The query name shouldn't exist in the zone if there were no wildcard // The query name shouldn't exist in the zone if there were no wildcard
// substitution. Confirm that by specifying NO_WILDCARD. It should result // substitution. Confirm that by specifying NO_WILDCARD. It should
// in NXDOMAIN and an NSEC RR that proves it should be returned. // result in NXDOMAIN and an NSEC RR that proves it should be returned.
if (db_result.isNSECSigned() && db_result.isWildcard()){
const ZoneFinder::FindResult fresult = const ZoneFinder::FindResult fresult =
finder.find(qname_, RRType::NSEC(), finder.find(qname_, RRType::NSEC(),
dnssec_opt_ | ZoneFinder::NO_WILDCARD); dnssec_opt_ | ZoneFinder::NO_WILDCARD);
...@@ -187,8 +189,9 @@ Query::addWildcardProof(ZoneFinder& finder, ...@@ -187,8 +189,9 @@ Query::addWildcardProof(ZoneFinder& finder,
boost::const_pointer_cast<AbstractRRset>( boost::const_pointer_cast<AbstractRRset>(
fresult.rrset), fresult.rrset),
dnssec_); dnssec_);
} else if (db_result.isNSEC3Signed() && db_result.isWildcard()) { } else if (db_result.isNSEC3Signed()) {
// case for RFC5155 Section 7.2.6 // Case for RFC5155 Section 7.2.6.
//
// Note that the closest encloser must be the immediate ancestor // Note that the closest encloser must be the immediate ancestor
// of the matching wildcard, so NSEC3 for its next closer is what // of the matching wildcard, so NSEC3 for its next closer is what
// we are expected to provided per the RFC (if this assumption isn't // we are expected to provided per the RFC (if this assumption isn't
......
...@@ -104,9 +104,10 @@ private: ...@@ -104,9 +104,10 @@ private:
void addNXDOMAINProof(isc::datasrc::ZoneFinder& finder, void addNXDOMAINProof(isc::datasrc::ZoneFinder& finder,
isc::dns::ConstRRsetPtr nsec); isc::dns::ConstRRsetPtr nsec);
/// Add NSEC RRs that prove a wildcard answer is the best one. /// Add NSEC or NSEC3 RRs that prove a wildcard answer is the best one.
/// ///
/// This corresponds to Section 3.1.3.3 of RFC 4035. /// This corresponds to Section 3.1.3.3 of RFC 4035 and Section 7.2.6
/// of RFC5155.
void addWildcardProof( void addWildcardProof(
isc::datasrc::ZoneFinder& finder, isc::datasrc::ZoneFinder& finder,
const isc::datasrc::ZoneFinder::FindResult& dbResult); const isc::datasrc::ZoneFinder::FindResult& dbResult);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment