Commit cb404986 authored by Michal 'vorner' Vaner's avatar Michal 'vorner' Vaner
Browse files

[1581] Implement the returning of NXRRSET NSEC3 proof

parent 66a1a1ac
......@@ -236,6 +236,17 @@ Query::addNXRRsetProof(ZoneFinder& finder,
if (db_result.isWildcard()) {
addWildcardNXRRSETProof(finder, db_result.rrset);
}
} else if (db_result.isNSEC3Signed()) {
ZoneFinder::FindNSEC3Result result(finder.findNSEC3(qname_, false));
if (result.matched) {
response_.addRRset(Message::SECTION_AUTHORITY,
boost::const_pointer_cast<AbstractRRset>(
result.closest_proof), dnssec_);
} else {
isc_throw(BadNSEC3, "No NSEC3 found for existing domain " <<
qname_.toText());
}
}
}
......
......@@ -270,6 +270,17 @@ public:
{}
};
/// An invalid result is given when a valid NSEC3 is expected
///
/// This can only happen when the underlying data source implementation or
/// the zone is broken. By throwing an exception we treat such cases
/// as SERVFAIL.
struct BadNSEC3 : public BadZone {
BadNSEC3(const char* file, size_t line, const char* what) :
BadZone(file, line, what)
{}
};
/// An invalid result is given when a valid DS records (or NXRRSET) is
/// expected
///
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment