Commit fb231755 authored by JINMEI Tatuya's avatar JINMEI Tatuya
Browse files

[1579] cleanup: FINAL_TYPES_NO_NSEC & findNSECCover are now unused and removed.

the latter has been merged to getDNSSECRRset().  doxygen comments were
also merged.
parent 52e97185
......@@ -364,58 +364,6 @@ FINAL_TYPES() {
}
return (result);
}
const WantedTypes&
FINAL_TYPES_NO_NSEC() {
static bool initialized(false);
static WantedTypes result;
if (!initialized) {
result.insert(RRType::CNAME());
result.insert(RRType::NS());
initialized = true;
}
return (result);
}
}
ConstRRsetPtr
DatabaseClient::Finder::findNSECCover(const Name& name) {
try {
// Which one should contain the NSEC record?
const Name coverName(findPreviousName(name));
// Get the record and copy it out
const FoundRRsets found = getRRsets(coverName.toText(), NSEC_TYPES(),
coverName != getOrigin());
const FoundIterator
nci(found.second.find(RRType::NSEC()));
if (nci != found.second.end()) {
return (nci->second);
} else {
// The previous doesn't contain NSEC.
// Badly signed zone or a bug?
// FIXME: Currently, if the zone is not signed, we could get
// here. In that case we can't really throw, but for now, we can't
// recognize it. So we don't throw at all, enable it once
// we have a is_signed flag or something.
#if 0
isc_throw(DataSourceError, "No NSEC in " +
coverName.toText() + ", but it was "
"returned as previous - "
"accessor error? Badly signed zone?");
#endif
}
}
catch (const isc::NotImplemented&) {
// Well, they want DNSSEC, but there is no available.
// So we don't provide anything.
LOG_INFO(logger, DATASRC_DATABASE_COVER_NSEC_UNSUPPORTED).
arg(accessor_->getDBName()).arg(name);
}
// We didn't find it, return nothing
return (ConstRRsetPtr());
}
ZoneFinderContextPtr
......
......@@ -877,9 +877,18 @@ public:
/// it should return RESULT_DEFAULT.
ZoneFinder::FindResultFlags getResultFlags();
/// \brief Get the needed NSEC RRset.
/// \brief Get DNSSEC negative proof for a given name.
///
/// It should return the needed NSEC RRset.
/// If the zone is considered NSEC-signed and the context
/// requested DNSSEC proofs, this method tries to find NSEC RRs
/// for the give name. If \c covering is true, it means a
/// "no name" proof is requested, so it calls findPreviousName on
/// the given name and extracts an NSEC record on the result;
/// otherwise it tries to get NSEC RRs for the given name. If
/// the NSEC is found, this method returns it; otherwise it returns
/// NULL.
///
/// In all other cases this method simply returns NULL.
///
/// \param name The name which the NSEC RRset belong to.
/// \param covering true if a covering NSEC is required; false if
......@@ -1184,13 +1193,6 @@ public:
/// \return true if the name has subdomains, false if not.
bool hasSubdomains(const std::string& name);
/// \brief Get the NSEC covering a name.
///
/// This one calls findPreviousName on the given name and extracts an
/// NSEC record on the result. It handles various error cases. The
/// method exists to share code present at more than one location.
dns::ConstRRsetPtr findNSECCover(const dns::Name& name);
/// \brief Convenience type shortcut.
///
/// To find stuff in the result of getRRsets.
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment