Home Explore Help
Sign In
zorun
/
kea
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

[1579] add RESULT_NSEC3_SIGNED flag if the zone is signed using nsec3 in
the response of NXDOMAIN and NXRRSET

haikuo zhang 13 years ago
parent
6e7eee31fa
commit
0b1b0da6ff
1 changed files with 26 additions and 5 deletions
Split View Show Diff Stats
  1. 26 5
      src/lib/datasrc/database.cc

+ 26 - 5
src/lib/datasrc/database.cc
View File 

@@ -812,7 +812,18 @@ DatabaseClient::Finder::findNoNameResult(const Name& name, const RRType& type,
 
                                          target)
 
 {
 
     const bool dnssec_data = ((options & FIND_DNSSEC) != 0);
 
-
 
+    //verify whether the zonefile is signed by NSEC3 method
 
+    //If the NSEC3PARAMETER type exists in the zonefile,NSEC3 is definitly used
 
+    //in this zone signature.
 
+    bool is_NSEC3 = false;
 
+    WantedTypes nsec3PARAM;
 
+    nsec3PARAM.insert(RRType::NSEC3PARAM()); 
+    const FoundRRsets NSEC3Found = getRRsets(origin_.toText(),nsec3PARAM,
 
+                                        false);
 
+    const FoundIterator nfi(NSEC3Found.second.find(RRType::NSEC3PARAM()));
 
+    if (nfi != NSEC3Found.second.end()) {
 
+        is_NSEC3 = true;
 
+    }
 
     // On entry to this method, we know that the database doesn't have any
 
     // entry for this name.  Before returning NXDOMAIN, we need to check
 
     // for special cases.
 
@@ -826,8 +837,13 @@ DatabaseClient::Finder::findNoNameResult(const Name& name, const RRType& type,
 
             arg(accessor_->getDBName()).arg(name);
 
         const ConstRRsetPtr nsec = dnssec_data ? findNSECCover(name) :
 
             ConstRRsetPtr();
 
-        return (ResultContext(NXRRSET, nsec,
 
-                              nsec ? RESULT_NSEC_SIGNED : RESULT_DEFAULT));
 
+        if (is_NSEC3 == true) {
 
+            return (ResultContext(NXRRSET, nsec,
 
+                                  nsec ? RESULT_NSEC_SIGNED : RESULT_NSEC3_SIGNED));
 
+        } else {
 
+            return (ResultContext(NXRRSET, nsec,
 
+                                  nsec ? RESULT_NSEC_SIGNED : RESULT_DEFAULT));
 
+        }
 
     } else if ((options & NO_WILDCARD) == 0) {
 
         // It's not an empty non-terminal and wildcard matching is not
 
         // disabled, so check for wildcards. If there is a wildcard match
 
@@ -846,8 +862,13 @@ DatabaseClient::Finder::findNoNameResult(const Name& name, const RRType& type,
 
               arg(accessor_->getDBName()).arg(name).arg(type).arg(getClass());
 
     const ConstRRsetPtr nsec = dnssec_data ? findNSECCover(name) :
 
         ConstRRsetPtr();
 
-    return (ResultContext(NXDOMAIN, nsec,
 
-                          nsec ? RESULT_NSEC_SIGNED : RESULT_DEFAULT));
 
+    if (is_NSEC3 == true ) {
 
+        return (ResultContext(NXDOMAIN, nsec,
 
+                              nsec ? RESULT_NSEC_SIGNED : RESULT_NSEC3_SIGNED));
 
+    } else {
 
+        return (ResultContext(NXDOMAIN, nsec,
 
+                              nsec ? RESULT_NSEC_SIGNED : RESULT_DEFAULT));
 
+    }
 
 }
 
 
 ZoneFinder::ResultContext