Home Explore Help
Sign In
zorun
/
kea
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

[1584review] cleanup and comment update: removed redundant check for isWildcard.
also updated method description in .h to clarify it also handles NSEC3.

JINMEI Tatuya 13 years ago
parent
694ee39256
commit
cb086eeafa
2 changed files with 13 additions and 9 deletions
Split View Show Diff Stats
  1. 9 6
      src/bin/auth/query.cc
  2. 4 3
      src/bin/auth/query.h

+ 9 - 6
src/bin/auth/query.cc
View File 

@@ -171,10 +171,12 @@ void
 
 Query::addWildcardProof(ZoneFinder& finder,
 
                         const ZoneFinder::FindResult& db_result)
 
 {
 
-    // The query name shouldn't exist in the zone if there were no wildcard
 
-    // substitution.  Confirm that by specifying NO_WILDCARD.  It should result
 
-    // in NXDOMAIN and an NSEC RR that proves it should be returned.
 
-    if (db_result.isNSECSigned() && db_result.isWildcard()){
 
+    if (db_result.isNSECSigned()) {
 
+        // Case for RFC4035 Section 3.1.3.3.
 
+        //
 
+        // The query name shouldn't exist in the zone if there were no wildcard
 
+        // substitution.  Confirm that by specifying NO_WILDCARD.  It should
 
+        // result in NXDOMAIN and an NSEC RR that proves it should be returned.
 
         const ZoneFinder::FindResult fresult =
 
             finder.find(qname_, RRType::NSEC(),
 
                         dnssec_opt_ | ZoneFinder::NO_WILDCARD);
 
@@ -187,8 +189,9 @@ Query::addWildcardProof(ZoneFinder& finder,
 
                            boost::const_pointer_cast<AbstractRRset>(
 
                                fresult.rrset),
 
                            dnssec_);
 
-    } else if (db_result.isNSEC3Signed() && db_result.isWildcard()) {
 
-        // case for RFC5155 Section 7.2.6
 
+    } else if (db_result.isNSEC3Signed()) {
 
+        // Case for RFC5155 Section 7.2.6.
 
+        //
 
         // Note that the closest encloser must be the immediate ancestor
 
         // of the matching wildcard, so NSEC3 for its next closer is what
 
         // we are expected to provided per the RFC (if this assumption isn't

+ 4 - 3
src/bin/auth/query.h
View File 

@@ -104,9 +104,10 @@ private:
 
     void addNXDOMAINProof(isc::datasrc::ZoneFinder& finder,
 
                           isc::dns::ConstRRsetPtr nsec);
 
 
-    /// Add NSEC RRs that prove a wildcard answer is the best one.
 
+    /// Add NSEC or NSEC3 RRs that prove a wildcard answer is the best one.
 
     ///
 
-    /// This corresponds to Section 3.1.3.3 of RFC 4035.
 
+    /// This corresponds to Section 3.1.3.3 of RFC 4035 and Section 7.2.6
 
+    /// of RFC5155.
 
     void addWildcardProof(
 
         isc::datasrc::ZoneFinder& finder,
 
         const isc::datasrc::ZoneFinder::FindResult& dbResult);
 
@@ -122,7 +123,7 @@ private:
 
     /// <QNAME,QTTYPE>.
 
     void addWildcardNXRRSETProof(isc::datasrc::ZoneFinder& finder,
 
                                  isc::dns::ConstRRsetPtr nsec);
 
-    
+
 
     /// \brief Look up additional data (i.e., address records for the names
 
     /// included in NS or MX records) and add them to the additional section.
 
     ///