|
@@ -171,10 +171,12 @@ void
|
|
|
Query::addWildcardProof(ZoneFinder& finder,
|
|
|
const ZoneFinder::FindResult& db_result)
|
|
|
{
|
|
|
- // The query name shouldn't exist in the zone if there were no wildcard
|
|
|
- // substitution. Confirm that by specifying NO_WILDCARD. It should result
|
|
|
- // in NXDOMAIN and an NSEC RR that proves it should be returned.
|
|
|
- if (db_result.isNSECSigned() && db_result.isWildcard()){
|
|
|
+ if (db_result.isNSECSigned()) {
|
|
|
+ // Case for RFC4035 Section 3.1.3.3.
|
|
|
+ //
|
|
|
+ // The query name shouldn't exist in the zone if there were no wildcard
|
|
|
+ // substitution. Confirm that by specifying NO_WILDCARD. It should
|
|
|
+ // result in NXDOMAIN and an NSEC RR that proves it should be returned.
|
|
|
const ZoneFinder::FindResult fresult =
|
|
|
finder.find(qname_, RRType::NSEC(),
|
|
|
dnssec_opt_ | ZoneFinder::NO_WILDCARD);
|
|
@@ -187,8 +189,9 @@ Query::addWildcardProof(ZoneFinder& finder,
|
|
|
boost::const_pointer_cast<AbstractRRset>(
|
|
|
fresult.rrset),
|
|
|
dnssec_);
|
|
|
- } else if (db_result.isNSEC3Signed() && db_result.isWildcard()) {
|
|
|
- // case for RFC5155 Section 7.2.6
|
|
|
+ } else if (db_result.isNSEC3Signed()) {
|
|
|
+ // Case for RFC5155 Section 7.2.6.
|
|
|
+ //
|
|
|
// Note that the closest encloser must be the immediate ancestor
|
|
|
// of the matching wildcard, so NSEC3 for its next closer is what
|
|
|
// we are expected to provided per the RFC (if this assumption isn't
|