Home Explore Help
Sign In
zorun
/
kea
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

[1177] NSEC for NXDOMAIN

Just for the common one, though. Empty non-terminal and wildcards must
be solved yet.
Michal 'vorner' Vaner 13 years ago
parent
05512e090c
commit
f847a5e079
1 changed files with 30 additions and 2 deletions
Split View Show Diff Stats
  1. 30 2
      src/lib/datasrc/database.cc

+ 30 - 2
src/lib/datasrc/database.cc
View File 

@@ -326,6 +326,8 @@ DatabaseClient::Finder::find(const isc::dns::Name& name,
 
     // In case we are in GLUE_OK mode and start matching wildcards,
 
     // we can't do it under NS, so we store it here to check
 
     isc::dns::RRsetPtr first_ns;
 
+    // This is used at multiple places
 
+    static WantedTypes nsec_types(empty_types + RRType::NSEC());
 
 
     // First, do we have any kind of delegation (NS/DNAME) here?
 
     Name origin(getOrigin());
 
@@ -497,8 +499,8 @@ DatabaseClient::Finder::find(const isc::dns::Name& name,
 
                                     // However, we need to get the RRset in the
 
                                     // name of the wildcard, not the constructed
 
                                     // one, so we walk it again
 
-                                    found = getRRsets(wildcard, empty_types +
 
-                                                      RRType::NSEC(), true);
 
+                                    found = getRRsets(wildcard, nsec_types,
 
+                                                      true);
 
                                     result_rrset =
 
                                         found.second.find(RRType::NSEC())->
 
                                         second;
 
@@ -526,6 +528,32 @@ DatabaseClient::Finder::find(const isc::dns::Name& name,
 
                         break;
 
                     }
 
                 }
 
+                // This is the NXDOMAIN case (nothing found anywhere). If
 
+                // they wand DNSSEC data, try getting the NSEC record
 
+                if (dnssec_data && !records_found) {
 
+                    try {
 
+                        // Which one should contain the NSEC record?
 
+                        const Name coverName(findPreviousName(name));
 
+                        // Get the record and copy it out
 
+                        found = getRRsets(coverName, nsec_types, true);
 
+                        const FoundIterator
 
+                            nci(found.second.find(RRType::NSEC()));
 
+                        if (nci != found.second.end()) {
 
+                            result_status = NXDOMAIN;
 
+                            result_rrset = nci->second;
 
+                        } else {
 
+                            // The previous doesn't contain NSEC, bug?
 
+                            isc_throw(DataSourceError, "No NSEC in " +
 
+                                      coverName.toText() + ", but it was "
 
+                                      "returned as previous - "
 
+                                      "accessor error?");
 
+                        }
 
+                    }
 
+                    catch (const isc::NotImplemented&) {
 
+                        // Well, they want DNSSEC, but there is no available.
 
+                        // So we don't provide anything.
 
+                    }
 
+                }
 
             }
 
         } else if (dnssec_data) {
 
             // This is the "usual" NXRRSET case