reason for "expected covering NSEC3, got an exact match" ?

Mark Andrews marka at isc.org
Sun Jul 18 13:02:27 UTC 2010 

It's cosmetic.  The final NSEC3 record proves the non-existance
of the data or wildcard.  With a nodata response we should be
expecting the record.  The following has been compiled but otherwise
has not been tested.

Mark

Index: bin/named/query.c
===================================================================
RCS file: /proj/cvs/prod/bind9/bin/named/query.c,v
retrieving revision 1.335.8.3.6.3
diff -u -r1.335.8.3.6.3 query.c
--- bin/named/query.c	15 Jul 2010 01:38:15 -0000	1.335.8.3.6.3
+++ bin/named/query.c	18 Jul 2010 12:55:55 -0000
@@ -2799,7 +2799,7 @@
 static void
 query_addwildcardproof(ns_client_t *client, dns_db_t *db,
 		       dns_dbversion_t *version, dns_name_t *name,
-		       isc_boolean_t ispositive)
+		       isc_boolean_t ispositive, isc_boolean_t nodata)
 {
 	isc_buffer_t *dbuf, b;
 	dns_name_t *fname;
@@ -2987,7 +2987,7 @@
 			goto cleanup;
 
 		query_findclosestnsec3(wname, db, NULL, client, rdataset,
-				       sigrdataset, fname, ISC_FALSE, NULL);
+				       sigrdataset, fname, nodata, NULL);
 		if (!dns_rdataset_isassociated(rdataset))
 			goto cleanup;
 		query_addrrset(client, &fname, &rdataset, &sigrdataset,
@@ -3090,7 +3090,7 @@
 
 	/* XXX */
 	query_addwildcardproof(client, db, version, client->query.qname,
-			       ISC_TRUE);
+			       ISC_TRUE, ISC_FALSE);
 
 	/*
 	 * We'll need some resources...
@@ -4318,7 +4318,7 @@
 				query_releasename(client, &fname);
 				query_addwildcardproof(client, db, version,
 						       client->query.qname,
-						       ISC_FALSE);
+						       ISC_FALSE, ISC_TRUE);
 			}
 		}
 		if (dns_rdataset_isassociated(rdataset)) {
@@ -4407,7 +4407,8 @@
 					       &sigrdataset,
 					       NULL, DNS_SECTION_AUTHORITY);
 			query_addwildcardproof(client, db, version,
-					       client->query.qname, ISC_FALSE);
+					       client->query.qname, ISC_FALSE,
+					       ISC_FALSE);
 		}
 
 		/*
@@ -4972,7 +4973,7 @@
 	if (need_wildcardproof && dns_db_issecure(db))
 		query_addwildcardproof(client, db, version,
 				       dns_fixedname_name(&wildcardname),
-				       ISC_TRUE);
+				       ISC_TRUE, ISC_FALSE);
  cleanup:
 	CTRACE("query_find: cleanup");
 	/*
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org

More information about the bind-users mailing list