reason for "expected covering NSEC3, got an exact match" ?
Mark Andrews
marka at isc.org
Sun Jul 18 13:02:27 UTC 2010
It's cosmetic. The final NSEC3 record proves the non-existance
of the data or wildcard. With a nodata response we should be
expecting the record. The following has been compiled but otherwise
has not been tested.
Mark
Index: bin/named/query.c
===================================================================
RCS file: /proj/cvs/prod/bind9/bin/named/query.c,v
retrieving revision 1.335.8.3.6.3
diff -u -r1.335.8.3.6.3 query.c
--- bin/named/query.c 15 Jul 2010 01:38:15 -0000 1.335.8.3.6.3
+++ bin/named/query.c 18 Jul 2010 12:55:55 -0000
@@ -2799,7 +2799,7 @@
static void
query_addwildcardproof(ns_client_t *client, dns_db_t *db,
dns_dbversion_t *version, dns_name_t *name,
- isc_boolean_t ispositive)
+ isc_boolean_t ispositive, isc_boolean_t nodata)
{
isc_buffer_t *dbuf, b;
dns_name_t *fname;
@@ -2987,7 +2987,7 @@
goto cleanup;
query_findclosestnsec3(wname, db, NULL, client, rdataset,
- sigrdataset, fname, ISC_FALSE, NULL);
+ sigrdataset, fname, nodata, NULL);
if (!dns_rdataset_isassociated(rdataset))
goto cleanup;
query_addrrset(client, &fname, &rdataset, &sigrdataset,
@@ -3090,7 +3090,7 @@
/* XXX */
query_addwildcardproof(client, db, version, client->query.qname,
- ISC_TRUE);
+ ISC_TRUE, ISC_FALSE);
/*
* We'll need some resources...
@@ -4318,7 +4318,7 @@
query_releasename(client, &fname);
query_addwildcardproof(client, db, version,
client->query.qname,
- ISC_FALSE);
+ ISC_FALSE, ISC_TRUE);
}
}
if (dns_rdataset_isassociated(rdataset)) {
@@ -4407,7 +4407,8 @@
&sigrdataset,
NULL, DNS_SECTION_AUTHORITY);
query_addwildcardproof(client, db, version,
- client->query.qname, ISC_FALSE);
+ client->query.qname, ISC_FALSE,
+ ISC_FALSE);
}
/*
@@ -4972,7 +4973,7 @@
if (need_wildcardproof && dns_db_issecure(db))
query_addwildcardproof(client, db, version,
dns_fixedname_name(&wildcardname),
- ISC_TRUE);
+ ISC_TRUE, ISC_FALSE);
cleanup:
CTRACE("query_find: cleanup");
/*
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the bind-users
mailing list