Changeset 1877

Timestamp:

01/12/11 17:30:48 (2 years ago)

Author:

ahu

Message:

don't interleave DNSBackend::lookup and ::getSOA!
Plus don't add NSEC to the RRSIG set for explicit RRSIG queries for NSEC3 zones.

Files:

• trunk/pdns/pdns/packethandler.cc (modified) (6 diffs)

trunk/pdns/pdns/packethandler.cc

@@ -603 +603 @@
   
   getNSEC3Hashes(narrow, sd.db, sd.domain_id,  hashed, false, unhashed, before, after); 
-  cerr<<"Done calling for closest encloser, before='"<<toBase32Hex(before)<<"', after='"<<toBase32Hex(after)<<"'"<<endl;
+  cerr<<"Done calling for closest encloser, before='"<<toBase32Hex(before)<<"', after='"<<toBase32Hex(after)<<"', unhashed: '"<<unhashed<<"'"<<endl;
   emitNSEC3(ns3rc, sd, unhashed, before, after, target, r, mode);
 
@@ -610 +610 @@
   hashed=hashQNameWithSalt(ns3rc.d_iterations, ns3rc.d_salt, unhashed);
   getNSEC3Hashes(narrow, sd.db,sd.domain_id,  hashed, true, unhashed, before, after); 
-  cerr<<"Done calling for main, before='"<<toBase32Hex(before)<<"', after='"<<toBase32Hex(after)<<"'"<<endl;
+  cerr<<"Done calling for main, before='"<<toBase32Hex(before)<<"', after='"<<toBase32Hex(after)<<"', unhashed: '"<<unhashed<<"'"<<endl;
   emitNSEC3( ns3rc, sd, unhashed, before, after, target, r, mode);
   
@@ -618 +618 @@
   
   getNSEC3Hashes(narrow, sd.db, sd.domain_id,  hashed, true, unhashed, before, after); 
-  cerr<<"Done calling for '*', before='"<<toBase32Hex(before)<<"', after='"<<toBase32Hex(after)<<"'"<<endl;
+  cerr<<"Done calling for '*', before='"<<toBase32Hex(before)<<"', after='"<<toBase32Hex(after)<<"', unhashed: '"<<unhashed<<"'"<<endl;
   emitNSEC3( ns3rc, sd, unhashed, before, after, target, r, mode);
 }
@@ -928 +928 @@
 {
   cerr<<"Need to fake up the RRSIGs if someone asked for them explicitly"<<endl;
-  B.lookup(QType(QType::ANY), p->qdomain, p);
-  
   typedef map<uint16_t, vector<shared_ptr<DNSRecordContent> > > records_t;
   records_t records;
@@ -944 +942 @@
 
   rr.ttl=sd.default_ttl;
+  B.lookup(QType(QType::ANY), p->qdomain, p);
 
   while(B.get(rr)) {
@@ -964 +963 @@
     nrc.d_set.insert(rr.qtype.getCode());
   }
-
-  // now get the NSEC too (since we must sign it!)
-  string before,after;
-  sd.db->getBeforeAndAfterNames(sd.domain_id, sd.qname, p->qdomain, before, after); 
-
-  nrc.d_next=after;
-
-  rr.qname=p->qdomain;
-  // rr.ttl is already set.. we hope
-  rr.qtype=QType::NSEC;
-  rr.content=nrc.getZoneRepresentation();
-
-  records[QType::NSEC].push_back(shared_ptr<DNSRecordContent>(DNSRecordContent::mastermake(rr.qtype.getCode(), 1, rr.content)));
-
-  // ok, the NSEC is in..
-
+  bool narrow;
+  NSEC3PARAMRecordContent ns3pr;
+  bool doNSEC3= d_dk.getNSEC3PARAM(sd.qname, &ns3pr, &narrow);
+  if(doNSEC3) {
+    cerr<<"We don't yet add NSEC3 to explicit RRSIG queries correctly yet! (narrow="<<narrow<<")\n";
+  }
+  else {
+    // now get the NSEC too (since we must sign it!)
+    string before,after;
+    sd.db->getBeforeAndAfterNames(sd.domain_id, sd.qname, p->qdomain, before, after); 
+  
+    nrc.d_next=after;
+  
+    rr.qname=p->qdomain;
+    // rr.ttl is already set.. we hope
+    rr.qtype=QType::NSEC;
+    rr.content=nrc.getZoneRepresentation();
+    records[QType::NSEC].push_back(shared_ptr<DNSRecordContent>(DNSRecordContent::mastermake(rr.qtype.getCode(), 1, rr.content)));
+  
+    // ok, the NSEC is in..
+  }
   cerr<<"Have "<<records.size()<<" rrsets to sign"<<endl;