← Back to branch summary

~ubuntu-branches/ubuntu/oneiric/bind9/oneiric-updates

« back to all changes in this revision

Viewing changes to lib/dns/nsec3.c

  • Committer: Bazaar Package Importer
  • Author(s): LaMont Jones, Internet Software Consortium, Inc, LaMont Jones
  • Date: 2009-11-30 21:07:58 UTC
  • mfrom: (1.8.1 upstream)
  • mto: This revision was merged to the branch mainline in revision 17.
  • Revision ID: james.westby@ubuntu.com-20091130210758-3yyxniwz0dzzo3jw
Tags: 1:9.7.0.dfsg~b3-1
[Internet Software Consortium, Inc]

* 9.7.0b3

[LaMont Jones]

* Merge remote branch 'origin/master'
* soname changes

Show diffs side-by-side

added added

removed removed

Lines of Context:
lib/dns/nsec3.c
14
14
 * PERFORMANCE OF THIS SOFTWARE.
15
15
 */
16
16
 
17
 
/* $Id: nsec3.c,v 1.10 2009/10/08 23:48:10 tbox Exp $ */
 
17
/* $Id: nsec3.c,v 1.12 2009/11/03 23:48:23 tbox Exp $ */
18
18
 
19
19
#include <config.h>
20
20
 
88
88
        unsigned int i, window;
89
89
        int octet;
90
90
        isc_boolean_t found;
 
91
        isc_boolean_t found_ns;
 
92
        isc_boolean_t need_rrsig;
91
93
 
92
94
        unsigned char *nsec_bits, *bm;
93
95
        unsigned int max_type;
141
143
        result = dns_db_allrdatasets(db, node, version, 0, &rdsiter);
142
144
        if (result != ISC_R_SUCCESS)
143
145
                return (result);
144
 
        found = ISC_FALSE;
 
146
        found = found_ns = need_rrsig = ISC_FALSE;
145
147
        for (result = dns_rdatasetiter_first(rdsiter);
146
148
             result == ISC_R_SUCCESS;
147
149
             result = dns_rdatasetiter_next(rdsiter))
153
155
                        if (rdataset.type > max_type)
154
156
                                max_type = rdataset.type;
155
157
                        set_bit(bm, rdataset.type, 1);
156
 
                        /* Don't set RRSIG for insecure delegation. */
157
 
                        if (rdataset.type != dns_rdatatype_ns)
 
158
                        /*
 
159
                         * Work out if we need to set the RRSIG bit for
 
160
                         * this node.  We set the RRSIG bit if either of
 
161
                         * the following conditions are met:
 
162
                         * 1) We have a SOA or DS then we need to set
 
163
                         *    the RRSIG bit as both always will be signed.
 
164
                         * 2) We set the RRSIG bit if we don't have
 
165
                         *    a NS record but do have other data.
 
166
                         */
 
167
                        if (rdataset.type == dns_rdatatype_soa ||
 
168
                            rdataset.type == dns_rdatatype_ds)
 
169
                                need_rrsig = ISC_TRUE;
 
170
                        else if (rdataset.type == dns_rdatatype_ns)
 
171
                                found_ns = ISC_TRUE;
 
172
                        else
158
173
                                found = ISC_TRUE;
159
174
                }
160
175
                dns_rdataset_disassociate(&rdataset);
161
176
        }
162
 
        if (found) {
 
177
        if ((found && !found_ns) || need_rrsig) {
163
178
                if (dns_rdatatype_rrsig > max_type)
164
179
                        max_type = dns_rdatatype_rrsig;
165
180
                set_bit(bm, dns_rdatatype_rrsig, 1);