diff --git a/lib/dns/include/dns/db.h b/lib/dns/include/dns/db.h index ccb562cd41..4b218e484a 100644 --- a/lib/dns/include/dns/db.h +++ b/lib/dns/include/dns/db.h @@ -221,8 +221,10 @@ struct dns_db { ISC_LIST(dns_dbonupdatelistener_t) update_listeners; }; -#define DNS_DBATTR_CACHE 0x01 -#define DNS_DBATTR_STUB 0x02 +enum { + DNS_DBATTR_CACHE = 1 << 0, + DNS_DBATTR_STUB = 1 << 1, +}; struct dns_dbonupdatelistener { dns_dbupdate_callback_t onupdate; @@ -234,16 +236,16 @@ struct dns_dbonupdatelistener { /*% * Options that can be specified for dns_db_find(). */ -#define DNS_DBFIND_GLUEOK 0x0001 -#define DNS_DBFIND_VALIDATEGLUE 0x0002 -#define DNS_DBFIND_NOWILD 0x0004 -#define DNS_DBFIND_PENDINGOK 0x0008 -#define DNS_DBFIND_NOEXACT 0x0010 -#define DNS_DBFIND_FORCENSEC 0x0020 -#define DNS_DBFIND_COVERINGNSEC 0x0040 -#define DNS_DBFIND_FORCENSEC3 0x0080 -#define DNS_DBFIND_ADDITIONALOK 0x0100 -#define DNS_DBFIND_NOZONECUT 0x0200 +enum { + DNS_DBFIND_GLUEOK = 1 << 0, + DNS_DBFIND_NOWILD = 1 << 1, + DNS_DBFIND_PENDINGOK = 1 << 2, + DNS_DBFIND_NOEXACT = 1 << 3, + DNS_DBFIND_COVERINGNSEC = 1 << 4, + DNS_DBFIND_FORCENSEC3 = 1 << 5, + DNS_DBFIND_ADDITIONALOK = 1 << 6, + DNS_DBFIND_NOZONECUT = 1 << 7, +}; /* * DNS_DBFIND_STALEOK: This flag is set when BIND fails to refresh a RRset due @@ -785,11 +787,6 @@ dns__db_findext(dns_db_t *db, const dns_name_t *name, dns_dbversion_t *version, * and working up to the zone origin. This option is only meaningful * when querying redirect zones. * - * \li If the #DNS_DBFIND_FORCENSEC option is set, the database is assumed to - * have NSEC records, and these will be returned when appropriate. This - * is only necessary when querying a database that was not secure - * when created. - * * \li If the DNS_DBFIND_COVERINGNSEC option is set, then look for a * NSEC record that potentially covers 'name' if a answer cannot * be found. Note the returned NSEC needs to be checked to ensure diff --git a/lib/dns/rbtdb.c b/lib/dns/rbtdb.c index f8d3d7e55c..c92491bc91 100644 --- a/lib/dns/rbtdb.c +++ b/lib/dns/rbtdb.c @@ -3231,60 +3231,6 @@ setup_delegation(rbtdb_search_t *search, dns_dbnode_t **nodep, return (DNS_R_DELEGATION); } -static bool -valid_glue(rbtdb_search_t *search, dns_name_t *name, rbtdb_rdatatype_t type, - dns_rbtnode_t *node) { - unsigned char *raw; /* RDATASLAB */ - unsigned int count, size; - dns_name_t ns_name; - bool valid = false; - dns_offsets_t offsets; - isc_region_t region; - - /* - * No additional locking is required. - */ - - /* - * Valid glue types are A, AAAA, A6. NS is also a valid glue type - * if it occurs at a zone cut, but is not valid below it. - */ - if (type == dns_rdatatype_ns) { - if (node != search->zonecut) { - return (false); - } - } else if (type != dns_rdatatype_a && type != dns_rdatatype_aaaa && - type != dns_rdatatype_a6) - { - return (false); - } - - raw = raw_from_header(search->zonecut_rdataset); - count = raw[0] * 256 + raw[1]; - raw += DNS_RDATASET_COUNT + DNS_RDATASET_LENGTH; - - while (count > 0) { - count--; - size = raw[0] * 256 + raw[1]; - raw += DNS_RDATASET_ORDER + DNS_RDATASET_LENGTH; - region.base = raw; - region.length = size; - raw += size; - /* - * XXX Until we have rdata structures, we have no choice but - * to directly access the rdata format. - */ - dns_name_init(&ns_name, offsets); - dns_name_fromregion(&ns_name, ®ion); - if (dns_name_compare(&ns_name, name) == 0) { - valid = true; - break; - } - } - - return (valid); -} - static bool activeempty(rbtdb_search_t *search, dns_rbtnodechain_t *chain, const dns_name_t *name) { @@ -4093,7 +4039,6 @@ zone_find(dns_db_t *db, const dns_name_t *name, dns_dbversion_t *version, */ if ((search.rbtversion->secure == dns_db_secure && !search.rbtversion->havensec3) || - (search.options & DNS_DBFIND_FORCENSEC) != 0 || (search.options & DNS_DBFIND_FORCENSEC3) != 0) { result = find_closest_nsec( @@ -4379,24 +4324,13 @@ found: } goto tree_exit; } - if ((search.options & DNS_DBFIND_FORCENSEC) != 0 && - nsecheader == NULL) - { - /* - * There's no NSEC record, and we were told - * to find one. - */ - result = DNS_R_BADDB; - goto node_exit; - } if (nodep != NULL) { new_reference(search.rbtdb, node, nlocktype DNS__DB_FLARG_PASS); *nodep = node; } if ((search.rbtversion->secure == dns_db_secure && - !search.rbtversion->havensec3) || - (search.options & DNS_DBFIND_FORCENSEC) != 0) + !search.rbtversion->havensec3)) { bind_rdataset(search.rbtdb, node, nsecheader, 0, nlocktype, rdataset DNS__DB_FLARG_PASS); @@ -4451,23 +4385,6 @@ found: } else { result = DNS_R_GLUE; } - /* - * We might have found data that isn't glue, but was occluded - * by a dynamic update. If the caller cares about this, they - * will have told us to validate glue. - * - * XXX We should cache the glue validity state! - */ - if (result == DNS_R_GLUE && - (search.options & DNS_DBFIND_VALIDATEGLUE) != 0 && - !valid_glue(&search, foundname, type, node)) - { - NODE_UNLOCK(lock, &nlocktype); - result = setup_delegation( - &search, nodep, foundname, rdataset, - sigrdataset DNS__DB_FLARG_PASS); - goto tree_exit; - } } else { /* * An ordinary successful query!