[1899] Allow other RRtypes in nsec3 table (for RRSIGs)

* The unique constraint on NSEC3 owner per zone is now removed * NSEC3 RRSIGs are now returned next to their RR set * Test was adjusted to check for RRSIGs too
2025-08-31 05:55:28 +00:00 · 2012-10-08 12:36:20 +05:30
parent 13089ae122
commit f7c0410f7d
6 changed files with 9 additions and 13 deletions
--- a/src/bin/dbutil/dbutil.py.in
+++ b/src/bin/dbutil/dbutil.py.in
@@ -197,10 +197,8 @@ UPGRADES = [

    {'from': (2, 0), 'to': (2, 1),
     'statements': [
-            # Enforce that only one NSEC3 RR exists for an owner name in
-            # the zone.
-            "CREATE UNIQUE INDEX nsec3_by_zoneid_and_owner ON nsec3 " +
-                "(zone_id, owner)"
+            "CREATE INDEX nsec3_byhash_and_rdtype ON nsec3 " +
+                "(hash, rdtype)"
        ]
    }

--- a/src/bin/dbutil/tests/testdata/v2_1.sqlite3
+++ b/src/bin/dbutil/tests/testdata/v2_1.sqlite3
--- a/src/lib/datasrc/sqlite3_accessor.cc
+++ b/src/lib/datasrc/sqlite3_accessor.cc
@@ -111,11 +111,9 @@ const char* const text_statements[NUM_STATEMENTS] = {

    // ITERATE_NSEC3:
    // The following iterates the whole zone in the nsec3 table. As the
-    // RRSIGs are for NSEC3s, we can hardcode the sigtype. As there is
-    // only one RR per-owner per-zone, there's no need to order these
-    // for the sake of any post-processing.
+    // RRSIGs are for NSEC3s, we can hardcode the sigtype.
    "SELECT rdtype, ttl, \"NSEC3\", rdata, owner FROM nsec3 "
-        "WHERE zone_id = ?1",
+        "WHERE zone_id = ?1 ORDER BY hash, rdtype",
    /*
     * This one looks for previous name with NSEC record. It is done by
     * using the reversed name. The NSEC is checked because we need to
@@ -359,8 +357,7 @@ const char* const SCHEMA_LIST[] = {
        "ttl INTEGER NOT NULL, rdtype TEXT NOT NULL COLLATE NOCASE, "
        "rdata TEXT NOT NULL)",
    "CREATE INDEX nsec3_byhash ON nsec3 (hash)",
-    // Enforce that only one NSEC3 RR exists for an owner name in the zone.
-    "CREATE UNIQUE INDEX nsec3_by_zoneid_and_owner ON nsec3 (zone_id, owner)",
+    "CREATE INDEX nsec3_byhash_and_rdtype ON nsec3 (hash, rdtype)",
    "CREATE TABLE diffs (id INTEGER PRIMARY KEY, "
        "zone_id INTEGER NOT NULL, "
        "version INTEGER NOT NULL, "
--- a/src/lib/datasrc/tests/sqlite3_accessor_unittest.cc
+++ b/src/lib/datasrc/tests/sqlite3_accessor_unittest.cc
@@ -193,6 +193,9 @@ TEST_F(SQLite3AccessorTest, iterator) {
    checkRR(context, "www.example.org.", "3600", "A", "192.0.2.1");
    checkRR(context, "ns3.example.org.", "3600", "NSEC3",
            "1 1 12 aabbccdd 2T7B4G4VSA5SMI47K61MV5BV1A22BOJR A RRSIG");
+    checkRR(context, "ns3.example.org.", "3600", "RRSIG",
+            "NSEC3 5 3 3600 20000101000000 20000201000000 "
+            "12345 ns3.example.org. FAKEFAKEFAKE");

    // Check there's no other
    EXPECT_FALSE(context->getNext(data));
--- a/src/lib/datasrc/tests/testdata/example.org.sqlite3
+++ b/src/lib/datasrc/tests/testdata/example.org.sqlite3
--- a/src/lib/python/isc/datasrc/sqlite3_ds.py
+++ b/src/lib/python/isc/datasrc/sqlite3_ds.py
@@ -81,9 +81,7 @@ def create(cur):
                    rdtype TEXT NOT NULL COLLATE NOCASE,
                    rdata TEXT NOT NULL)""")
        cur.execute("CREATE INDEX nsec3_byhash ON nsec3 (hash)")
-        # Enforce that only one NSEC3 RR exists for an owner name in the zone.
-        cur.execute("""CREATE UNIQUE INDEX nsec3_by_zoneid_and_owner ON nsec3
-                        (zone_id, owner)""");
+        cur.execute("CREATE INDEX nsec3_byhash_and_rdtype ON nsec3 (hash, rdtype)")
        cur.execute("""CREATE TABLE diffs (id INTEGER PRIMARY KEY,
                    zone_id INTEGER NOT NULL,
                    version INTEGER NOT NULL,