[1899] Allow other RRtypes in nsec3 table (for RRSIGs)

* The unique constraint on NSEC3 owner per zone is now removed
* NSEC3 RRSIGs are now returned next to their RR set
* Test was adjusted to check for RRSIGs too

src/bin/dbutil/dbutil.py.in

@@ -197,10 +197,8 @@ UPGRADES = [
 
     {'from': (2, 0), 'to': (2, 1),
      'statements': [
-            # Enforce that only one NSEC3 RR exists for an owner name in
+            "CREATE INDEX nsec3_byhash_and_rdtype ON nsec3 " +
-            # the zone.
+                "(hash, rdtype)"
-            "CREATE UNIQUE INDEX nsec3_by_zoneid_and_owner ON nsec3 " +
-                "(zone_id, owner)"
         ]
     }
 

src/lib/datasrc/sqlite3_accessor.cc

@@ -111,11 +111,9 @@ const char* const text_statements[NUM_STATEMENTS] = {
 
     // ITERATE_NSEC3:
     // The following iterates the whole zone in the nsec3 table. As the
-    // RRSIGs are for NSEC3s, we can hardcode the sigtype. As there is
+    // RRSIGs are for NSEC3s, we can hardcode the sigtype.
-    // only one RR per-owner per-zone, there's no need to order these
-    // for the sake of any post-processing.
     "SELECT rdtype, ttl, \"NSEC3\", rdata, owner FROM nsec3 "
-        "WHERE zone_id = ?1",
+        "WHERE zone_id = ?1 ORDER BY hash, rdtype",
     /*
      * This one looks for previous name with NSEC record. It is done by
      * using the reversed name. The NSEC is checked because we need to
@@ -359,8 +357,7 @@ const char* const SCHEMA_LIST[] = {
         "ttl INTEGER NOT NULL, rdtype TEXT NOT NULL COLLATE NOCASE, "
         "rdata TEXT NOT NULL)",
     "CREATE INDEX nsec3_byhash ON nsec3 (hash)",
-    // Enforce that only one NSEC3 RR exists for an owner name in the zone.
+    "CREATE INDEX nsec3_byhash_and_rdtype ON nsec3 (hash, rdtype)",
-    "CREATE UNIQUE INDEX nsec3_by_zoneid_and_owner ON nsec3 (zone_id, owner)",
     "CREATE TABLE diffs (id INTEGER PRIMARY KEY, "
         "zone_id INTEGER NOT NULL, "
         "version INTEGER NOT NULL, "

src/lib/datasrc/tests/sqlite3_accessor_unittest.cc

@@ -193,6 +193,9 @@ TEST_F(SQLite3AccessorTest, iterator) {
     checkRR(context, "www.example.org.", "3600", "A", "192.0.2.1");
     checkRR(context, "ns3.example.org.", "3600", "NSEC3",
             "1 1 12 aabbccdd 2T7B4G4VSA5SMI47K61MV5BV1A22BOJR A RRSIG");
+    checkRR(context, "ns3.example.org.", "3600", "RRSIG",
+            "NSEC3 5 3 3600 20000101000000 20000201000000 "
+            "12345 ns3.example.org. FAKEFAKEFAKE");
 
     // Check there's no other
     EXPECT_FALSE(context->getNext(data));

src/lib/python/isc/datasrc/sqlite3_ds.py

@@ -81,9 +81,7 @@ def create(cur):
                     rdtype TEXT NOT NULL COLLATE NOCASE,
                     rdata TEXT NOT NULL)""")
         cur.execute("CREATE INDEX nsec3_byhash ON nsec3 (hash)")
-        # Enforce that only one NSEC3 RR exists for an owner name in the zone.
+        cur.execute("CREATE INDEX nsec3_byhash_and_rdtype ON nsec3 (hash, rdtype)")
-        cur.execute("""CREATE UNIQUE INDEX nsec3_by_zoneid_and_owner ON nsec3
-                        (zone_id, owner)""");
         cur.execute("""CREATE TABLE diffs (id INTEGER PRIMARY KEY,
                     zone_id INTEGER NOT NULL,
                     version INTEGER NOT NULL,