mirror of
https://github.com/isc-projects/bind9.git
synced 2026-05-28 04:34:54 -04:00
Rename isdelegation() to is_insecure_referral()
The name 'isdelegation()' was confusing. This function is not checking whether this message is a delegation, but whether the denial of existence proofs in this message is a proof of a referral to an unsigned zone. The name 'is_unsecure_referral()' is more appropriate.
This commit is contained in:
Matthijs Mekking
parent
3ac1bb1c39
commit
e0f09bb374
1 changed files with 14 additions and 11 deletions
|
|
@ -245,9 +245,9 @@ validator_done(dns_validator_t *val, isc_result_t result) {
|
|||
}
|
||||
|
||||
/*%
|
||||
* The isdelegation() function is called as part of seeking the DS record.
|
||||
* Look in the NSEC or NSEC3 record returned from a DS query to see if the
|
||||
* record has the NS bitmap set. If so, we are at a delegation point.
|
||||
* The is_insecure_referral() function is called as part of seeking the DS
|
||||
* record. Look in the NSEC or NSEC3 record returned from a DS query to see if
|
||||
* the record has the NS bitmap set. If so, we are at a delegation point.
|
||||
*
|
||||
* If the response contains NSEC3 records with too high iterations, we cannot
|
||||
* (or rather we are not going to) validate the insecurity proof. Instead we
|
||||
|
|
@ -262,8 +262,9 @@ validator_done(dns_validator_t *val, isc_result_t result) {
|
|||
*\li #false the NS bitmap was not set.
|
||||
*/
|
||||
static bool
|
||||
isdelegation(dns_validator_t *val, dns_name_t *name, dns_rdataset_t *rdataset,
|
||||
isc_result_t dbresult, const char *caller) {
|
||||
is_insecure_referral(dns_validator_t *val, dns_name_t *name,
|
||||
dns_rdataset_t *rdataset, isc_result_t dbresult,
|
||||
const char *caller) {
|
||||
dns_fixedname_t fixed;
|
||||
dns_label_t hashlabel;
|
||||
dns_name_t nsec3name;
|
||||
|
|
@ -621,8 +622,9 @@ fetch_callback_ds(void *arg) {
|
|||
break;
|
||||
case DNS_R_NXRRSET:
|
||||
case DNS_R_NCACHENXRRSET:
|
||||
if (isdelegation(val, resp->foundname, &val->frdataset,
|
||||
eresult, "fetch_callback_ds"))
|
||||
if (is_insecure_referral(val, resp->foundname,
|
||||
&val->frdataset, eresult,
|
||||
"fetch_callback_ds"))
|
||||
{
|
||||
/*
|
||||
* Failed to find a DS while trying to prove
|
||||
|
|
@ -740,8 +742,9 @@ validator_callback_ds(void *arg) {
|
|||
if ((val->attributes & VALATTR_INSECURITY) != 0 &&
|
||||
val->frdataset.covers == dns_rdatatype_ds &&
|
||||
NEGATIVE(&val->frdataset) &&
|
||||
isdelegation(val, name, &val->frdataset,
|
||||
DNS_R_NCACHENXRRSET, "validator_callback_ds"))
|
||||
is_insecure_referral(val, name, &val->frdataset,
|
||||
DNS_R_NCACHENXRRSET,
|
||||
"validator_callback_ds"))
|
||||
{
|
||||
result = markanswer(val, "validator_callback_ds");
|
||||
} else if ((val->attributes & VALATTR_INSECURITY) != 0) {
|
||||
|
|
@ -3312,8 +3315,8 @@ seek_ds(dns_validator_t *val, isc_result_t *resp) {
|
|||
return ISC_R_COMPLETE;
|
||||
}
|
||||
|
||||
if (isdelegation(val, tname, &val->frdataset, result,
|
||||
"seek_ds"))
|
||||
if (is_insecure_referral(val, tname, &val->frdataset, result,
|
||||
"seek_ds"))
|
||||
{
|
||||
*resp = markanswer(val, "seek_ds (3)");
|
||||
return ISC_R_COMPLETE;
|
||||
|
|
|
|||
Loading…
Reference in a new issue