more ways to wrap an nsec3

author bert hubert <bert.hubert@netherlabs.nl>

Fri, 1 Jul 2016 10:16:56 +0000 (12:16 +0200)

committer bert hubert <bert.hubert@netherlabs.nl>

Fri, 1 Jul 2016 10:16:56 +0000 (12:16 +0200)
author bert hubert <bert.hubert@netherlabs.nl>
Fri, 1 Jul 2016 10:16:56 +0000 (12:16 +0200)
committer bert hubert <bert.hubert@netherlabs.nl>
Fri, 1 Jul 2016 10:16:56 +0000 (12:16 +0200)
diff --git a/pdns/validate.cc b/pdns/validate.cc

index ee326b321a5ec4385073e820c1c695096a213614..b5e126d5f7d1ef70b0a279fc0d294c9d1ddc979d 100644 (file)
--- a/pdns/validate.cc
+++ b/pdns/validate.cc
@@ -405,7 +405,8 @@ vState getKeysFor(DNSRecordOracle& dro, const DNSName& zone, keyset_t &keyset)
                LOG("\tquery hash: "<<toBase32Hex(h)<<endl);
                string beginHash=fromBase32Hex(v.first.first.getRawLabels()[0]);
                if( (beginHash < h && h < nsec3->d_nexthash) ||
-                  (nsec3->d_nexthash > h  && beginHash > nsec3->d_nexthash) ||  //wrap
+                  (nsec3->d_nexthash > h  && beginHash > nsec3->d_nexthash) ||  // wrap // HASH --- END --- BEGINNING
+                  (nsec3->d_nexthash < beginHash  && beginHash < h) ||  // wrap other case // END -- BEGINNING -- HASH
                    beginHash == nsec3->d_nexthash)  // "we have only 1 NSEC3 record, LOL!"  
                {
                  LOG("Denies existence of DS!"<<endl);
author	bert hubert <bert.hubert@netherlabs.nl>
	Fri, 1 Jul 2016 10:16:56 +0000 (12:16 +0200)
committer	bert hubert <bert.hubert@netherlabs.nl>
	Fri, 1 Jul 2016 10:16:56 +0000 (12:16 +0200)