From: Jelte Jansen Date: Thu, 29 Sep 2005 11:29:16 +0000 (+0000) Subject: don't create NSECs for glue X-Git-Tag: release-1.0.0~97 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=43c8ec42b0b24d1f3afdf3e76660eaeece4ee162;p=thirdparty%2Fldns.git don't create NSECs for glue --- diff --git a/dnssec.c b/dnssec.c index cce34199..9e75b506 100644 --- a/dnssec.c +++ b/dnssec.c @@ -1153,7 +1153,9 @@ ldns_zone_sign(ldns_zone *zone, ldns_key_list *key_list) ldns_rr_list *pubkeys; ldns_rr_list *glue_rrs; + ldns_rdf *start_dname = NULL; ldns_rdf *cur_dname = NULL; + ldns_rr *next_rr = NULL; ldns_rdf *next_dname = NULL; ldns_rr *nsec; ldns_rr *ckey; @@ -1191,17 +1193,36 @@ ldns_zone_sign(ldns_zone *zone, ldns_key_list *key_list) /* add nsecs */ for (i = 0; i < ldns_rr_list_rr_count(orig_zone_rrs); i++) { cur_dname = ldns_rr_owner(ldns_rr_list_rr(orig_zone_rrs, i)); + if (!start_dname) { + start_dname = cur_dname; + } if (i < ldns_rr_list_rr_count(orig_zone_rrs) - 1) { - next_dname = ldns_rr_owner(ldns_rr_list_rr(orig_zone_rrs, i+1)); + next_rr = ldns_rr_list_rr(orig_zone_rrs, i + 1); + next_dname = ldns_rr_owner(next_rr); } else { - next_dname = ldns_rr_owner(ldns_zone_soa(zone)); + next_rr = ldns_zone_soa(zone); + next_dname = ldns_rr_owner(next_rr); } ldns_rr_list_push_rr(signed_zone_rrs, ldns_rr_list_rr(orig_zone_rrs, i)); if (ldns_rdf_compare(cur_dname, next_dname) != 0) { - nsec = ldns_create_nsec(cur_dname, - next_dname, - orig_zone_rrs); - ldns_rr_list_push_rr(signed_zone_rrs, nsec); + /* skip glue */ + if (ldns_rr_list_contains_rr(glue_rrs, next_rr)) { + cur_dname = next_dname; +printf("glue nsec pointer: __"); +ldns_rdf_print(stdout, cur_dname); +printf("__\n"); + } else { +printf("Creating NSEC for "); +ldns_rdf_print(stdout, start_dname); +printf(" to "); +ldns_rdf_print(stdout, next_dname); +printf("\n"); + nsec = ldns_create_nsec(start_dname, + next_dname, + orig_zone_rrs); + ldns_rr_list_push_rr(signed_zone_rrs, nsec); + start_dname = next_dname; + } } } ldns_rr_list_free(orig_zone_rrs);