don't bother checking for empty nodes when searching the NSEC3 tree

this avoids a time-wasting search that could occur during an
IXFR that replaced an NSEC3 chain.

(cherry picked from commit 7192edf9c2ca7426f63f6fa23f363071dfdfbc11)

diff --git a/lib/dns/rbtdb.c b/lib/dns/rbtdb.c
index d6d0e87a80a70be6468a0fcb5801a22176bd24d3..fa56ce52909b4d48816f0f90faef141ed1fe71a0 100644 (file)
--- a/lib/dns/rbtdb.c
+++ b/lib/dns/rbtdb.c
@@ -3274,7 +3274,7 @@ activeempty(rbtdb_search_t *search, dns_rbtnodechain_t *chain,
 }
 
 static inline bool
-activeemtpynode(rbtdb_search_t *search, const dns_name_t *qname,
+activeemptynode(rbtdb_search_t *search, const dns_name_t *qname,
                dns_name_t *wname) {
        dns_fixedname_t fnext;
        dns_fixedname_t forigin;
@@ -3505,7 +3505,7 @@ find_wildcard(rbtdb_search_t *search, dns_rbtnode_t **nodep,
                                NODE_UNLOCK(lock, isc_rwlocktype_read);
                                if (header != NULL ||
                                    activeempty(search, &wchain, wname)) {
-                                       if (activeemtpynode(search, qname,
+                                       if (activeemptynode(search, qname,
                                                            wname)) {
                                                return (ISC_R_NOTFOUND);
                                        }
@@ -3909,7 +3909,6 @@ zone_find(dns_db_t *db, const dns_name_t *name, dns_dbversion_t *version,
        rdatasetheader_t *foundsig, *cnamesig, *nsecsig;
        rbtdb_rdatatype_t sigtype;
        bool active;
-       dns_rbtnodechain_t chain;
        nodelock_t *lock;
        dns_rbt_t *tree;
 
@@ -3987,8 +3986,15 @@ zone_find(dns_db_t *db, const dns_name_t *name, dns_dbversion_t *version,
                        }
                }
 
-               chain = search.chain;
-               active = activeempty(&search, &chain, name);
+               active = false;
+               if ((options & DNS_DBFIND_FORCENSEC3) == 0) {
+                       /*
+                        * The NSEC3 tree won't have empty nodes,
+                        * so it isn't necessary to check for them.
+                        */
+                       dns_rbtnodechain_t chain = search.chain;
+                       active = activeempty(&search, &chain, name);
+               }
 
                /*
                 * If we're here, then the name does not exist, is not