don't bother checking for empty nodes when searching the NSEC3 tree

this avoids a time-wasting search that could occur during an
IXFR that replaced an NSEC3 chain.

diff --git a/lib/dns/rbtdb.c b/lib/dns/rbtdb.c
index 2e268c7f769f160db17d3ca4c5173233b4d825c5..5926eed3703cd6be5f7dd48a3dbbae519e5a2e74 100644 (file)
--- a/lib/dns/rbtdb.c
+++ b/lib/dns/rbtdb.c
@@ -3273,7 +3273,7 @@ activeempty(rbtdb_search_t *search, dns_rbtnodechain_t *chain,
 }
 
 static inline bool
-activeemtpynode(rbtdb_search_t *search, const dns_name_t *qname,
+activeemptynode(rbtdb_search_t *search, const dns_name_t *qname,
                dns_name_t *wname) {
        dns_fixedname_t fnext;
        dns_fixedname_t forigin;
@@ -3504,7 +3504,7 @@ find_wildcard(rbtdb_search_t *search, dns_rbtnode_t **nodep,
                                NODE_UNLOCK(lock, isc_rwlocktype_read);
                                if (header != NULL ||
                                    activeempty(search, &wchain, wname)) {
-                                       if (activeemtpynode(search, qname,
+                                       if (activeemptynode(search, qname,
                                                            wname)) {
                                                return (ISC_R_NOTFOUND);
                                        }
@@ -3908,7 +3908,6 @@ zone_find(dns_db_t *db, const dns_name_t *name, dns_dbversion_t *version,
        rdatasetheader_t *foundsig, *cnamesig, *nsecsig;
        rbtdb_rdatatype_t sigtype;
        bool active;
-       dns_rbtnodechain_t chain;
        nodelock_t *lock;
        dns_rbt_t *tree;
 
@@ -3986,8 +3985,15 @@ zone_find(dns_db_t *db, const dns_name_t *name, dns_dbversion_t *version,
                        }
                }
 
-               chain = search.chain;
-               active = activeempty(&search, &chain, name);
+               active = false;
+               if ((options & DNS_DBFIND_FORCENSEC3) == 0) {
+                       /*
+                        * The NSEC3 tree won't have empty nodes,
+                        * so it isn't necessary to check for them.
+                        */
+                       dns_rbtnodechain_t chain = search.chain;
+                       active = activeempty(&search, &chain, name);
+               }
 
                /*
                 * If we're here, then the name does not exist, is not