don't bother checking for empty nodes when searching the NSEC3 tree

this avoids a time-wasting search that could occur during an
IXFR that replaced an NSEC3 chain.

(cherry picked from commit 7192edf9c2ca7426f63f6fa23f363071dfdfbc11)

diff --git a/lib/dns/rbtdb.c b/lib/dns/rbtdb.c
index f3af3103f4e0698a468fa463ed37de71b4f94c9d..8b4e0145bf44c1bc0dc67959a0917eac3a5ac2b2 100644 (file)
--- a/lib/dns/rbtdb.c
+++ b/lib/dns/rbtdb.c
@@ -3512,7 +3512,7 @@ activeempty(rbtdb_search_t *search, dns_rbtnodechain_t *chain,
 }
 
 static inline bool
-activeemtpynode(rbtdb_search_t *search, dns_name_t *qname, dns_name_t *wname) {
+activeemptynode(rbtdb_search_t *search, dns_name_t *qname, dns_name_t *wname) {
        dns_fixedname_t fnext;
        dns_fixedname_t forigin;
        dns_fixedname_t fprev;
@@ -3736,7 +3736,7 @@ find_wildcard(rbtdb_search_t *search, dns_rbtnode_t **nodep,
                                NODE_UNLOCK(lock, isc_rwlocktype_read);
                                if (header != NULL ||
                                    activeempty(search, &wchain, wname)) {
-                                       if (activeemtpynode(search, qname,
+                                       if (activeemptynode(search, qname,
                                                            wname)) {
                                                return (ISC_R_NOTFOUND);
                                        }
@@ -4131,7 +4131,6 @@ zone_find(dns_db_t *db, dns_name_t *name, dns_dbversion_t *version,
        rdatasetheader_t *foundsig, *cnamesig, *nsecsig;
        rbtdb_rdatatype_t sigtype;
        bool active;
-       dns_rbtnodechain_t chain;
        nodelock_t *lock;
        dns_rbt_t *tree;
 
@@ -4211,8 +4210,15 @@ zone_find(dns_db_t *db, dns_name_t *name, dns_dbversion_t *version,
                                goto tree_exit;
                }
 
-               chain = search.chain;
-               active = activeempty(&search, &chain, name);
+               active = false;
+               if ((options & DNS_DBFIND_FORCENSEC3) == 0) {
+                       /*
+                        * The NSEC3 tree won't have empty nodes,
+                        * so it isn't necessary to check for them.
+                        */
+                       dns_rbtnodechain_t chain = search.chain;
+                       active = activeempty(&search, &chain, name);
+               }
 
                /*
                 * If we're here, then the name does not exist, is not