remove unused DNS_DBFIND options

the DNS_DBFIND_VALIDATEGLUE and DNS_DBFIND_FORCENSEC options
were never set, so the code implementing them (which in the case
of _VALIDATEGLUE appears to have been quite outdated anyway) was
never reached. they have now been removed.

diff --git a/lib/dns/include/dns/db.h b/lib/dns/include/dns/db.h
index ccb562cd417e97b42ea445347f255af4a9e68fbc..4b218e484a8e5f911597ad96e1b7f158ed161532 100644 (file)
--- a/lib/dns/include/dns/db.h
+++ b/lib/dns/include/dns/db.h
@@ -221,8 +221,10 @@ struct dns_db {
        ISC_LIST(dns_dbonupdatelistener_t) update_listeners;
 };
 
-#define DNS_DBATTR_CACHE 0x01
-#define DNS_DBATTR_STUB         0x02
+enum {
+       DNS_DBATTR_CACHE = 1 << 0,
+       DNS_DBATTR_STUB = 1 << 1,
+};
 
 struct dns_dbonupdatelistener {
        dns_dbupdate_callback_t onupdate;
@@ -234,16 +236,16 @@ struct dns_dbonupdatelistener {
 /*%
  * Options that can be specified for dns_db_find().
  */
-#define DNS_DBFIND_GLUEOK      0x0001
-#define DNS_DBFIND_VALIDATEGLUE 0x0002
-#define DNS_DBFIND_NOWILD      0x0004
-#define DNS_DBFIND_PENDINGOK   0x0008
-#define DNS_DBFIND_NOEXACT     0x0010
-#define DNS_DBFIND_FORCENSEC   0x0020
-#define DNS_DBFIND_COVERINGNSEC 0x0040
-#define DNS_DBFIND_FORCENSEC3  0x0080
-#define DNS_DBFIND_ADDITIONALOK 0x0100
-#define DNS_DBFIND_NOZONECUT   0x0200
+enum {
+       DNS_DBFIND_GLUEOK = 1 << 0,
+       DNS_DBFIND_NOWILD = 1 << 1,
+       DNS_DBFIND_PENDINGOK = 1 << 2,
+       DNS_DBFIND_NOEXACT = 1 << 3,
+       DNS_DBFIND_COVERINGNSEC = 1 << 4,
+       DNS_DBFIND_FORCENSEC3 = 1 << 5,
+       DNS_DBFIND_ADDITIONALOK = 1 << 6,
+       DNS_DBFIND_NOZONECUT = 1 << 7,
+};
 
 /*
  * DNS_DBFIND_STALEOK: This flag is set when BIND fails to refresh a RRset due
@@ -785,11 +787,6 @@ dns__db_findext(dns_db_t *db, const dns_name_t *name, dns_dbversion_t *version,
  *     and working up to the zone origin.  This option is only meaningful
  *     when querying redirect zones.
  *
- * \li If the #DNS_DBFIND_FORCENSEC option is set, the database is assumed to
- *     have NSEC records, and these will be returned when appropriate.  This
- *     is only necessary when querying a database that was not secure
- *     when created.
- *
  * \li If the DNS_DBFIND_COVERINGNSEC option is set, then look for a
  *     NSEC record that potentially covers 'name' if a answer cannot
  *     be found.  Note the returned NSEC needs to be checked to ensure

diff --git a/lib/dns/rbtdb.c b/lib/dns/rbtdb.c
index f8d3d7e55c9a9cf6fce3333a8445ea92515bebb5..c92491bc91c80b0d5cac86962c9f5e5e9d27158e 100644 (file)
--- a/lib/dns/rbtdb.c
+++ b/lib/dns/rbtdb.c
@@ -3231,60 +3231,6 @@ setup_delegation(rbtdb_search_t *search, dns_dbnode_t **nodep,
        return (DNS_R_DELEGATION);
 }
 
-static bool
-valid_glue(rbtdb_search_t *search, dns_name_t *name, rbtdb_rdatatype_t type,
-          dns_rbtnode_t *node) {
-       unsigned char *raw; /* RDATASLAB */
-       unsigned int count, size;
-       dns_name_t ns_name;
-       bool valid = false;
-       dns_offsets_t offsets;
-       isc_region_t region;
-
-       /*
-        * No additional locking is required.
-        */
-
-       /*
-        * Valid glue types are A, AAAA, A6.  NS is also a valid glue type
-        * if it occurs at a zone cut, but is not valid below it.
-        */
-       if (type == dns_rdatatype_ns) {
-               if (node != search->zonecut) {
-                       return (false);
-               }
-       } else if (type != dns_rdatatype_a && type != dns_rdatatype_aaaa &&
-                  type != dns_rdatatype_a6)
-       {
-               return (false);
-       }
-
-       raw = raw_from_header(search->zonecut_rdataset);
-       count = raw[0] * 256 + raw[1];
-       raw += DNS_RDATASET_COUNT + DNS_RDATASET_LENGTH;
-
-       while (count > 0) {
-               count--;
-               size = raw[0] * 256 + raw[1];
-               raw += DNS_RDATASET_ORDER + DNS_RDATASET_LENGTH;
-               region.base = raw;
-               region.length = size;
-               raw += size;
-               /*
-                * XXX Until we have rdata structures, we have no choice but
-                * to directly access the rdata format.
-                */
-               dns_name_init(&ns_name, offsets);
-               dns_name_fromregion(&ns_name, &region);
-               if (dns_name_compare(&ns_name, name) == 0) {
-                       valid = true;
-                       break;
-               }
-       }
-
-       return (valid);
-}
-
 static bool
 activeempty(rbtdb_search_t *search, dns_rbtnodechain_t *chain,
            const dns_name_t *name) {
@@ -4093,7 +4039,6 @@ zone_find(dns_db_t *db, const dns_name_t *name, dns_dbversion_t *version,
                 */
                if ((search.rbtversion->secure == dns_db_secure &&
                     !search.rbtversion->havensec3) ||
-                   (search.options & DNS_DBFIND_FORCENSEC) != 0 ||
                    (search.options & DNS_DBFIND_FORCENSEC3) != 0)
                {
                        result = find_closest_nsec(
@@ -4379,24 +4324,13 @@ found:
                        }
                        goto tree_exit;
                }
-               if ((search.options & DNS_DBFIND_FORCENSEC) != 0 &&
-                   nsecheader == NULL)
-               {
-                       /*
-                        * There's no NSEC record, and we were told
-                        * to find one.
-                        */
-                       result = DNS_R_BADDB;
-                       goto node_exit;
-               }
                if (nodep != NULL) {
                        new_reference(search.rbtdb, node,
                                      nlocktype DNS__DB_FLARG_PASS);
                        *nodep = node;
                }
                if ((search.rbtversion->secure == dns_db_secure &&
-                    !search.rbtversion->havensec3) ||
-                   (search.options & DNS_DBFIND_FORCENSEC) != 0)
+                    !search.rbtversion->havensec3))
                {
                        bind_rdataset(search.rbtdb, node, nsecheader, 0,
                                      nlocktype, rdataset DNS__DB_FLARG_PASS);
@@ -4451,23 +4385,6 @@ found:
                } else {
                        result = DNS_R_GLUE;
                }
-               /*
-                * We might have found data that isn't glue, but was occluded
-                * by a dynamic update.  If the caller cares about this, they
-                * will have told us to validate glue.
-                *
-                * XXX We should cache the glue validity state!
-                */
-               if (result == DNS_R_GLUE &&
-                   (search.options & DNS_DBFIND_VALIDATEGLUE) != 0 &&
-                   !valid_glue(&search, foundname, type, node))
-               {
-                       NODE_UNLOCK(lock, &nlocktype);
-                       result = setup_delegation(
-                               &search, nodep, foundname, rdataset,
-                               sigrdataset DNS__DB_FLARG_PASS);
-                       goto tree_exit;
-               }
        } else {
                /*
                 * An ordinary successful query!