5088 |
|
dns_fixedname_t fixed; |
5089 |
|
dns_hash_t hash; |
5090 |
|
dns_name_t name; |
5091 |
< |
int order; |
5092 |
< |
unsigned int count; |
5091 |
> |
unsigned int skip = 0, labels; |
5092 |
|
dns_rdata_nsec3_t nsec3; |
5093 |
|
dns_rdata_t rdata = DNS_RDATA_INIT; |
5094 |
|
isc_boolean_t optout; |
5101 |
|
|
5102 |
|
dns_name_init(&name, NULL); |
5103 |
|
dns_name_clone(qname, &name); |
5104 |
+ |
labels = dns_name_countlabels(&name); |
5105 |
|
|
5106 |
|
/* |
5107 |
|
* Map unknown algorithm to known value. |
5133 |
|
dns_rdata_reset(&rdata); |
5134 |
|
optout = ISC_TF((nsec3.flags & DNS_NSEC3FLAG_OPTOUT) != 0); |
5135 |
|
if (found != NULL && optout && |
5136 |
< |
dns_name_fullcompare(&name, dns_db_origin(db), &order, |
5137 |
< |
&count) == dns_namereln_subdomain) { |
5136 |
> |
dns_name_issubdomain(&name, dns_db_origin(db))) |
5137 |
> |
{ |
5138 |
|
dns_rdataset_disassociate(rdataset); |
5139 |
|
if (dns_rdataset_isassociated(sigrdataset)) |
5140 |
|
dns_rdataset_disassociate(sigrdataset); |
5141 |
< |
count = dns_name_countlabels(&name) - 1; |
5142 |
< |
dns_name_getlabelsequence(&name, 1, count, &name); |
5141 |
> |
skip++; |
5142 |
> |
dns_name_getlabelsequence(qname, skip, labels - skip, |
5143 |
> |
&name); |
5144 |
|
ns_client_log(client, DNS_LOGCATEGORY_DNSSEC, |
5145 |
|
NS_LOGMODULE_QUERY, ISC_LOG_DEBUG(3), |
5146 |
|
"looking for closest provable encloser"); |
5158 |
|
ns_client_log(client, DNS_LOGCATEGORY_DNSSEC, |
5159 |
|
NS_LOGMODULE_QUERY, ISC_LOG_WARNING, |
5160 |
|
"expected covering NSEC3, got an exact match"); |
5161 |
< |
if (found != NULL) |
5161 |
> |
if (found == qname) { |
5162 |
> |
if (skip != 0U) |
5163 |
> |
dns_name_getlabelsequence(qname, skip, labels - skip, |
5164 |
> |
found); |
5165 |
> |
} else if (found != NULL) |
5166 |
|
dns_name_copy(&name, found, NULL); |
5167 |
|
return; |
5168 |
|
} |