aboutsummaryrefslogtreecommitdiff
path: root/middleware/file/closest.go
diff options
context:
space:
mode:
Diffstat (limited to 'middleware/file/closest.go')
-rw-r--r--middleware/file/closest.go42
1 files changed, 42 insertions, 0 deletions
diff --git a/middleware/file/closest.go b/middleware/file/closest.go
index 8f9d9a8ba..0c5fd722d 100644
--- a/middleware/file/closest.go
+++ b/middleware/file/closest.go
@@ -20,3 +20,45 @@ func (z *Zone) ClosestEncloser(rr dns.RR) string {
return z.SOA.Header().Name
}
+
+// nameErrorProof finds the closest encloser and return an NSEC that proofs
+// the wildcard does not exist and an NSEC that proofs the name does no exist.
+func (z *Zone) nameErrorProof(rr dns.RR) []dns.RR {
+ elem := z.Tree.Prev(rr)
+ if elem == nil {
+ return nil
+ }
+ nsec := z.lookupNSEC(elem, true)
+ nsecIndex := 0
+ for i := 0; i < len(nsec); i++ {
+ if nsec[i].Header().Rrtype == dns.TypeNSEC {
+ nsecIndex = i
+ break
+ }
+ }
+
+ ce := z.ClosestEncloser(rr)
+ wildcard := "*." + ce
+ rr.Header().Name = wildcard
+ elem = z.Tree.Prev(rr)
+ if elem == nil {
+ // Root?
+ return nil
+ }
+ nsec1 := z.lookupNSEC(elem, true)
+ nsec1Index := 0
+ for i := 0; i < len(nsec1); i++ {
+ if nsec1[i].Header().Rrtype == dns.TypeNSEC {
+ nsec1Index = i
+ break
+ }
+ }
+
+ // Check for duplicate NSEC.
+ if nsec[nsecIndex].Header().Name == nsec1[nsec1Index].Header().Name &&
+ nsec[nsecIndex].(*dns.NSEC).NextDomain == nsec1[nsec1Index].(*dns.NSEC).NextDomain {
+ return nsec
+ }
+
+ return append(nsec, nsec1...)
+}
generated by cgit v1.2.3 (git 2.46.0) at 2025-08-10 02:25:18 +0000