Home | History | Annotate | Download | only in dnssec

Lines Matching defs:nsec3

80 #include <dns/nsec3.h>
1350 			 * NSEC3.
1630 		 * For NSEC3 zones the NSEC3 nodes are zone data but
1770 				      "to update to NSEC3.");
1775 				fatal("Zone contains NSEC3 chains.  Use -u "
1833  * Generate NSEC records for the zone and remove NSEC3/NSEC3PARAM records.
1854 	 * Remove any NSEC3 chains.
2074  * Clean out NSEC3 record and RRSIG(NSEC3) that are not in the hash list.
2078  * any NSEC3 records which have the same parameters as the chain we
2088 	dns_rdata_nsec3_t nsec3;
2122 	 * Verify that the NSEC3 parameters match the current ones
2123 	 * otherwise we are dealing with a different NSEC3 chain.
2135 	 * Delete any NSEC3 records which are not part of the current
2136 	 * NSEC3 chain.
2143 		result = dns_rdata_tostruct(&rdata, &nsec3, NULL);
2145 		if (exists && nsec3.hash == hashalg &&
2146 		    nsec3.iterations == iterations &&
2147 		    nsec3.salt_length == salt_len &&
2148 		    isc_safe_memequal(nsec3.salt, salt, salt_len))
2166 			check_result(result, "dns_db_subtractrdataset(NSEC3)");
2179 	 * Delete the NSEC3 RRSIGs
2184 		check_result(result, "dns_db_deleterdataset(RRSIG(NSEC3))");
2308  * Generate NSEC3 records for the zone.
2456 	 * Generate the nsec3 records.
2464 	 * Clean out NSEC3 records which don't match this chain.
2562 		 * Add NSEC3's for empty nodes.  Use closest encloser logic.
2993 	dns_rdata_nsec3_t nsec3;
3018 			fatal("An NSEC3 chain exists with a different salt. "
3029 			fatal("An NSEC3 chain exists with different "
3037 	 * Find an NSEC3 record to get the current OPTOUT value.
3038 	 * (This assumes all NSEC3 records agree.)
3061 	result = dns_rdata_tostruct(&rdata, &nsec3, NULL);
3065 		if (nsec3flags != nsec3.flags) {
3066 			fatal("An NSEC3 chain exists with%s OPTOUT. "
3068 			      OPTOUT(nsec3.flags) ? "" : "out",
3069 			      OPTOUT(nsec3.flags) ? "AA" : "A",
3070 			      OPTOUT(nsec3.flags) ? "clear" : "set");
3073 		nsec3flags = nsec3.flags;
3076 	dns_rdata_freestruct(&nsec3);
3313 	fprintf(stderr, "update or replace an existing NSEC/NSEC3 chain\n");
3320 	fprintf(stderr, "\t-3 NSEC3 salt\n");
3321 	fprintf(stderr, "\t-H NSEC3 iterations (10)\n");
3322 	fprintf(stderr, "\t-A NSEC3 optout\n");
3915 	 * Check for any existing NSEC3 parameters in the zone,
3989 				"%s: warning: NSEC3 generation "
3995 			fatal("NSEC3 generation requested with "
4004 				fatal("NSEC3 iterations too big. Maximum "