| /src/external/bsd/nsd/dist/ |
| iterated_hash.h | 2 * iterated_hash.h -- nsec3 hash calculation.
13 #ifdef NSEC3
22 #endif /* NSEC3 */
|
| iterated_hash.c | 2 * iterated_hash.c -- nsec3 hash calculation.
11 #ifdef NSEC3
28 #if defined(NSEC3) && defined(HAVE_SSL)
80 #endif /* NSEC3 */
|
| namedb.h | 49 #ifdef NSEC3
52 #endif /* NSEC3 */
55 #ifdef NSEC3
71 /* (if nsec3 chain complete) always the covering nsec3 record */
73 /* the nsec3 that covers the wildcard child of this domain. */
77 /* NSEC3 domains to prehash, prev and next on the list or cleared */
88 /* if the domain has an NSEC3 for it, use cover ptr to get it. */
93 #endif /* NSEC3 */
106 #ifdef NSEC3
107 struct nsec3_domain_data* nsec3; member in struct:domain
[all...] |
| dbaccess.c | 28 #include "nsec3.h"
67 #ifdef NSEC3
125 /* RRs and UDB and NSEC3 and so on must be already deleted */
155 #ifdef NSEC3
312 #ifdef NSEC3
325 #ifdef NSEC3
362 #ifdef NSEC3
|
| nsec3.h | 2 * nsec3.h -- nsec3 handling.
12 #ifdef NSEC3
33 * finds nsec3 that covers the given domain hash.
40 * _answer_ Routines used to add the correct nsec3 record to a query answer.
51 * add NSEC3 to provide domain name but not rrset exists,
52 * this could be a query for a DS or NSEC3 type
58 * add NSEC3 for a delegation (optout stuff)
63 * add NSEC3 for authoritative answers.
71 * True if domain is a NSEC3 (+RRSIG) data only variety
[all...] |
| namedb.c | 21 #include "nsec3.h"
47 #ifdef NSEC3
48 result->nsec3 = NULL;
63 #ifdef NSEC3
67 if(result->nsec3)
69 result->nsec3 = (struct nsec3_domain_data*) region_alloc(table->region,
71 result->nsec3->nsec3_cover = NULL;
72 result->nsec3->nsec3_wcard_child_cover = NULL;
73 result->nsec3->nsec3_ds_parent_cover = NULL;
74 result->nsec3->nsec3_is_exact = 0
[all...] |
| query.c | 37 #include "nsec3.h"
244 * o wildcard expansion domain_type (7*ptr+u32+2bytes)+(5*ptr nsec3)
246 * o nsec3 hashed name(s) (3 dnames for a nonexist_proof,
988 #ifdef NSEC3
1029 #ifdef NSEC3
1076 #ifdef NSEC3
1117 #ifdef NSEC3
1186 #ifdef NSEC3
1192 #endif /* NSEC3 */
1278 #ifdef NSEC3
[all...] |
| difffile.c | 23 #include "nsec3.h"
514 #ifdef NSEC3
515 /* see if nsec3 deletion triggers need action */
522 /* see if the domain was an NSEC3-domain in the chain, but no longer */
523 if(rr->type == TYPE_NSEC3 && rr->owner->nsec3 &&
524 rr->owner->nsec3->nsec3_node.key &&
528 /* remove from prehash because no longer an NSEC3 domain */
536 &rr->owner->nsec3->nsec3_node);
537 /* add previous NSEC3 to the prehash list */
549 /* if no more NSEC3, done *
[all...] |
| zonec.c | 44 #include "nsec3.h"
76 #ifdef NSEC3
|
| config.h.in | 579 /* Define this to enable NSEC3 support. */
580 #undef NSEC3
|
| nsec3.c | 2 * nsec3.c -- nsec3 handling.
10 #ifdef NSEC3
14 #include "nsec3.h"
23 /* compare nsec3 hashes in nsec3 tree */
29 if(!a->nsec3) return (b->nsec3?-1:0);
30 if(!b->nsec3) return 1;
31 if(!a->nsec3->hash_wc) return (b->nsec3->hash_wc?-1:0)
[all...] |
| configure | 1477 --disable-nsec3 Disable NSEC3 support
11119 # we need SSL for TSIG (and maybe also for NSEC3).
11756 # Check whether --enable-nsec3 was given.
11767 printf "%s\n" "#define NSEC3 /**/" >>confdefs.h
11773 printf "%s\n" "#define NSEC3 /**/" >>confdefs.h
11776 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: No SSL, therefore NSEC3 is disabled" >&5
11777 printf "%s\n" "$as_me: WARNING: No SSL, therefore NSEC3 is disabled" >&2;}
|
| /src/external/mpl/bind/dist/bin/tests/system/chain/ |
| tests.sh | 127 NSEC3) start_index=10 ;;
228 # Relevant NSEC3 hashes:
232 # $ nsec3hash - 1 0 wildcard-nsec3.example.
234 # $ nsec3hash - 1 0 cname.wildcard-nsec3.example.
236 # $ nsec3hash - 1 0 delegation.wildcard-nsec3.example.
238 # $ nsec3hash - 1 0 *.wildcard-nsec3.example.
243 # $ nsec3hash - 1 0 a-nonexistent-name.wildcard-nsec3.example.
245 # $ nsec3hash - 1 0 z-nonexistent-name.wildcard-nsec3.example.
249 echo_i "checking insecure delegation prepared using CNAME chaining, NSEC3 ($n)"
252 # single NSEC3 record proving nonexistence of a DS RRset at the zone cut
[all...] |
| /src/external/mpl/bind/dist/bin/tests/system/nsec3_answer/ |
| tests_nsec3.py | 32 import dns.rdtypes.ANY.NSEC3
104 # DS RR does not exist so we must prove it by having NSEC3 with QNAME
300 dns.rdataclass.IN, dns.rdatatype.NSEC3, dns.rdatatype.NONE
301 ), f"unexpected NSEC3 RR in ANSWER section:\n{response}"
304 dns.rdataclass.IN, dns.rdatatype.NSEC3, dns.rdatatype.NONE
305 ), f"unexpected NSEC3 RR in ADDITIONAL section:\n{response}"
318 dns.rdataclass.IN, dns.rdatatype.NSEC3, dns.rdatatype.NONE
323 ), f"duplicate NSEC3 owner {rrset.name}:\n{response}"
328 assert isinstance(rr, dns.rdtypes.ANY.NSEC3.NSEC3)
[all...] |
| /src/external/mpl/bind/dist/bin/tests/system/nsec3/ans7/ |
| ans.py | 14 Crafted authoritative DNS proxy for BIND9 NSEC3 OOB read PoC.
16 Simulates a malicious authoritative server that crafts NSEC3 responses
20 1. Resolver queries xxx.evil.test A -> proxy modifies NSEC3 in A response
21 (breaks the NSEC3 proof, forcing proveunsecure() fallback)
22 2. Resolver fetches DS for xxx.evil.test -> proxy injects crafted NSEC3
24 3. DS validation succeeds via unmodified NSEC3 (opt-out coverage)
61 # NSEC3 params: alg=1(SHA1), flags=1(opt-out), iterations=10, salt=DEADBEEF
78 Auto-discover NSEC3 owner names and next hashes from the signed zone.
88 if parts[3] == "NSEC3":
91 idx = parts.index("NSEC3")
[all...] |
| /src/external/mpl/bind/dist/bin/tests/system/nsec3/ |
| common.py | 62 dns.rdataclass.IN, dns.rdatatype.NSEC3, dns.rdatatype.NONE
68 match = f"IN NSEC3 1 {optout} {iterations} {salt}"
72 if rrset.match(dns.rdataclass.IN, dns.rdatatype.NSEC3, dns.rdatatype.NONE):
79 assert len(rrs) != 0, "no NSEC3 records found in authority section"
106 def check_nsec3_case(server, params, nsec3=True):
143 if nsec3:
144 # NSEC3
|
| /src/external/mpl/bind/dist/bin/tests/system/autosign/ns3/ |
| named.conf.j2 | 61 # NSEC3
62 dnssec-policy "nsec3" {
71 # NSEC3 opt-out
94 # Jitter, NSEC3
95 dnssec-policy "jitter-nsec3" {
156 zone "nsec3.example" {
158 file "nsec3.example.db";
161 dnssec-policy nsec3;
169 dnssec-policy nsec3;
172 zone "optout.nsec3.example"
[all...] |
| /src/external/bsd/nsd/include/ |
| config.h | 582 /* Define this to enable NSEC3 support. */
583 #define NSEC3 /**/
|
| /src/external/mpl/bind/dist/bin/tests/system/dnssec/ns3/ |
| sign.sh | 159 # NSEC3/NSEC test zone
161 zone=secure.nsec3.example.
162 infile=secure.nsec3.example.db.in
163 zonefile=secure.nsec3.example.db
172 # NSEC3/NSEC3 test zone
174 zone=nsec3.nsec3.example.
175 infile=nsec3.nsec3.example.db.i
[all...] |
