1 /* 2 * dns.h -- DNS definitions. 3 * 4 * Copyright (c) 2001-2006, NLnet Labs. All rights reserved. 5 * 6 * See LICENSE for the license. 7 * 8 */ 9 10 #ifndef DNS_H 11 #define DNS_H 12 struct rr; 13 struct buffer; 14 struct domain; 15 struct domain_table; 16 struct query; 17 18 enum rr_section { 19 QUESTION_SECTION, 20 ANSWER_SECTION, 21 AUTHORITY_SECTION, 22 /* 23 * Use a split authority section to ensure that optional 24 * NS RRsets in the response can be omitted. 25 */ 26 OPTIONAL_AUTHORITY_SECTION, 27 ADDITIONAL_SECTION, 28 /* 29 * Use a split additional section to ensure A records appear 30 * before any AAAA records (this is recommended practice to 31 * avoid truncating the additional section for IPv4 clients 32 * that do not specify EDNS0), and AAAA records before other 33 * types of additional records (such as X25 and ISDN). 34 * Encode_answer sets the ARCOUNT field of the response packet 35 * correctly. 36 */ 37 ADDITIONAL_A_SECTION = ADDITIONAL_SECTION, 38 ADDITIONAL_AAAA_SECTION, 39 ADDITIONAL_OTHER_SECTION, 40 41 RR_SECTION_COUNT 42 }; 43 typedef enum rr_section rr_section_type; 44 45 /* Possible OPCODE values */ 46 #define OPCODE_QUERY 0 /* a standard query (QUERY) */ 47 #define OPCODE_IQUERY 1 /* an inverse query (IQUERY) */ 48 #define OPCODE_STATUS 2 /* a server status request (STATUS) */ 49 #define OPCODE_NOTIFY 4 /* NOTIFY */ 50 #define OPCODE_UPDATE 5 /* Dynamic update */ 51 52 /* Possible RCODE values */ 53 #define RCODE_OK 0 /* No error condition */ 54 #define RCODE_FORMAT 1 /* Format error */ 55 #define RCODE_SERVFAIL 2 /* Server failure */ 56 #define RCODE_NXDOMAIN 3 /* Name Error */ 57 #define RCODE_IMPL 4 /* Not implemented */ 58 #define RCODE_REFUSE 5 /* Refused */ 59 #define RCODE_YXDOMAIN 6 /* name should not exist */ 60 #define RCODE_YXRRSET 7 /* rrset should not exist */ 61 #define RCODE_NXRRSET 8 /* rrset does not exist */ 62 #define RCODE_NOTAUTH 9 /* server not authoritative */ 63 #define RCODE_NOTZONE 10 /* name not inside zone */ 64 65 /* Standardized NSD return code. Partially maps to DNS RCODE values. */ 66 enum nsd_rc 67 { 68 /* Discard the client request. */ 69 NSD_RC_DISCARD = -1, 70 /* OK, continue normal processing. */ 71 NSD_RC_OK = RCODE_OK, 72 /* Return the appropriate error code to the client. */ 73 NSD_RC_FORMAT = RCODE_FORMAT, 74 NSD_RC_SERVFAIL = RCODE_SERVFAIL, 75 NSD_RC_NXDOMAIN = RCODE_NXDOMAIN, 76 NSD_RC_IMPL = RCODE_IMPL, 77 NSD_RC_REFUSE = RCODE_REFUSE, 78 NSD_RC_NOTAUTH = RCODE_NOTAUTH 79 }; 80 typedef enum nsd_rc nsd_rc_type; 81 82 /* RFC1035 */ 83 #define CLASS_IN 1 /* Class IN */ 84 #define CLASS_CS 2 /* Class CS */ 85 #define CLASS_CH 3 /* Class CHAOS */ 86 #define CLASS_HS 4 /* Class HS */ 87 #define CLASS_NONE 254 /* Class NONE rfc2136 */ 88 #define CLASS_ANY 255 /* Class ANY */ 89 90 #define TYPE_A 1 /* a host address */ 91 #define TYPE_NS 2 /* an authoritative name server */ 92 #define TYPE_MD 3 /* a mail destination (Obsolete - use MX) */ 93 #define TYPE_MF 4 /* a mail forwarder (Obsolete - use MX) */ 94 #define TYPE_CNAME 5 /* the canonical name for an alias */ 95 #define TYPE_SOA 6 /* marks the start of a zone of authority */ 96 #define TYPE_MB 7 /* a mailbox domain name (EXPERIMENTAL) */ 97 #define TYPE_MG 8 /* a mail group member (EXPERIMENTAL) */ 98 #define TYPE_MR 9 /* a mail rename domain name (EXPERIMENTAL) */ 99 #define TYPE_NULL 10 /* a null RR (EXPERIMENTAL) */ 100 #define TYPE_WKS 11 /* a well known service description */ 101 #define TYPE_PTR 12 /* a domain name pointer */ 102 #define TYPE_HINFO 13 /* host information */ 103 #define TYPE_MINFO 14 /* mailbox or mail list information */ 104 #define TYPE_MX 15 /* mail exchange */ 105 #define TYPE_TXT 16 /* text strings */ 106 #define TYPE_RP 17 /* RFC1183 */ 107 #define TYPE_AFSDB 18 /* RFC1183 */ 108 #define TYPE_X25 19 /* RFC1183 */ 109 #define TYPE_ISDN 20 /* RFC1183 */ 110 #define TYPE_RT 21 /* RFC1183 */ 111 #define TYPE_NSAP 22 /* RFC1706 (deprecated by RFC9121) */ 112 #define TYPE_NSAP_PTR 23 /* RFC1348 (deprecated by RFC9121) */ 113 #define TYPE_SIG 24 /* 2535typecode */ 114 #define TYPE_KEY 25 /* 2535typecode */ 115 #define TYPE_PX 26 /* RFC2163 */ 116 #define TYPE_GPOS 27 /* RFC1712 */ 117 #define TYPE_AAAA 28 /* ipv6 address */ 118 #define TYPE_LOC 29 /* LOC record RFC1876 */ 119 #define TYPE_NXT 30 /* 2535typecode */ 120 #define TYPE_EID 31 /* draft-ietf-nimrod-dns-01 */ 121 #define TYPE_NIMLOC 32 /* draft-ietf-nimrod-dns-01 */ 122 #define TYPE_SRV 33 /* SRV record RFC2782 */ 123 #define TYPE_ATMA 34 /* ATM Address */ 124 #define TYPE_NAPTR 35 /* RFC2915 */ 125 #define TYPE_KX 36 /* RFC2230 Key Exchange Delegation Record */ 126 #define TYPE_CERT 37 /* RFC2538 */ 127 #define TYPE_A6 38 /* RFC2874 */ 128 #define TYPE_DNAME 39 /* RFC2672 */ 129 #define TYPE_SINK 40 /* draft-eastlake-kitchen-sink */ 130 #define TYPE_OPT 41 /* Pseudo OPT record... */ 131 #define TYPE_APL 42 /* RFC3123 */ 132 #define TYPE_DS 43 /* RFC 4033, 4034, and 4035 */ 133 #define TYPE_SSHFP 44 /* SSH Key Fingerprint */ 134 #define TYPE_IPSECKEY 45 /* public key for ipsec use. RFC 4025 */ 135 #define TYPE_RRSIG 46 /* RFC 4033, 4034, and 4035 */ 136 #define TYPE_NSEC 47 /* RFC 4033, 4034, and 4035 */ 137 #define TYPE_DNSKEY 48 /* RFC 4033, 4034, and 4035 */ 138 #define TYPE_DHCID 49 /* RFC4701 DHCP information */ 139 #define TYPE_NSEC3 50 /* NSEC3, secure denial, prevents zonewalking */ 140 #define TYPE_NSEC3PARAM 51 /* NSEC3PARAM at zone apex nsec3 parameters */ 141 #define TYPE_TLSA 52 /* RFC 6698 */ 142 #define TYPE_SMIMEA 53 /* RFC 8162 */ 143 #define TYPE_HIP 55 /* RFC 8005 */ 144 #define TYPE_NINFO 56 /* NINFO/ninfo-completed-template */ 145 #define TYPE_RKEY 57 /* RKEY/rkey-completed-template */ 146 #define TYPE_TALINK 58 /* draft-ietf-dnsop-dnssec-trust-history */ 147 #define TYPE_CDS 59 /* RFC 7344 */ 148 #define TYPE_CDNSKEY 60 /* RFC 7344 */ 149 #define TYPE_OPENPGPKEY 61 /* RFC 7929 */ 150 #define TYPE_CSYNC 62 /* RFC 7477 */ 151 #define TYPE_ZONEMD 63 /* RFC 8976 */ 152 #define TYPE_SVCB 64 /* RFC 9460 */ 153 #define TYPE_HTTPS 65 /* RFC 9460 */ 154 #define TYPE_DSYNC 66 /* draft-ietf-dnsop-generalized-notify */ 155 156 #define TYPE_SPF 99 /* RFC 4408 */ 157 158 #define TYPE_NID 104 /* RFC 6742 */ 159 #define TYPE_L32 105 /* RFC 6742 */ 160 #define TYPE_L64 106 /* RFC 6742 */ 161 #define TYPE_LP 107 /* RFC 6742 */ 162 #define TYPE_EUI48 108 /* RFC 7043 */ 163 #define TYPE_EUI64 109 /* RFC 7043 */ 164 165 #define TYPE_NXNAME 128 /* draft-ietf-dnsop-compact-denial-of-existence-04 */ 166 167 #define TYPE_TSIG 250 /* RFC 2845 */ 168 #define TYPE_IXFR 251 /* RFC 1995 */ 169 #define TYPE_AXFR 252 /* RFC 1035, RFC 5936 */ 170 #define TYPE_MAILB 253 /* A request for mailbox-related records (MB, MG or MR) [RFC 1035] */ 171 #define TYPE_MAILA 254 /* A request for mail agent RRs (Obsolete - see MX) [RFC 1035] */ 172 #define TYPE_ANY 255 /* any type (wildcard) [RFC 1035, RFC 6895] */ 173 #define TYPE_URI 256 /* RFC 7553 */ 174 #define TYPE_CAA 257 /* RFC 6844 */ 175 #define TYPE_AVC 258 /* AVC/avc-completed-template */ 176 #define TYPE_DOA 259 /* draft-durand-doa-over-dns */ 177 #define TYPE_AMTRELAY 260 /* RFC 8777 */ 178 #define TYPE_RESINFO 261 /* RFC 9606 */ 179 #define TYPE_WALLET 262 /* WALLET/wallet-completed-template */ 180 #define TYPE_CLA 263 /* CLA/cla-completed-template */ 181 #define TYPE_IPN 264 /* IPN/ipn-completed-template draft-johnson-dns-ipn-cla-07 */ 182 183 #define TYPE_TA 32768 /* http://www.watson.org/~weiler/INI1999-19.pdf */ 184 #define TYPE_DLV 32769 /* RFC 4431 */ 185 186 #define SVCB_KEY_MANDATORY 0 187 #define SVCB_KEY_ALPN 1 188 #define SVCB_KEY_NO_DEFAULT_ALPN 2 189 #define SVCB_KEY_PORT 3 190 #define SVCB_KEY_IPV4HINT 4 191 #define SVCB_KEY_ECH 5 192 #define SVCB_KEY_IPV6HINT 6 193 #define SVCB_KEY_DOHPATH 7 194 #define SVCB_KEY_OHTTP 8 195 #define SVCB_KEY_TLS_SUPPORTED_GROUPS 9 196 197 #define MAXLABELLEN 63 198 #define MAXDOMAINLEN 255 199 200 #define MAX_RDLENGTH 65535 201 202 /* Maximum size of a single RR. */ 203 #define MAX_RR_SIZE \ 204 (MAXDOMAINLEN + sizeof(uint32_t) + 4*sizeof(uint16_t) + MAX_RDLENGTH) 205 206 #define IP4ADDRLEN (32/8) 207 #define IP6ADDRLEN (128/8) 208 #define EUI48ADDRLEN (48/8) 209 #define EUI64ADDRLEN (64/8) 210 211 #define NSEC3_HASH_LEN 20 212 213 /* 214 * The following RDATA values are used in nsd_rdata_descriptor.length to 215 * indicate a specialized value. They are negative, the normal lengths 216 * are 0..65535 and length is int32_t. 217 */ 218 /* The rdata is a compressed domain name. In namedb it is a reference 219 * with a pointer to struct domain. On the wire, the name can be a 220 * compressed name. The pointer is stored in line and is likely unaligned. */ 221 #define RDATA_COMPRESSED_DNAME -1 222 /* The rdata is an uncompressed domain name. In namedb it is a reference 223 * with a pointer to struct domain. The pointer is stored in line and is 224 * likely unaligned. */ 225 #define RDATA_UNCOMPRESSED_DNAME -2 226 /* The rdata is a literal domain name. It is not a reference to struct 227 * domain, and stored as uncompressed wireformat octets. */ 228 #define RDATA_LITERAL_DNAME -3 229 /* The rdata is a string. It starts with a uint8_t length byte. */ 230 #define RDATA_STRING -4 231 /* The rdata is binary. It starts with a uint8_t length byte. */ 232 #define RDATA_BINARY -5 233 /* The rdata is of type IPSECGATEWAY because of its encoding elsewhere in 234 * the RR. */ 235 #define RDATA_IPSECGATEWAY -6 236 /* The rdata is the remainder of the record, to the end of the bytes, possibly 237 * zero bytes. The length of the field is determined by the rdata length. */ 238 #define RDATA_REMAINDER -7 239 /* The rdata is of type AMTRELAYRELAY because of its encoding elsewhere in 240 * the RR. */ 241 #define RDATA_AMTRELAY_RELAY -8 242 243 /* 244 * Function signature to determine length of the rdata field. 245 * @param rdlength: length of the input rdata. 246 * @param rdata: input bytes with rdata of the RR. 247 * @param offset: current byte position in rdata. 248 * offset is required for the ipsecgateway where we need to read 249 * a couple bytes back 250 * @param domain: this value can be returned as NULL, in which case the 251 * function return value is a length in bytes in wireformat. 252 * If this value is returned nonNULL, it is the special reference 253 * object that needs different treatment. The function return value 254 * is the length that needs to be skipped in rdata to get past the 255 * field, that is a reference when that is a pointer. 256 * For other types of objects an additional function argument could be 257 * added, and then handling in the caller. 258 * @return length in bytes. Or -1 on failure, like rdata length too short. 259 */ 260 typedef int32_t(*nsd_rdata_field_length_type)( 261 uint16_t rdlength, 262 const uint8_t *rdata, 263 uint16_t offset, 264 struct domain** domain); 265 266 typedef struct nsd_rdata_descriptor nsd_rdata_descriptor_type; 267 268 /* 269 * Descriptor table. For DNS RRTypes has information on the resource record 270 * type. the descriptor table shouldn't be used for validation. 271 * the read function will take care of that. it's used for 272 * implementing copy functions that are very specific, but where 273 * the data has already been checked for validity. 274 */ 275 struct nsd_rdata_descriptor { 276 /* Field name of the rdata, like 'primary server'. */ 277 const char *name; 278 279 /* If the field is optional. When the field is not present, eg. no 280 * bytes of rdata, and it is optional, this is fine and the rdata 281 * is shorter. Also no following rdatas after it. Non optional 282 * rdatas must be present. */ 283 int is_optional; 284 285 /* The length, in bytes, of the rdata field. Can be set to 286 * a specialized value, like RDATA_COMPRESSED_DNAME, 287 * RDATA_STRING, ..., if there is a length function, that is used. 288 * That is for any type where the length depends on a value in 289 * the rdata itself. */ 290 int32_t length; 291 292 /* Determine size of rdata field. Returns the size of uncompressed 293 * rdata on the wire, or -1 on failure, like when it is malformed. 294 * So for references this is a different number. Used for ipseckey 295 * gateway, because the type depends on earlier data. Also amtrelay 296 * relay. This function takes the in-memory rdata representation. 297 * If the field has a special object, return -1 on failure or the 298 * length of the object in the rdata, with domain ptr returned to 299 * the special object. */ 300 nsd_rdata_field_length_type calculate_length; 301 302 /* Determine size of rdata field. Like calculate_length, but this 303 * function takes uncompressed wireformat in the rdata that is passed. 304 */ 305 nsd_rdata_field_length_type calculate_length_uncompressed_wire; 306 }; 307 308 typedef struct nsd_type_descriptor nsd_type_descriptor_type; 309 struct nsd_type_descriptor; 310 311 /* The rdata is malformed. The wireformat is not correct. 312 * NSD cannot store a wireformat with a malformed domain name, when that 313 * name needs to become a reference to struct domain. */ 314 #define MALFORMED -1 315 /* The rdata is not read, it is truncated, some was copied, but then 316 * an error occurred, like memory allocation failure. */ 317 #define TRUNCATED -2 318 319 /* 320 * Function signature to read rdata. From a packet into memory. 321 * @param domains: the domain table. 322 * @param rdlength: the length of the rdata in the packet. 323 * @param packet: the packet. 324 * @param rr: an RR is returned. 325 * @return the number of bytes that are read from the packet. Or negative 326 * for an error, like MALFORMED, TRUNCATED. 327 */ 328 typedef int32_t(*nsd_read_rdata_type)( 329 struct domain_table *domains, 330 uint16_t rdlength, 331 struct buffer *packet, 332 struct rr **rr); 333 334 /* 335 * Function signature to write rdata. From memory to an answer. 336 * @param query: the query that is answered. 337 * @param rr: rr to add to the output, in query.packet. It prints the rdata 338 * wireformat to the packet, compressed if needed, not including the 339 * rdlength before the rdata. 340 */ 341 typedef void(*nsd_write_rdata_type)( 342 struct query *query, 343 const struct rr *rr); 344 345 /* 346 * Function signature to print rdata. The string is in the buffer. 347 * The printed string starts with the rdata text. It does not have a newline 348 * at end. No space is put before it. 349 * @param output: buffer with string on return. The position is moved. 350 * @param rr: the record to print the rdata for. 351 * @return false on failure. The wireformat can not be printed in the 352 * nice output format. 353 */ 354 typedef int(*nsd_print_rdata_type)( 355 struct buffer *output, 356 const struct rr *rr); 357 358 /* 359 * Descriptor for a DNS resource record type. 360 * There are conversion routines per type, for wire-to-internal, 361 * internal-to-wire, and internal-to-text. To stop an explosion in code, 362 * there is an rdata field descriptor array to convert between more formats. 363 * For internal to compressed wire format we implement a specialized routine so 364 * that answering of queries is as optimal as can be. 365 * Other formats are conversion from uncompressed wire format to compressed 366 * wire format. For conversion from uncompressed or compressed wire format 367 * to internal the same import routines can be used, by using a packet buffer 368 * and dname_make_from_packet. 369 */ 370 struct nsd_type_descriptor { 371 /* The RRType number */ 372 uint16_t type; 373 /* Mnemonic. */ 374 const char *name; 375 /* Whether internal RDATA contains direct pointers. 376 * This means the namedb memory contains an in line pointer to 377 * struct domain for domain names. */ 378 int has_references; 379 /* Whether RDATA contains compressible names. The output can be 380 * compressed on the packet. If true, also has_references is true, 381 * for the packet encode routine, that uses the references. */ 382 int is_compressible; 383 /* The type has domain names, like literal dnames in the format. */ 384 int has_dnames; 385 /* Read function that copies rdata for this type to struct rr. */ 386 nsd_read_rdata_type read_rdata; 387 /* Write function, that copies rdata from struct rr to packet. */ 388 nsd_write_rdata_type write_rdata; 389 /* Print function, that writes the struct rr to string. */ 390 nsd_print_rdata_type print_rdata; 391 /* Description of the rdata fields. Used by functions that need 392 * to iterate over the fields. There are binary fields and 393 * references, and wireformat domain names. */ 394 struct { 395 /* Length of the fields array. */ 396 size_t length; 397 /* The rdata field descriptors. */ 398 const nsd_rdata_descriptor_type *fields; 399 } rdata; 400 }; 401 402 /* The length of the RRTYPE descriptors arrary */ 403 #define RRTYPE_DESCRIPTORS_LENGTH (TYPE_IPN + 2) 404 405 /* 406 * Indexed by type. The special type "0" can be used to get a 407 * descriptor for unknown types (with one binary rdata). 408 */ 409 static inline const nsd_type_descriptor_type *nsd_type_descriptor( 410 uint16_t rrtype); 411 412 const char *rrtype_to_string(uint16_t rrtype); 413 414 /* 415 * Lookup the type in the ztypes lookup table. If not found, check if 416 * the type uses the "TYPExxx" notation for unknown types. 417 * 418 * Return 0 if no type matches. 419 */ 420 uint16_t rrtype_from_string(const char *name); 421 422 const char *rrclass_to_string(uint16_t rrclass); 423 uint16_t rrclass_from_string(const char *name); 424 425 /* The type descriptors array of length RRTYPE_DESCRIPTORS_LENGTH. */ 426 extern const nsd_type_descriptor_type type_descriptors[]; 427 428 static inline const nsd_type_descriptor_type * 429 nsd_type_descriptor(uint16_t rrtype) 430 { 431 if (rrtype <= TYPE_IPN) 432 return &type_descriptors[rrtype]; 433 if (rrtype == TYPE_TA) 434 return &type_descriptors[TYPE_IPN + 1]; 435 if (rrtype == TYPE_DLV) 436 return &type_descriptors[TYPE_IPN + 2]; 437 return &type_descriptors[0]; 438 } 439 440 #endif /* DNS_H */ 441
Indexes created Tue Feb 24 08:35:24 UTC 2026