1 1.1 christos /* 2 1.1 christos * nsec3.h -- nsec3 handling. 3 1.1 christos * 4 1.1 christos * Copyright (c) 2001-2006, NLnet Labs. All rights reserved. 5 1.1 christos * 6 1.1 christos * See LICENSE for the license. 7 1.1 christos * 8 1.1 christos */ 9 1.1 christos #ifndef NSEC3_H 10 1.1 christos #define NSEC3_H 11 1.1 christos 12 1.1 christos #ifdef NSEC3 13 1.1 christos struct udb_ptr; 14 1.1 christos struct domain; 15 1.1 christos struct dname; 16 1.1 christos struct region; 17 1.1 christos struct zone; 18 1.1 christos struct namedb; 19 1.1 christos struct query; 20 1.1 christos struct answer; 21 1.1 christos struct rr; 22 1.1 christos 23 1.1 christos /* 24 1.1 christos * calculate prehash information for zone. 25 1.1 christos */ 26 1.1 christos void prehash_zone(struct namedb* db, struct zone* zone); 27 1.1 christos /* 28 1.1 christos * calculate prehash for zone, assumes no partial precompile or prehashlist 29 1.1 christos */ 30 1.1 christos void prehash_zone_complete(struct namedb* db, struct zone* zone); 31 1.1 christos 32 1.1 christos /* 33 1.1 christos * finds nsec3 that covers the given domain hash. 34 1.1 christos * returns true if the find is exact. 35 1.1 christos */ 36 1.1 christos int nsec3_find_cover(struct zone* zone, uint8_t* hash, size_t hashlen, 37 1.1 christos struct domain** result); 38 1.1 christos 39 1.1 christos /* 40 1.1 christos * _answer_ Routines used to add the correct nsec3 record to a query answer. 41 1.1 christos * cnames etc may have been followed, hence original name. 42 1.1 christos */ 43 1.1 christos /* 44 1.1 christos * add proof for wildcards that the name below the wildcard.parent 45 1.1 christos * does not exist 46 1.1 christos */ 47 1.1 christos void nsec3_answer_wildcard(struct query* query, struct answer* answer, 48 1.1 christos struct domain* wildcard, const struct dname* qname); 49 1.1 christos 50 1.1 christos /* 51 1.1 christos * add NSEC3 to provide domain name but not rrset exists, 52 1.1 christos * this could be a query for a DS or NSEC3 type 53 1.1 christos */ 54 1.1 christos void nsec3_answer_nodata(struct query *query, struct answer *answer, 55 1.1 christos struct domain *original); 56 1.1 christos 57 1.1 christos /* 58 1.1 christos * add NSEC3 for a delegation (optout stuff) 59 1.1 christos */ 60 1.1 christos void nsec3_answer_delegation(struct query *query, struct answer *answer); 61 1.1 christos 62 1.1 christos /* 63 1.1 christos * add NSEC3 for authoritative answers. 64 1.1 christos * match==0 is an nxdomain. 65 1.1 christos */ 66 1.1 christos void nsec3_answer_authoritative(struct domain** match, struct query *query, 67 1.1 christos struct answer *answer, struct domain* closest_encloser, 68 1.1 christos const struct dname* qname); 69 1.1 christos 70 1.1 christos /* 71 1.1 christos * True if domain is a NSEC3 (+RRSIG) data only variety. 72 1.1 christos * pass nonNULL zone to filter for particular zone. 73 1.1 christos */ 74 1.1 christos int domain_has_only_NSEC3(struct domain* domain, struct zone* zone); 75 1.1 christos 76 1.1 christos /* get hashed bytes */ 77 1.1 christos void nsec3_hash_and_store(struct zone* zone, const struct dname* dname, 78 1.1 christos uint8_t* store); 79 1.1 christos /* see if NSEC3 record uses the params in use for the zone */ 80 1.1 christos int nsec3_rr_uses_params(struct rr* rr, struct zone* zone); 81 1.1 christos /* number of NSEC3s that are in the zone chain */ 82 1.1 christos int nsec3_in_chain_count(struct domain* domain, struct zone* zone); 83 1.1 christos /* find previous NSEC3, or, lastinzone, or, NULL */ 84 1.1 christos struct domain* nsec3_chain_find_prev(struct zone* zone, struct domain* domain); 85 1.1 christos /* clear nsec3 precompile for the zone */ 86 1.1 christos void nsec3_clear_precompile(struct namedb* db, struct zone* zone); 87 1.1 christos /* if domain is part of nsec3hashed domains of a zone */ 88 1.1 christos int nsec3_domain_part_of_zone(struct domain* d, struct zone* z); 89 1.1 christos /* condition when a domain is precompiled */ 90 1.1 christos int nsec3_condition_hash(struct domain* d, struct zone* z); 91 1.1 christos /* condition when a domain is ds precompiled */ 92 1.1 christos int nsec3_condition_dshash(struct domain* d, struct zone* z); 93 1.1 christos /* set nsec3param for this zone or NULL if no NSEC3 available */ 94 1.1 christos void nsec3_find_zone_param(struct namedb* db, struct zone* zone, 95 1.1.1.4 christos struct rr* avoid_rr, int checkchain); 96 1.1 christos /* hash domain and wcchild, and lookup nsec3 in tree, and precompile */ 97 1.1 christos void nsec3_precompile_domain(struct namedb* db, struct domain* domain, 98 1.1 christos struct zone* zone, struct region* tmpregion); 99 1.1 christos /* hash ds_parent_cover, and lookup nsec3 and precompile */ 100 1.1 christos void nsec3_precompile_domain_ds(struct namedb* db, struct domain* domain, 101 1.1 christos struct zone* zone); 102 1.1 christos /* put nsec3 into nsec3tree and adjust zonelast */ 103 1.1 christos void nsec3_precompile_nsec3rr(struct namedb* db, struct domain* domain, 104 1.1 christos struct zone* zone); 105 1.1 christos /* precompile entire zone, assumes all is null at start */ 106 1.1 christos void nsec3_precompile_newparam(struct namedb* db, struct zone* zone); 107 1.1 christos /* create b32.zone for a hash, allocated in the region */ 108 1.1 christos const struct dname* nsec3_b32_create(struct region* region, struct zone* zone, 109 1.1 christos unsigned char* hash); 110 1.1 christos /* create trees for nsec3 updates and lookups in zone */ 111 1.1 christos void nsec3_zone_trees_create(struct region* region, struct zone* zone); 112 1.1 christos /* lookup zone that contains domain's nsec3 trees */ 113 1.1 christos struct zone* nsec3_tree_zone(struct namedb* db, struct domain* domain); 114 1.1 christos /* lookup zone that contains domain's ds tree */ 115 1.1 christos struct zone* nsec3_tree_dszone(struct namedb* db, struct domain* domain); 116 1.1 christos 117 1.1 christos #endif /* NSEC3 */ 118 1.1 christos #endif /* NSEC3_H*/ 119
Indexes created Wed Apr 29 00:23:26 UTC 2026