1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
|
/*
* nsec3.h -- nsec3 handling.
*
* Copyright (c) 2001-2011, NLnet Labs. All rights reserved.
*
* See LICENSE for the license.
*
*/
#ifndef NSEC3_H
#define NSEC3_H
#include <config.h>
#ifdef NSEC3
struct domain;
struct dname;
struct region;
struct zone;
struct namedb;
struct query;
struct answer;
#ifndef FULL_PREHASH
struct rr;
struct nsec3_domain;
#endif
/*
* Create the hashed name of the nsec3 record
* for the given dname.
*/
const struct dname *nsec3_hash_dname(struct region *region,
struct zone *zone, const struct dname *dname);
/*
* calculate prehash information for all zones,
* selects only updated=1 zones if bool set.
*/
void prehash(struct namedb* db, int updated_only);
#ifndef FULL_PREHASH
void prehash_zone(struct namedb *db, struct zone *zone);
void prehash_zone_incremental(struct namedb *db, struct zone *zone);
#endif
/*
* finds nsec3 that covers the given domain dname.
* returns true if the find is exact.
* hashname is the already hashed dname for the NSEC3.
*/
#ifdef FULL_PREHASH
int nsec3_find_cover(struct namedb* db, struct zone* zone,
const struct dname* hashname, struct domain** result);
#else
int nsec3_find_cover(struct namedb* ATTR_UNUSED(db), struct zone* zone,
const struct dname* hashname, struct nsec3_domain** result);
#endif
/*
* _answer_ Routines used to add the correct nsec3 record to a query answer.
* cnames etc may have been followed, hence original name.
*/
/*
* add proof for wildcards that the name below the wildcard.parent
* does not exist
*/
void nsec3_answer_wildcard(struct query *query, struct answer *answer,
struct domain *wildcard, struct namedb* db,
const struct dname *qname);
/*
* add NSEC3 to provide domain name but not rrset exists,
* this could be a query for a DS or NSEC3 type
*/
void nsec3_answer_nodata(struct query *query, struct answer *answer,
struct domain *original);
/*
* add NSEC3 for a delegation (optout stuff)
*/
void nsec3_answer_delegation(struct query *query, struct answer *answer);
/*
* add NSEC3 for authoritative answers.
* match==0 is an nxdomain.
*/
void nsec3_answer_authoritative(struct domain** match, struct query *query,
struct answer *answer, struct domain* closest_encloser,
struct namedb* db, const struct dname* qname);
/*
* True if domain is a NSEC3 (+RRSIG) data only variety.
* pass nonNULL zone to filter for particular zone.
*/
int domain_has_only_NSEC3(struct domain* domain, struct zone* zone);
#endif /* NSEC3 */
#endif /* NSEC3_H*/
|