summaryrefslogtreecommitdiff
path: root/usr.sbin/nsd/nsec3.h
blob: 36e9fbc53a8f641907ccf11c1176625678e26796 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
/*
 * nsec3.h -- nsec3 handling.
 *
 * Copyright (c) 2001-2011, NLnet Labs. All rights reserved.
 *
 * See LICENSE for the license.
 *
 */
#ifndef NSEC3_H
#define NSEC3_H

#include <config.h>
#ifdef NSEC3

struct domain;
struct dname;
struct region;
struct zone;
struct namedb;
struct query;
struct answer;
#ifndef FULL_PREHASH
struct rr;
struct nsec3_domain;
#endif

/*
 * Create the hashed name of the nsec3 record
 * for the given dname.
 */
const struct dname *nsec3_hash_dname(struct region *region,
	struct zone *zone, const struct dname *dname);

/*
 * calculate prehash information for all zones,
 * selects only updated=1 zones if bool set.
 */
void prehash(struct namedb* db, int updated_only);
#ifndef FULL_PREHASH
void prehash_zone(struct namedb *db, struct zone *zone);
void prehash_zone_incremental(struct namedb *db, struct zone *zone);
#endif

/*
 * finds nsec3 that covers the given domain dname.
 * returns true if the find is exact.
 * hashname is the already hashed dname for the NSEC3.
 */
#ifdef FULL_PREHASH
int nsec3_find_cover(struct namedb* db, struct zone* zone,
	const struct dname* hashname, struct domain** result);
#else
int nsec3_find_cover(struct namedb* ATTR_UNUSED(db), struct zone* zone,
	const struct dname* hashname, struct nsec3_domain** result);
#endif

/*
 * _answer_ Routines used to add the correct nsec3 record to a query answer.
 * cnames etc may have been followed, hence original name.
 */
/*
 * add proof for wildcards that the name below the wildcard.parent
 * does not exist
 */
void nsec3_answer_wildcard(struct query *query, struct answer *answer,
        struct domain *wildcard, struct namedb* db,
	const struct dname *qname);

/*
 * add NSEC3 to provide domain name but not rrset exists,
 * this could be a query for a DS or NSEC3 type
 */
void nsec3_answer_nodata(struct query *query, struct answer *answer,
	struct domain *original);

/*
 * add NSEC3 for a delegation (optout stuff)
 */
void nsec3_answer_delegation(struct query *query, struct answer *answer);

/*
 * add NSEC3 for authoritative answers.
 * match==0 is an nxdomain.
 */
void nsec3_answer_authoritative(struct domain** match, struct query *query,
	struct answer *answer, struct domain* closest_encloser,
	struct namedb* db, const struct dname* qname);

/*
 * True if domain is a NSEC3 (+RRSIG) data only variety.
 * pass nonNULL zone to filter for particular zone.
 */
int domain_has_only_NSEC3(struct domain* domain, struct zone* zone);

#endif /* NSEC3 */
#endif /* NSEC3_H*/