Class ldns_dnssec_zone

Class ldns_dnssec_zone

class ldns.ldns_dnssec_zone

LDNS buffer.

add_empty_nonterminals()

Adds explicit dnssec_name structures for the empty nonterminals in this zone.

(this is needed for NSEC3 generation)

Returns:(ldns_status)
add_rr(rr)

Adds the given RR to the zone.

It find whether there is a dnssec_name with that name present. If so, add it to that, if not create a new one. Special handling of NSEC and RRSIG provided.

Parameters:rr – The RR to add
Returns:(ldns_status) LDNS_STATUS_OK on success, an error code otherwise
create_nsec3s(new_rrs, algorithm, flags, iterations, salt_length, salt)

Adds NSEC3 records to the zone.

Parameters:
  • new_rrs
  • algorithm
  • flags
  • iterations
  • salt_length
  • salt
Returns:

(ldns_status)

create_nsecs(new_rrs)

Adds NSEC records to the given dnssec_zone.

Parameters:new_rrs – ldns_rr’s created by this function are added to this rr list, so the caller can free them later
Returns:(ldns_status) LDNS_STATUS_OK on success, an error code otherwise
create_rrsigs(new_rrs, key_list, func, arg)

Adds signatures to the zone.

Parameters:
  • new_rrs – the RRSIG RRs that are created are also added to this list, so the caller can free them later
  • key_list – list of keys to sign with.
  • func – Callback function to decide what keys to use and what to do with old signatures
  • arg – Optional argument for the callback function
Returns:

(ldns_status) LDNS_STATUS_OK on success, error otherwise

find_rrset(dname, atype)

Find the RRset with the given name and type in the zone.

Parameters:
  • dname – the domain name of the RRset to find
  • atype
Returns:

(ldns_dnssec_rrsets *) the RRset, or NULL if not present

print_to_file(file)

Prints the complete zone to the given file descriptor.

Parameters:file – file pointer
sign(new_rrs, key_list, cbtype=3)

signs the given zone with the given keys

Parameters:
  • new_rrs – newly created resource records are added to this list, to free them later
  • key_list – the list of keys to sign the zone with
  • cb_type

    specifies how to deal with old signatures, possible values:

    • 0 - ldns_dnssec_default_add_to_signatures,
    • 1 - ldns_dnssec_default_leave_signatures,
    • 2 - ldns_dnssec_default_delete_signatures,
    • 3 - ldns_dnssec_default_replace_signatures
Returns:

(ldns_status) LDNS_STATUS_OK on success, an error code otherwise

sign_cb(new_rrs, key_list, func, arg)

signs the given zone with the given keys (with callback function)

Parameters:
  • new_rrs – newly created resource records are added to this list, to free them later
  • key_list – the list of keys to sign the zone with
  • func

    callback function that decides what to do with old signatures. This function takes an ldns_rr and an optional arg argument, and returns one of four values:

    • LDNS_SIGNATURE_LEAVE_ADD_NEW - leave the signature and add a new one for the corresponding key
    • LDNS_SIGNATURE_REMOVE_ADD_NEW - remove the signature and replace is with a new one from the same key
    • LDNS_SIGNATURE_LEAVE_NO_ADD - leave the signature and do not add a new one with the corresponding key
    • LDNS_SIGNATURE_REMOVE_NO_ADD - remove the signature and do not replace
  • arg – optional argument for the callback function
Returns:

(ldns_status) LDNS_STATUS_OK on success, an error code otherwise

sign_nsec3(new_rrs, key_list, func, arg, algorithm, flags, iterations, salt_length, salt)

signs the given zone with the given new zone, with NSEC3

Parameters:
  • new_rrs – newly created resource records are added to this list, to free them later
  • key_list – the list of keys to sign the zone with
  • func – callback function that decides what to do with old signatures
  • arg – optional argument for the callback function
  • algorithm – the NSEC3 hashing algorithm to use
  • flags – NSEC3 flags
  • iterations – the number of NSEC3 hash iterations to use
  • salt_length – the length (in octets) of the NSEC3 salt
  • salt – the NSEC3 salt data
Returns:

(ldns_status) LDNS_STATUS_OK on success, an error code otherwise

Class ldns_dnssec_name

class ldns.ldns_dnssec_name

LDNS buffer.

add_rr(rr)

Inserts the given rr at the right place in the current dnssec_name No checking is done whether the name matches.

Parameters:rr – The RR to add
Returns:(ldns_status) LDNS_STATUS_OK on success, error code otherwise
find_rrset(atype)

Find the RRset with the given type in within this name structure.

Parameters:atype
Returns:(ldns_dnssec_rrsets *) the RRset, or NULL if not present
name()

Returns the domain name of the given dnssec_name structure.

Returns:(ldns_rdf *) the domain name
static new_frm_rr(raiseException=True)

Create a new instace of dnssec name for the given RR.

Returns:(ldns_dnssec_name) instance
print_to_file(file)

Prints the RRs in the dnssec name structure to the given file descriptor.

Parameters:file – file pointer
set_name(dname)

Sets the domain name of the given dnssec_name structure.

Parameters:dname – the domain name to set it to. This data is not copied.
set_nsec(nsec)

Sets the NSEC(3) RR of the given dnssec_name structure.

Parameters:nsec – the nsec rr to set it to. This data is not copied.

Class ldns_dnssec_rrsets

class ldns.ldns_dnssec_rrsets

LDNS buffer.

add_rr(rr)

Add an ldns_rr to the corresponding RRset in the given list of RRsets.

If it is not present, add it as a new RRset with 1 record.

Parameters:rr – the rr to add to the list of rrsets
Returns:(ldns_status) LDNS_STATUS_OK on success
print_to_file(file, follow)

Print the given list of rrsets to the given file descriptor.

Parameters:
  • file – file pointer
  • follow – if set to false, only print the first RRset
set_type(atype)

Sets the RR type of the rrset (that is head of the given list).

Parameters:atype
Returns:(ldns_status) LDNS_STATUS_OK on success
type()

Returns the rr type of the rrset (that is head of the given list).

Returns:(ldns_rr_type) the rr type

Class ldns_dnssec_rrs

class ldns.ldns_dnssec_rrs

LDNS buffer.

add_rr(rr)

Adds an RR to the list of RRs.

The list will remain ordered

Parameters:rr – the RR to add
Returns:(ldns_status) LDNS_STATUS_OK on success

Table Of Contents

Previous topic

Class ldns_buffer

Next topic

Various functions