1 /* 2 * nsec3.h -- nsec3 handling. 3 * 4 * Copyright (c) 2001-2006, NLnet Labs. All rights reserved. 5 * 6 * See LICENSE for the license. 7 * 8 */ 9 #ifndef NSEC3_H 10 #define NSEC3_H 11 12 #ifdef NSEC3 13 struct udb_ptr; 14 struct domain; 15 struct dname; 16 struct region; 17 struct zone; 18 struct namedb; 19 struct query; 20 struct answer; 21 struct rr; 22 23 /* 24 * calculate prehash information for zone. 25 */ 26 void prehash_zone(struct namedb* db, struct zone* zone); 27 /* 28 * calculate prehash for zone, assumes no partial precompile or prehashlist 29 */ 30 void prehash_zone_complete(struct namedb* db, struct zone* zone); 31 32 /* 33 * finds nsec3 that covers the given domain hash. 34 * returns true if the find is exact. 35 */ 36 int nsec3_find_cover(struct zone* zone, uint8_t* hash, size_t hashlen, 37 struct domain** result); 38 39 /* 40 * _answer_ Routines used to add the correct nsec3 record to a query answer. 41 * cnames etc may have been followed, hence original name. 42 */ 43 /* 44 * add proof for wildcards that the name below the wildcard.parent 45 * does not exist 46 */ 47 void nsec3_answer_wildcard(struct query* query, struct answer* answer, 48 struct domain* wildcard, const struct dname* qname); 49 50 /* 51 * add NSEC3 to provide domain name but not rrset exists, 52 * this could be a query for a DS or NSEC3 type 53 */ 54 void nsec3_answer_nodata(struct query *query, struct answer *answer, 55 struct domain *original); 56 57 /* 58 * add NSEC3 for a delegation (optout stuff) 59 */ 60 void nsec3_answer_delegation(struct query *query, struct answer *answer); 61 62 /* 63 * add NSEC3 for authoritative answers. 64 * match==0 is an nxdomain. 65 */ 66 void nsec3_answer_authoritative(struct domain** match, struct query *query, 67 struct answer *answer, struct domain* closest_encloser, 68 const struct dname* qname); 69 70 /* 71 * True if domain is a NSEC3 (+RRSIG) data only variety. 72 * pass nonNULL zone to filter for particular zone. 73 */ 74 int domain_has_only_NSEC3(struct domain* domain, struct zone* zone); 75 76 /* get hashed bytes */ 77 void nsec3_hash_and_store(struct zone* zone, const struct dname* dname, 78 uint8_t* store); 79 /* see if NSEC3 record uses the params in use for the zone */ 80 int nsec3_rr_uses_params(struct rr* rr, struct zone* zone); 81 /* number of NSEC3s that are in the zone chain */ 82 int nsec3_in_chain_count(struct domain* domain, struct zone* zone); 83 /* find previous NSEC3, or, lastinzone, or, NULL */ 84 struct domain* nsec3_chain_find_prev(struct zone* zone, struct domain* domain); 85 /* clear nsec3 precompile for the zone */ 86 void nsec3_clear_precompile(struct namedb* db, struct zone* zone); 87 /* if domain is part of nsec3hashed domains of a zone */ 88 int nsec3_domain_part_of_zone(struct domain* d, struct zone* z); 89 /* condition when a domain is precompiled */ 90 int nsec3_condition_hash(struct domain* d, struct zone* z); 91 /* condition when a domain is ds precompiled */ 92 int nsec3_condition_dshash(struct domain* d, struct zone* z); 93 /* set nsec3param for this zone or NULL if no NSEC3 available */ 94 void nsec3_find_zone_param(struct namedb* db, struct zone* zone, 95 struct rr* avoid_rr, int checkchain); 96 /* hash domain and wcchild, and lookup nsec3 in tree, and precompile */ 97 void nsec3_precompile_domain(struct namedb* db, struct domain* domain, 98 struct zone* zone, struct region* tmpregion); 99 /* hash ds_parent_cover, and lookup nsec3 and precompile */ 100 void nsec3_precompile_domain_ds(struct namedb* db, struct domain* domain, 101 struct zone* zone); 102 /* put nsec3 into nsec3tree and adjust zonelast */ 103 void nsec3_precompile_nsec3rr(struct namedb* db, struct domain* domain, 104 struct zone* zone); 105 /* precompile entire zone, assumes all is null at start */ 106 void nsec3_precompile_newparam(struct namedb* db, struct zone* zone); 107 /* create b32.zone for a hash, allocated in the region */ 108 const struct dname* nsec3_b32_create(struct region* region, struct zone* zone, 109 unsigned char* hash); 110 /* create trees for nsec3 updates and lookups in zone */ 111 void nsec3_zone_trees_create(struct region* region, struct zone* zone); 112 /* lookup zone that contains domain's nsec3 trees */ 113 struct zone* nsec3_tree_zone(struct namedb* db, struct domain* domain); 114 /* lookup zone that contains domain's ds tree */ 115 struct zone* nsec3_tree_dszone(struct namedb* db, struct domain* domain); 116 117 #endif /* NSEC3 */ 118 #endif /* NSEC3_H*/ 119