1 /* 2 * Copyright (C) Internet Systems Consortium, Inc. ("ISC") 3 * 4 * SPDX-License-Identifier: MPL-2.0 5 * 6 * This Source Code Form is subject to the terms of the Mozilla Public 7 * License, v. 2.0. If a copy of the MPL was not distributed with this 8 * file, you can obtain one at https://mozilla.org/MPL/2.0/. 9 * 10 * See the COPYRIGHT file distributed with this work for additional 11 * information regarding copyright ownership. 12 */ 13 14 #pragma once 15 16 /*! \file dns/zoneverify.h */ 17 18 #include <stdbool.h> 19 20 #include <isc/types.h> 21 22 #include <dns/types.h> 23 24 ISC_LANG_BEGINDECLS 25 26 /*% 27 * Verify that certain things are sane: 28 * 29 * The apex has a DNSKEY record with at least one KSK, and at least 30 * one ZSK if the -x flag was not used. 31 * 32 * The DNSKEY record was signed with at least one of the KSKs in this 33 * set. 34 * 35 * The rest of the zone was signed with at least one of the ZSKs 36 * present in the DNSKEY RRSET. 37 * 38 * Mark all RRsets correctly signed by one of the keys in the DNSKEY RRset at 39 * zone apex as secure. 40 * 41 * If 'secroots' is not NULL, mark the DNSKEY RRset as secure if it is 42 * correctly signed by at least one key present in 'secroots'. 43 */ 44 isc_result_t 45 dns_zoneverify_dnssec(dns_zone_t *zone, dns_db_t *db, dns_dbversion_t *ver, 46 dns_name_t *origin, dns_keytable_t *secroots, 47 isc_mem_t *mctx, bool ignore_kskflag, bool keyset_kskonly, 48 void (*report)(const char *, ...)); 49 50 ISC_LANG_ENDDECLS 51