1 /*------------------------------------------------------------------------------ 2 * 3 * Copyright (c) 2011-2021, EURid vzw. All rights reserved. 4 * The YADIFA TM software product is provided under the BSD 3-clause license: 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 10 * * Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * * Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * * Neither the name of EURid nor the names of its contributors may be 16 * used to endorse or promote products derived from this software 17 * without specific prior written permission. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 20 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 22 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE 23 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 24 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 25 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 26 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 27 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 28 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 29 * POSSIBILITY OF SUCH DAMAGE. 30 * 31 *------------------------------------------------------------------------------ 32 * 33 */ 34 35 /** @defgroup zone Functions used to manipulate a zone 36 * @ingroup dnsdb 37 * @brief Functions used to manipulate a zone 38 * 39 * Functions used to manipulate a zone 40 * 41 * @{ 42 */ 43 44 #ifndef _ZDB_SANITIZE_H 45 #define _ZDB_SANITIZE_H 46 47 #include <dnsdb/zdb_zone.h> 48 49 #ifdef __cplusplus 50 extern "C" 51 { 52 #endif 53 54 #define SANITY_ERROR_BASE 0x800b0000 55 56 #define SANITY_UNEXPECTEDSOA 1 // multiple SOA at apex, or SOA(s) oustide of APEX 57 #define SANITY_MUSTDROPZONE 2 58 #define SANITY_CNAMENOTALONE 4 // other records along CNAME (only NSEC & RRSIG accepted) of course CNAME is forbidden at APEX 59 #define SANITY_UNEXPECTEDCNAME 8 // CNAME at apex 60 #define SANITY_EXPECTEDNS 16 // no NS at apex or DS found without NS 61 #define SANITY_UNEXPECTEDDS 32 // DS found at APEX 62 #define SANITY_TRASHATDELEGATION 64 63 #define SANITY_TRASHUNDERDELEGATION 128 64 #define SANITY_RRSIGTTLDOESNTMATCH 256 // RRSIG original TTL does not match RRSET 65 #define SANITY_RRSIGWITHOUTKEYS 512 66 #define SANITY_RRSIGWITHOUTSET 1024 // RRSIG covers a record set that's not present in the label 67 #define SANITY_RRSIGOVERRRSIG 2048 // RRSIG covers the RRSIG record set (nonsense) 68 #define SANITY_RRSIGUNDERDELETATION 4096 // RRSIG under a delegation 69 #define SANITY_RRSIGBYKSKOVERNONKEY 8192 // RRSIG by a KSK over a type that's not a DNSKEY 70 #define SANITY_RRSIGBYKSKNOTINAPEX 16384 // RRSIG by a KSK should only appear in APEX (and over a DNSKEY) 71 #define SANITY_LABEL_DELETED 32768 72 73 struct zdb_zone_load_parms; 74 75 struct zdb_sanitize_parms 76 { 77 zdb_zone *zone; 78 #if ZDB_HAS_DNSSEC_SUPPORT 79 u32_set dnskey_set; 80 #endif 81 struct zdb_zone_load_parms *load_parms; 82 u64 types_mask; 83 u32 domains; 84 #if ZDB_HAS_DNSSEC_SUPPORT 85 u32 nsec_extraneous_rrsig; 86 u32 nsec3in_extraneous_rrsig; 87 u32 nsec3out_extraneous_rrsig; 88 89 u32 nsec_missing_rrsig; 90 u32 nsec3in_missing_rrsig; 91 u32 nsec3out_missing_rrsig; 92 93 bool has_bogus_rrsig; 94 #endif 95 }; 96 97 typedef struct zdb_sanitize_parms zdb_sanitize_parms; 98 99 ya_result zdb_sanitize_rr_set(zdb_zone *zone, zdb_rr_label *label); 100 101 ya_result zdb_sanitize_rr_label(zdb_zone *zone, zdb_rr_label *label, dnsname_stack *name); 102 103 ya_result zdb_sanitize_rr_label_with_parent(zdb_zone *zone, zdb_rr_label *label, dnsname_stack *name); 104 105 ya_result zdb_sanitize_zone_ex(zdb_zone *zone, struct zdb_zone_load_parms *load_parms); 106 107 ya_result zdb_sanitize_zone(zdb_zone *zone); 108 109 void zdb_sanitize_parms_finalize(zdb_sanitize_parms *parms); 110 111 /** 112 * @param load_parms 113 * @param dnssec_modes ZDB_ZONE_NOSEC ZDB_ZONE_NSEC ZDB_ZONE_NSEC3 ZDB_ZONE_NSEC3_OPTOUT 114 */ 115 116 bool zdb_sanitize_is_good(struct zdb_zone_load_parms *load_parms, u8 dnssec_mode); 117 118 ya_result zdb_sanitize_zone_rrset_flags(zdb_zone *zone); 119 120 #ifdef __cplusplus 121 } 122 #endif 123 124 #endif /* _ZDB_ZONE_H */ 125 126 /** @} */ 127