Documentation
¶
Index ¶
Constants ¶
View Source
const (
DefaultRequireAllSignaturesValid = false
)
Variables ¶
View Source
var ( RootTrustAnchors = anchors.GetValid() // RequireAllSignaturesValid // If false (default), then one or more RRSIG per RRSET must be valid for the overall state to be valid. // If true, _all_ RRSIGs returned must be valid for the overall state to be valid. // // Note: // https://datatracker.ietf.org/doc/html/rfc4035#section-5.3.3 // If other RRSIG RRs also cover this RRset, the local resolver security // policy determines whether the resolver also has to test these RRSIG // RRs and how to resolve conflicts if these RRSIG RRs lead to differing // results. RequireAllSignaturesValid = DefaultRequireAllSignaturesValid )
View Source
var ( ErrNoParentDSRecords = errors.New("no DS records passed") ErrUnableToFetchDSRecord = errors.New("unable to fetch missing DS record") ErrKeysNotFound = errors.New("no dnskey records found for zone") ErrKeySigningKeysNotFound = errors.New("no dnskey records found that match the parent ds records") ErrAuthSignerNameMismatch = errors.New("auth signer name does match the zone's origin") ErrSignatureSetEmpty = errors.New("cannot verify an empty signature set") ErrUnableToVerify = errors.New("unable to verify signature") ErrVerifyFailed = errors.New("signature verification failed") ErrNoKeyFoundForSignature = errors.New("no key found for signature") ErrInvalidTime = errors.New("current time is outside of the msg validity period") ErrInvalidSignature = errors.New("msg signature is invalid") ErrInvalidLabelCount = errors.New("number of labels in the rrset owner name is less the value in the rrsig rr's labels field") ErrMultipleVaryingSignerNames = errors.New("rrsigs in the response contain multiple varying signer names") ErrNSRecordsHaveMismatchingOwners = errors.New("the ns records in the authority section do not have matching owners") ErrFailsafeResponse = errors.New("unable to determine if response is delegating, positive or negative. we fail-safe to bogus") ErrUnexpectedSignatureCount = errors.New("an unexpected number of rrsig records were found given the rrsets seen") ErrMultipleWildcardSignatures = errors.New("multiple wildcard signatures seen") ErrDSLookupLoop = errors.New("the maximum number of ds record lookups has been reached") ErrNotSubdomain = errors.New("domain is not a subdomain of another") ErrSameName = errors.New("domain names are the same") ErrUnknown = errors.New("unknown error: unable to process response") ErrSignerNameNotParentOfQName = errors.New("the signer name is not a parent of the qname") ErrNoResults = errors.New("no results have been processed") ErrBogusResultFound = errors.New("we've deemed the result bogus") ErrBogusDoeRecordsNotFound = errors.New("denial of existence records missing") ErrBogusWildcardDoeNotFound = errors.New("missing doe for qname when answer synthesised from a wildcard") ErrNotAllInputsProcessed = errors.New("not all inputs have been processed") ErrDuplicateInputForZone = errors.New("duplicate input for zone") )
Functions ¶
This section is empty.
Types ¶
type AuthenticationResult ¶
type AuthenticationResult uint8
const ( Unknown AuthenticationResult = iota Insecure Secure Bogus )
func (AuthenticationResult) Combine ¶
func (r AuthenticationResult) Combine(r2 AuthenticationResult) AuthenticationResult
Combine determines the overall AuthenticationResult when merging two authenticated results, such as when a result is based on multiple DNS requests (e.g., following a CNAME chain).
func (AuthenticationResult) String ¶
func (r AuthenticationResult) String() string
type Authenticator ¶
type Authenticator struct {
// contains filtered or unexported fields
}
func (*Authenticator) AddResponse ¶
func (a *Authenticator) AddResponse(zone Zone, msg *dns.Msg) error
AddResponse receives incoming responses that'll make up the authentication chain. We expect one response per zone in the chain. Responses can be passed in nay order and will be buffered, if needed, so they will be processed in the correct order.
func (*Authenticator) Result ¶
func (a *Authenticator) Result() (AuthenticationResult, DenialOfExistenceState, error)
type DenialOfExistenceState ¶
type DenialOfExistenceState uint8
const ( NotFound DenialOfExistenceState = iota NsecMissingDS NsecNoData NsecNxDomain NsecWildcard Nsec3MissingDS Nsec3NoData Nsec3NxDomain Nsec3OptOut Nsec3Wildcard )
func (DenialOfExistenceState) String ¶
func (d DenialOfExistenceState) String() string
type MissingDSRecordError ¶
type MissingDSRecordError struct {
// contains filtered or unexported fields
}
func (*MissingDSRecordError) Error ¶
func (e *MissingDSRecordError) Error() string
func (*MissingDSRecordError) RName ¶
func (e *MissingDSRecordError) RName() string
Source Files
¶
Click to show internal directories.
Click to hide internal directories.