24 #include <openssl/conf.h>
25 #ifndef OPENSSL_NO_ENGINE
26 #include <openssl/engine.h>
28 #include <openssl/err.h>
30 #define MAX_FILENAME_LEN 250
36 usage(FILE *fp,
const char *
prog) {
37 fprintf(fp,
"%s [OPTIONS] zonefile key [key [key]]\n",
prog);
38 fprintf(fp,
" signs the zone with the given key(s)\n");
39 fprintf(fp,
" -b\t\tuse layout in signed zone and print comments DNSSEC records\n");
40 fprintf(fp,
" -d\t\tused keys are not added to the zone\n");
41 fprintf(fp,
" -e <date>\texpiration date\n");
42 fprintf(fp,
" -f <file>\toutput zone to file (default <name>.signed)\n");
43 fprintf(fp,
" -i <date>\tinception date\n");
44 fprintf(fp,
" -o <domain>\torigin for the zone\n");
45 fprintf(fp,
" -u\t\tset SOA serial to the number of seconds since 1-1-1970\n");
46 fprintf(fp,
" -v\t\tprint version and exit\n");
47 fprintf(fp,
" -z <[scheme:]hash>\tAdd ZONEMD resource record\n");
48 fprintf(fp,
"\t\t<scheme> should be \"simple\" (or 1)\n");
49 fprintf(fp,
"\t\t<hash> should be \"sha384\" or \"sha512\" (or 1 or 2)\n");
50 fprintf(fp,
"\t\tthis option can be given more than once\n");
51 fprintf(fp,
" -Z\t\tAllow ZONEMDs to be added without signing\n");
52 fprintf(fp,
" -A\t\tsign DNSKEY with all keys instead of minimal\n");
53 fprintf(fp,
" -U\t\tSign with every unique algorithm in the provided keys\n");
54 #ifndef OPENSSL_NO_ENGINE
55 fprintf(fp,
" -E <name>\tuse <name> as the crypto engine for signing\n");
56 fprintf(fp,
" \tThis can have a lot of extra options, see the manual page for more info\n");
57 fprintf(fp,
" -k <algorithm>,<key>\tuse `key' with `algorithm' from engine as ZSK\n");
58 fprintf(fp,
" -K <algorithm>,<key>\tuse `key' with `algorithm' from engine as KSK\n");
60 fprintf(fp,
" -n\t\tuse NSEC3 instead of NSEC.\n");
61 fprintf(fp,
"\t\tIf you use NSEC3, you can specify the following extra options:\n");
62 fprintf(fp,
"\t\t-a [algorithm] hashing algorithm\n");
63 fprintf(fp,
"\t\t-t [number] number of hash iterations\n");
64 fprintf(fp,
"\t\t-s [string] salt\n");
65 fprintf(fp,
"\t\t-p set the opt-out flag on all nsec3 rrs\n");
67 fprintf(fp,
" keys must be specified by their base name (usually K<name>+<alg>+<id>),\n");
68 fprintf(fp,
" i.e. WITHOUT the .private extension.\n");
69 fprintf(fp,
" If the public part of the key is not present in the zone, the DNSKEY RR\n");
70 fprintf(fp,
" will be read from the file called <base name>.key. If that does not exist,\n");
71 fprintf(fp,
" a default DNSKEY will be generated from the private key and added to the zone.\n");
72 fprintf(fp,
" A date can be a timestamp (seconds since the epoch), or of\n the form <YYYYMMdd[hhmmss]>\n");
73 #ifndef OPENSSL_NO_ENGINE
74 fprintf(fp,
" For -k or -K, the algorithm can be specified as an integer or a symbolic name:" );
76 #define __LIST(x) fprintf ( fp, " %3d: %-15s", LDNS_SIGN_ ## x, # x )
78 fprintf ( fp,
"\n " );
84 fprintf ( fp,
"\n " );
90 fprintf ( fp,
"\n " );
93 __LIST ( ECDSAP256SHA256 );
94 fprintf ( fp,
"\n " );
95 __LIST ( ECDSAP384SHA384 );
104 fprintf ( fp,
"\n" );
110 static void check_tm(
struct tm tm)
112 if (tm.tm_year < 70) {
113 fprintf(stderr,
"You cannot specify dates before 1970\n");
116 if (tm.tm_mon < 0 || tm.tm_mon > 11) {
117 fprintf(stderr,
"The month must be in the range 1 to 12\n");
120 if (tm.tm_mday < 1 || tm.tm_mday > 31) {
121 fprintf(stderr,
"The day must be in the range 1 to 31\n");
125 if (tm.tm_hour < 0 || tm.tm_hour > 23) {
126 fprintf(stderr,
"The hour must be in the range 0-23\n");
130 if (tm.tm_min < 0 || tm.tm_min > 59) {
131 fprintf(stderr,
"The minute must be in the range 0-59\n");
135 if (tm.tm_sec < 0 || tm.tm_sec > 59) {
136 fprintf(stderr,
"The second must be in the range 0-59\n");
158 if (ttl1 == default_ttl) {
160 }
else if (ttl2 == default_ttl) {
165 "warning: changing non-default TTL %u to %u\n",
166 (
unsigned int) ttl2, (
unsigned int) ttl1);
180 equalize_ttls(cur_rr, rr, default_ttl);
204 fprintf(stderr,
"Found it in the zone!\n");
219 uint32_t default_ttl = zone_ttl;
223 strlen(keyfile_name_base) + 5);
224 snprintf(keyfile_name,
225 strlen(keyfile_name_base) + 5,
229 fprintf(stderr,
"Trying to read %s\n", keyfile_name);
231 keyfile = fopen(keyfile_name,
"r");
242 printf(
"Key found in file: %s\n", keyfile_name);
261 find_or_create_pubkey(
const char *keyfile_name_base,
ldns_key *key,
ldns_zone *orig_zone,
bool add_keys, uint32_t default_ttl) {
291 "Looking for key with keytag %u or %u\n",
297 pubkey = find_key_in_zone(pubkey_gen, orig_zone);
302 pubkey = find_key_in_file(keyfile_name_base, key, default_ttl);
306 pubkey = find_key_in_file(keyfile_name_base, key, default_ttl);
313 fprintf(stderr,
"Error %s.key has wrong name: %s\n",
324 fprintf(stderr,
"Not in zone, no .key file, generating ZSK DNSKEY from private key data\n");
332 if (add_keys && !key_in_zone) {
333 equalize_ttls_rr_list(
ldns_zone_rrs(orig_zone), pubkey, default_ttl);
338 #ifndef OPENSSL_NO_ENGINE
343 parse_algspec (
const char *
const p )
348 if ( isdigit ( (
const unsigned char)*p ) ) {
349 const char *nptr = NULL;
350 const long id = strtol ( p, (
char **) &nptr, 10 );
351 return id > 0 && nptr != NULL && *nptr ==
',' ? id : 0;
355 if ( !memcmp ( # x, p, sizeof ( # x ) - 1 ) \
356 && p [ sizeof ( # x ) - 1 ] == ',' ) { \
357 return LDNS_SIGN_ ## x; \
397 parse_keyspec (
const char *
const p,
399 const char **
const id )
401 const char *
const comma = strchr ( p,
',' );
403 if ( comma == NULL || !(*algorithm = parse_algspec ( p )) )
405 return comma [ 1 ] ? *
id = comma + 1 : NULL;
412 load_key (
const char *
const p, ENGINE *
const e )
415 const char *
id = NULL;
420 if ( parse_keyspec ( p, &alg, &
id ) == NULL ) {
422 "Failed to parse key specification `%s'.\n",
424 usage ( stderr,
prog );
425 exit ( EXIT_FAILURE );
447 "Algorithm %d cannot be used for signing.\n",
449 usage ( stderr,
prog );
450 exit ( EXIT_FAILURE );
453 printf (
"Engine key id: %s, algo %d\n",
id, alg );
459 ERR_print_errors_fp ( stderr );
460 exit ( EXIT_FAILURE );
476 const uint32_t inception,
477 const uint32_t expiration )
479 if ( key == NULL )
return;
486 find_or_create_pubkey (
"", key, zone, add_keys, ttl );
493 init_openssl_engine (
const char *
const id )
497 #ifdef HAVE_ERR_LOAD_CRYPTO_STRINGS
498 ERR_load_crypto_strings();
500 #if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(HAVE_LIBRESSL) || !defined(HAVE_OPENSSL_INIT_CRYPTO)
501 OpenSSL_add_all_algorithms();
503 if ( !OPENSSL_init_crypto ( OPENSSL_INIT_LOAD_CONFIG, NULL ) ) {
504 fprintf ( stderr,
"OPENSSL_init_crypto(3) failed.\n" );
505 ERR_print_errors_fp ( stderr );
506 exit ( EXIT_FAILURE );
510 if ( (e = ENGINE_by_id (
id )) == NULL ) {
511 fprintf ( stderr,
"ENGINE_by_id(3) failed.\n" );
512 ERR_print_errors_fp ( stderr );
513 exit ( EXIT_FAILURE );
516 if ( !ENGINE_set_default_DSA ( e ) ) {
517 fprintf ( stderr,
"ENGINE_set_default_DSA(3) failed.\n" );
518 ERR_print_errors_fp ( stderr );
519 exit ( EXIT_FAILURE );
522 if ( !ENGINE_set_default_RSA ( e ) ) {
523 fprintf ( stderr,
"ENGINE_set_default_RSA(3) failed.\n" );
524 ERR_print_errors_fp ( stderr );
525 exit ( EXIT_FAILURE );
541 shutdown_openssl ( ENGINE *
const e )
544 #ifdef HAVE_ENGINE_FREE
547 #ifdef HAVE_ENGINE_CLEANUP
552 #ifdef HAVE_CONF_MODULES_UNLOAD
553 CONF_modules_unload ( 1 );
555 #ifdef HAVE_EVP_CLEANUP
558 #ifdef HAVE_CRYPTO_CLEANUP_ALL_EX_DATA
559 CRYPTO_cleanup_all_ex_data ();
561 #ifdef HAVE_ERR_FREE_STRINGS
571 static const char *reasons[] = {
572 "Unknown <scheme>, should be \"simple\""
573 ,
"Syntax error in <hash>, should be \"sha384\" or \"sha512\""
574 ,
"Unknown <hash>, should be \"sha384\" or \"sha512\""
580 if ((colon = strchr(str,
':'))) {
581 if ((colon - str != 1 || str[0] !=
'1')
582 && (colon - str != 6 || strncasecmp(str,
"simple", 6))) {
583 if (reason) *reason = reasons[0];
587 if (strchr(colon + 1,
':')) {
588 if (reason) *reason = reasons[1];
593 if (!strcasecmp(str,
"1") || !strcasecmp(str,
"sha384"))
595 if (!strcasecmp(str,
"2") || !strcasecmp(str,
"sha512"))
598 if (reason) *reason = reasons[2];
605 const char *zonefile_name;
606 FILE *zonefile = NULL;
610 #ifndef OPENSSL_NO_ENGINE
611 ENGINE *engine = NULL;
618 char *keyfile_name_base;
619 char *keyfile_name = NULL;
620 FILE *keyfile = NULL;
622 #ifndef OPENSSL_NO_ENGINE
631 char *outputfile_name = NULL;
634 bool use_nsec3 =
false;
636 bool unixtime_serial =
false;
639 bool add_keys =
true;
640 uint8_t nsec3_algorithm = 1;
641 uint8_t nsec3_flags = 0;
642 size_t nsec3_iterations_cmd = 1;
643 uint16_t nsec3_iterations = 1;
644 uint8_t nsec3_salt_length = 0;
645 uint8_t *nsec3_salt = NULL;
664 const char *reason = NULL;
666 prog = strdup(argv[0]);
672 while ((c = getopt(argc, argv,
"a:bde:f:i:k:no:ps:t:uvz:ZAUE:K:")) != -1) {
675 nsec3_algorithm = (uint8_t) atoi(optarg);
676 if (nsec3_algorithm != 1) {
677 fprintf(stderr,
"Bad NSEC3 algorithm, only RSASHA1 allowed\n");
695 memset(&tm, 0,
sizeof(tm));
697 if (strlen(optarg) == 8 &&
698 sscanf(optarg,
"%4d%2d%2d", &tm.tm_year, &tm.tm_mon, &tm.tm_mday)
705 }
else if (strlen(optarg) == 14 &&
706 sscanf(optarg,
"%4d%2d%2d%2d%2d%2d", &tm.tm_year, &tm.tm_mon, &tm.tm_mday, &tm.tm_hour, &tm.tm_min, &tm.tm_sec)
714 expiration = (uint32_t) atol(optarg);
722 memset(&tm, 0,
sizeof(tm));
724 if (strlen(optarg) == 8 &&
725 sscanf(optarg,
"%4d%2d%2d", &tm.tm_year, &tm.tm_mon, &tm.tm_mday)
732 }
else if (strlen(optarg) == 14 &&
733 sscanf(optarg,
"%4d%2d%2d%2d%2d%2d", &tm.tm_year, &tm.tm_mon, &tm.tm_mday, &tm.tm_hour, &tm.tm_min, &tm.tm_sec)
741 inception = (uint32_t) atol(optarg);
749 fprintf(stderr,
"Bad origin, not a correct domain name\n");
758 unixtime_serial =
true;
770 ,
"%s\nwith zone digest parameters:"
783 #ifndef OPENSSL_NO_ENGINE
784 engine = init_openssl_engine ( optarg );
790 #ifndef OPENSSL_NO_ENGINE
791 eng_zsk = load_key ( optarg, engine );
797 #ifndef OPENSSL_NO_ENGINE
798 eng_ksk = load_key ( optarg, engine );
802 fprintf(stderr,
"%s compiled without engine support\n"
811 if (strlen(optarg) % 2 != 0) {
812 fprintf(stderr,
"Salt value is not valid hex data, not a multiple of 2 characters\n");
815 nsec3_salt_length = (uint8_t) strlen(optarg) / 2;
817 for (c = 0; c < (int) strlen(optarg); c += 2) {
818 if (isxdigit((
int) optarg[c]) && isxdigit((
int) optarg[c+1])) {
822 fprintf(stderr,
"Salt value is not valid hex data.\n");
829 nsec3_iterations_cmd = (size_t) atol(optarg);
834 nsec3_iterations = (uint16_t) nsec3_iterations_cmd;
846 printf(
"Error: not enough arguments\n");
850 zonefile_name = argv[0];
855 if (strncmp(zonefile_name,
"-", 2) == 0) {
863 fprintf(stderr,
"Zone not read, error: %s at stdin line %d\n",
871 "Error reading zonefile: missing SOA record\n");
877 "Error reading zonefile: no resource records\n");
882 zonefile = fopen(zonefile_name,
"r");
886 "Error: unable to read %s (%s)\n",
898 fprintf(stderr,
"Zone not read, error: %s at %s line %d\n",
900 zonefile_name, line_nr);
906 "Error reading zonefile: missing SOA record\n");
912 "Error reading zonefile: no resource records\n");
922 while (argi < argc) {
923 keyfile_name_base = argv[argi];
924 keyfile_name =
LDNS_XMALLOC(
char, strlen(keyfile_name_base) + 9);
925 snprintf(keyfile_name,
926 strlen(keyfile_name_base) + 9,
929 keyfile = fopen(keyfile_name,
"r");
933 "Error: unable to read %s: %s\n",
943 if (expiration != 0) {
946 if (inception != 0) {
954 fprintf(stderr,
"Error reading key from %s at line %d: %s\n", argv[argi], line_nr,
ldns_get_errorstr_by_id(s));
959 find_or_create_pubkey(keyfile_name_base, key,
960 orig_zone, add_keys, ttl);
965 #ifndef OPENSSL_NO_ENGINE
976 post_process_engine_key ( keys,
985 post_process_engine_key ( keys,
996 fprintf(stderr,
"Error: no keys to sign with. Aborting.\n\n");
1002 if (unixtime_serial) {
1009 "Error adding SOA to dnssec zone, skipping record\n");
1020 "Error adding RR to dnssec zone");
1021 fprintf(stderr,
", skipping record:\n");
1033 else if (nsec3_iterations > 500)
1034 fprintf(stderr,
"Warning! NSEC3 iterations larger than "
1035 "500 may cause validating resolvers to return "
1037 "See: https://datatracker.ietf.org/doc/html/"
1038 "draft-hardaker-dnsop-nsec3-guidance-03#section-4\n");
1040 else if (nsec3_iterations > 100)
1041 fprintf(stderr,
"Warning! NSEC3 iterations larger than "
1042 "100 may cause validating resolvers to return "
1043 "insecure responses!\n"
1044 "See: https://datatracker.ietf.org/doc/html/"
1045 "draft-hardaker-dnsop-nsec3-guidance-03#section-4\n");
1068 fprintf(stderr,
"Error signing zone: %s\n",
1072 if (!outputfile_name) {
1078 if (strncmp(outputfile_name,
"-", 2) == 0) {
1081 outputfile = fopen(outputfile_name,
"w");
1083 fprintf(stderr,
"Unable to open %s for writing: %s\n",
1084 outputfile_name, strerror(errno));
1087 outputfile, fmt, signed_zone);
1092 fprintf(stderr,
"Error signing zone.\n");
1095 if (ERR_peek_error()) {
1096 #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(HAVE_LIBRESSL)
1097 #ifdef HAVE_ERR_LOAD_CRYPTO_STRINGS
1098 ERR_load_crypto_strings();
1101 ERR_print_errors_fp(stderr);
1102 #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(HAVE_LIBRESSL)
1103 #ifdef HAVE_ERR_FREE_STRINGS
1104 ERR_free_strings ();
1124 #ifndef OPENSSL_NO_ENGINE
1125 shutdown_openssl ( engine );
1127 #if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(HAVE_LIBRESSL)
1128 #ifdef HAVE_CRYPTO_CLEANUP_ALL_EX_DATA
1129 CRYPTO_cleanup_all_ex_data ();
1140 main(
int argc __attribute__((unused)),
1141 char **argv __attribute__((unused)))
1143 fprintf(stderr,
"ldns-signzone needs OpenSSL support, which has not been compiled in\n");
int ldns_dname_compare(const ldns_rdf *dname1, const ldns_rdf *dname2)
Compares the two dname rdf's according to the algorithm for ordering in RFC4034 Section 6.
int ldns_dnssec_default_replace_signatures(ldns_rr *sig __attribute__((unused)), void *n __attribute__((unused)))
uint16_t ldns_calc_keytag(const ldns_rr *key)
calculates a keytag of a key for use in DNSSEC.
#define LDNS_NSEC3_MAX_ITERATIONS
ldns_status ldns_dnssec_zone_sign_nsec3_flg_mkmap(ldns_dnssec_zone *zone, ldns_rr_list *new_rrs, ldns_key_list *key_list, int(*func)(ldns_rr *, void *), void *arg, uint8_t algorithm, uint8_t flags, uint16_t iterations, uint8_t salt_length, uint8_t *salt, int signflags, ldns_rbtree_t **map)
signs the given zone with the given new zone, with NSEC3
ldns_status ldns_dnssec_zone_sign_flg(ldns_dnssec_zone *zone, ldns_rr_list *new_rrs, ldns_key_list *key_list, int(*func)(ldns_rr *, void *), void *arg, int flags)
signs the given zone with the given keys
#define LDNS_SIGN_WITH_ZONEMD_SIMPLE_SHA384
#define LDNS_SIGN_DNSKEY_WITH_ZSK
dnssec_verify
#define LDNS_SIGN_WITH_ZONEMD_SIMPLE_SHA512
#define LDNS_SIGN_WITH_ALL_ALGORITHMS
#define LDNS_SIGN_NO_KEYS_NO_NSECS
void ldns_dnssec_zone_print_fmt(FILE *out, const ldns_output_format *fmt, const ldns_dnssec_zone *zone)
Prints the complete zone to the given file descriptor.
void ldns_dnssec_zone_print(FILE *out, const ldns_dnssec_zone *zone)
Prints the complete zone to the given file descriptor.
ldns_status ldns_dnssec_zone_add_rr(ldns_dnssec_zone *zone, ldns_rr *rr)
Adds the given RR to the zone.
void ldns_dnssec_zone_free(ldns_dnssec_zone *zone)
Frees the given zone structure, and its rbtree of dnssec_names Individual ldns_rr RRs within those na...
ldns_dnssec_zone * ldns_dnssec_zone_new(void)
Creates a new dnssec_zone structure.
const char * ldns_get_errorstr_by_id(ldns_status err)
look up a descriptive text by each error.
enum ldns_enum_status ldns_status
void ldns_rr_print(FILE *output, const ldns_rr *rr)
Prints the data in the resource record to the given file stream (in presentation format)
char * ldns_rdf2str(const ldns_rdf *rdf)
Converts the data in the rdata field to presentation format and returns that as a char *.
#define LDNS_COMMENT_BUBBLEBABBLE
Provide bubblebabble representation for DS RR's as comment.
#define LDNS_COMMENT_FLAGS
Show when a NSEC3 RR has the optout flag set as comment.
#define LDNS_COMMENT_NSEC3_CHAIN
Show the unhashed owner and next owner names for NSEC3 RR's as comment.
#define LDNS_COMMENT_LAYOUT
Print mark up.
ldns_status ldns_key_new_frm_fp_l(ldns_key **key, FILE *fp, int *line_nr)
Creates a new private key based on the contents of the file pointed by fp.
void ldns_key_list_free(ldns_key_list *key_list)
Frees a key list structure.
bool ldns_key_list_push_key(ldns_key_list *key_list, ldns_key *key)
pushes a key to a keylist
void ldns_key_set_expiration(ldns_key *k, uint32_t e)
Set the key's expiration date (seconds after epoch)
ldns_rr * ldns_key2rr(const ldns_key *k)
converts a ldns_key to a public key rr If the key data exists at an external point,...
void ldns_key_set_pubkey_owner(ldns_key *k, ldns_rdf *r)
Set the key's pubkey owner.
ldns_key_list * ldns_key_list_new(void)
Creates a new empty key list.
uint16_t ldns_key_keytag(const ldns_key *k)
return the keytag
void ldns_key_set_keytag(ldns_key *k, uint16_t tag)
Set the key's key tag.
ldns_rdf * ldns_key_pubkey_owner(const ldns_key *k)
return the public key's owner
ldns_status ldns_key_new_frm_engine(ldns_key **key, ENGINE *e, char *key_id, ldns_algorithm alg)
Read the key with the given id from the given engine and store it in the given ldns_key structure.
uint16_t ldns_key_flags(const ldns_key *k)
return the flag of the key
size_t ldns_key_list_key_count(const ldns_key_list *key_list)
returns the number of keys in the key list
void ldns_key_set_flags(ldns_key *k, uint16_t f)
Set the key's flags.
void ldns_key_set_inception(ldns_key *k, uint32_t i)
Set the key's inception date (seconds after epoch)
Addendum to dnssec.h, this module contains key and algorithm definitions and functions.
ldns_enum_signing_algorithm
Algorithms used in dns for signing.
@ LDNS_SIGN_ECDSAP256SHA256
@ LDNS_SIGN_RSASHA1_NSEC3
@ LDNS_SIGN_ECDSAP384SHA384
enum ldns_enum_algorithm ldns_algorithm
int main(int argc, char *argv[])
int str2zonemd_signflag(const char *str, const char **reason)
Including this file will include all ldns files, and define some lookup tables.
void ldns_rdf_deep_free(ldns_rdf *rd)
frees a rdf structure and frees the data.
uint16_t ldns_rdf2native_int16(const ldns_rdf *rd)
returns the native uint16_t representation from the rdf.
ldns_rdf * ldns_rdf_clone(const ldns_rdf *rd)
clones a rdf structure.
#define LDNS_NSEC3_VARS_OPTOUT_MASK
ldns_rr * ldns_rr_list_rr(const ldns_rr_list *rr_list, size_t nr)
returns a specific rr of an rrlist.
uint32_t ldns_rr_ttl(const ldns_rr *rr)
returns the ttl of an rr structure.
ldns_rdf * ldns_rr_owner(const ldns_rr *rr)
returns the owner name of an rr structure.
ldns_status ldns_rr_new_frm_fp_l(ldns_rr **newrr, FILE *fp, uint32_t *default_ttl, ldns_rdf **origin, ldns_rdf **prev, int *line_nr)
creates a new rr from a file containing a string.
void ldns_rr_list_deep_free(ldns_rr_list *rr_list)
frees an rr_list structure and all rrs contained therein.
void ldns_rr_free(ldns_rr *rr)
frees an RR structure
size_t ldns_rr_list_rr_count(const ldns_rr_list *rr_list)
returns the number of rr's in an rr_list.
ldns_rr_type ldns_rr_get_type(const ldns_rr *rr)
returns the type of the rr.
void ldns_rr_set_ttl(ldns_rr *rr, uint32_t ttl)
sets the ttl in the rr structure.
int ldns_rr_compare_no_rdata(const ldns_rr *rr1, const ldns_rr *rr2)
compares two rrs, up to the rdata.
ldns_rr_list * ldns_rr_list_new(void)
creates a new rr_list structure.
ldns_rdf * ldns_rr_rdf(const ldns_rr *rr, size_t nr)
returns the rdata field member counter.
enum ldns_enum_rr_class ldns_rr_class
@ LDNS_RR_CLASS_IN
the Internet
uint32_t ldns_soa_serial_unixtime(uint32_t s, void *data)
Function to be used with ldns_rr_soa_increment_func or ldns_rr_soa_increment_func_int to set the soa ...
void ldns_rr_soa_increment_func_int(ldns_rr *soa, ldns_soa_serial_increment_func_t f, int data)
Increment the serial number of the given SOA with the given function using data as an argument for th...
ldns_status ldns_str2rdf_dname(ldns_rdf **d, const char *str)
convert a dname string into wireformat
Structure containing a dnssec zone.
Same as rr_list, but now for keys.
General key structure, can contain all types of keys that are used in DNSSEC.
struct ldns_struct_key::@1::@3 dnssec
Some values that influence generated signatures.
Resource record data field.
List or Set of Resource Records.
int ldns_hexdigit_to_int(char ch)
Returns the int value of the given (hex) digit.
time_t ldns_mktime_from_utc(const struct tm *tm)
Convert TM to seconds since epoch (midnight, January 1st, 1970).
const char * ldns_version(void)
Show the internal library version.
#define LDNS_XMALLOC(type, count)
ldns_rr_list * ldns_zone_rrs(const ldns_zone *z)
Get a list of a zone's content.
void ldns_zone_deep_free(ldns_zone *zone)
Frees the allocated memory for the zone, the soa rr in it, and the rr_list structure in it,...
bool ldns_zone_push_rr(ldns_zone *z, ldns_rr *rr)
push an single rr to a zone structure.
ldns_rr * ldns_zone_soa(const ldns_zone *z)
Return the soa record of a zone.
ldns_status ldns_zone_new_frm_fp_l(ldns_zone **z, FILE *fp, const ldns_rdf *origin, uint32_t default_ttl, ldns_rr_class c __attribute__((unused)), int *line_nr)