1ldns(3)                    Library Functions Manual                    ldns(3)
2
3
4

NAME

6       ldns_dnssec_zone_sign, ldns_dnssec_zone_sign_nsec3,
7       ldns_dnssec_zone_mark_glue, ldns_dnssec_name_node_next_nonglue,
8       ldns_dnssec_zone_create_nsecs, ldns_dnssec_remove_signatures,
9       ldns_dnssec_zone_create_rrsigs - sign ldns_dnssec_zone
10
11

SYNOPSIS

13       #include <stdint.h>
14       #include <stdbool.h>
15
16       #include <ldns/ldns.h>
17
18       ldns_status ldns_dnssec_zone_sign(ldns_dnssec_zone *zone, ldns_rr_list
19       *new_rrs, ldns_key_list *key_list, int (*func)(ldns_rr *, void *), void
20       *arg);
21
22       ldns_status ldns_dnssec_zone_sign_nsec3(ldns_dnssec_zone *zone,
23       ldns_rr_list *new_rrs, ldns_key_list *key_list, int (*func)(ldns_rr *,
24       void *), void *arg, uint8_t algorithm, uint8_t flags, uint16_t itera‐
25       tions, uint8_t salt_length, uint8_t *salt);
26
27        ldns_dnssec_zone_mark_glue();
28
29       ldns_rbnode_t* ldns_dnssec_name_node_next_nonglue(ldns_rbnode_t *node);
30
31       ldns_status ldns_dnssec_zone_create_nsecs(ldns_dnssec_zone *zone,
32       ldns_rr_list *new_rrs);
33
34       ldns_dnssec_rrs* ldns_dnssec_remove_signatures(ldns_dnssec_rrs *signa‐
35       tures, ldns_key_list *key_list, int (*func)(ldns_rr *, void *), void
36       *arg);
37
38       ldns_status ldns_dnssec_zone_create_rrsigs(ldns_dnssec_zone *zone,
39       ldns_rr_list *new_rrs, ldns_key_list *key_list, int (*func)(ldns_rr *,
40       void*), void *arg);
41

DESCRIPTION

43       ldns_dnssec_zone_sign() signs the given zone with the given keys
44
45              zone: the zone to sign
46              key_list: the list of keys to sign the zone with
47              new_rrs: newly created resource records are added to this list,
48              to free them later
49              func: callback function that decides what to do with old signa‐
50              tures This function takes an ldns_rr* and an optional void *arg
51              argument, and returns one of four values:
52              LDNS_SIGNATURE_LEAVE_ADD_NEW: leave the signature and add a new
53              one for the corresponding key LDNS_SIGNATURE_REMOVE_ADD_NEW:
54              remove the signature and replace is with a new one from the same
55              key LDNS_SIGNATURE_LEAVE_NO_ADD: leave the signature and do not
56              add a new one with the corresponding key
57              LDNS_SIGNATURE_REMOVE_NO_ADD: remove the signature and do not
58              replace
59
60              arg: optional argument for the callback function
61              Returns LDNS_STATUS_OK on success, an error code otherwise
62
63       ldns_dnssec_zone_sign_nsec3() signs the given zone with the given new
64              zone, with NSEC3
65
66              zone: the zone to sign
67              key_list: the list of keys to sign the zone with
68              new_rrs: newly created resource records are added to this list,
69              to free them later
70              func: callback function that decides what to do with old signa‐
71              tures
72              arg: optional argument for the callback function
73              algorithm: the NSEC3 hashing algorithm to use
74              flags: NSEC3 flags
75              iterations: the number of NSEC3 hash iterations to use
76              salt_length: the length (in octets) of the NSEC3 salt
77              salt: the NSEC3 salt data
78              Returns LDNS_STATUS_OK on success, an error code otherwise
79
80       ldns_dnssec_zone_mark_glue()
81
82       ldns_dnssec_name_node_next_nonglue() Finds the first dnssec_name node
83              in the rbtree that is not occluded.  It *does* return names that
84              are partially occluded.
85
86              node: the first node to check
87              Returns the first node that has not been marked as glue, or NULL
88              if not found (TODO: make that LDNS_RBTREE_NULL?)
89
90       ldns_dnssec_zone_create_nsecs() Adds NSEC records to the given
91              dnssec_zone
92
93              zone: the zone to add the records to
94              new_rrs: ldns_rr's created by this function are added to this rr
95              list, so the caller can free them later
96              Returns LDNS_STATUS_OK on success, an error code otherwise
97
98       ldns_dnssec_remove_signatures() remove signatures if callback function
99              tells to
100
101              signatures: list of signatures to check, and possibly remove,
102              depending on the value of the callback
103              key_list: these are marked to be used or not, on the return
104              value of the callback
105              func: this function is called to specify what to do with each
106              signature (and corresponding key)
107              arg: Optional argument for the callback function
108              Returns s pointer to the new signatures rrs (the original passed
109              to this function may have been removed)
110
111       ldns_dnssec_zone_create_rrsigs() Adds signatures to the zone
112
113              zone: the zone to add RRSIG Resource Records to
114              new_rrs: the RRSIG RRs that are created are also added to this
115              list, so the caller can free them later
116              key_list: list of keys to sign with.
117              func: Callback function to decide what keys to use and what to
118              do with old signatures
119              arg: Optional argument for the callback function
120              Returns LDNS_STATUS_OK on success, error otherwise
121

AUTHOR

123       The ldns team at NLnet Labs. Which consists out of Jelte Jansen and
124       Miek Gieben.
125
126

REPORTING BUGS

128       Please report bugs to ldns-team@nlnetlabs.nl or in our bugzilla at
129       http://www.nlnetlabs.nl/bugs/index.html
130
131
133       Copyright (c) 2004 - 2006 NLnet Labs.
134
135       Licensed under the BSD License. There is NO warranty; not even for MER‐
136       CHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
137
138

SEE ALSO

140       ldns_dnssec_zone.  And perldoc Net::DNS, RFC1034, RFC1035, RFC4033,
141       RFC4034  and RFC4035.
142

REMARKS

144       This manpage was automatically generated from the ldns source code by
145       use of Doxygen and some perl.
146
147
148
149                                  30 May 2006                          ldns(3)
Impressum