1ldns(3) Library Functions Manual ldns(3)
2
3
4
6 ldns_dnssec_zone_sign, ldns_dnssec_zone_sign_nsec3,
7 ldns_dnssec_zone_mark_glue, ldns_dnssec_name_node_next_nonglue,
8 ldns_dnssec_zone_create_nsecs, ldns_dnssec_remove_signatures,
9 ldns_dnssec_zone_create_rrsigs - sign ldns_dnssec_zone
10
11
13 #include <stdint.h>
14 #include <stdbool.h>
15
16 #include <ldns/ldns.h>
17
18 ldns_status ldns_dnssec_zone_sign(ldns_dnssec_zone *zone, ldns_rr_list
19 *new_rrs, ldns_key_list *key_list, int (*func)(ldns_rr *, void *), void
20 *arg);
21
22 ldns_status ldns_dnssec_zone_sign_nsec3(ldns_dnssec_zone *zone,
23 ldns_rr_list *new_rrs, ldns_key_list *key_list, int (*func)(ldns_rr *,
24 void *), void *arg, uint8_t algorithm, uint8_t flags, uint16_t itera‐
25 tions, uint8_t salt_length, uint8_t *salt);
26
27 ldns_dnssec_zone_mark_glue();
28
29 ldns_rbnode_t* ldns_dnssec_name_node_next_nonglue(ldns_rbnode_t *node);
30
31 ldns_status ldns_dnssec_zone_create_nsecs(ldns_dnssec_zone *zone,
32 ldns_rr_list *new_rrs);
33
34 ldns_dnssec_rrs* ldns_dnssec_remove_signatures(ldns_dnssec_rrs *signa‐
35 tures, ldns_key_list *key_list, int (*func)(ldns_rr *, void *), void
36 *arg);
37
38 ldns_status ldns_dnssec_zone_create_rrsigs(ldns_dnssec_zone *zone,
39 ldns_rr_list *new_rrs, ldns_key_list *key_list, int (*func)(ldns_rr *,
40 void*), void *arg);
41
43 ldns_dnssec_zone_sign() signs the given zone with the given keys
44
45 zone: the zone to sign
46 key_list: the list of keys to sign the zone with
47 new_rrs: newly created resource records are added to this list,
48 to free them later
49 func: callback function that decides what to do with old signa‐
50 tures This function takes an ldns_rr* and an optional void *arg
51 argument, and returns one of four values:
52 LDNS_SIGNATURE_LEAVE_ADD_NEW: leave the signature and add a new
53 one for the corresponding key LDNS_SIGNATURE_REMOVE_ADD_NEW:
54 remove the signature and replace is with a new one from the same
55 key LDNS_SIGNATURE_LEAVE_NO_ADD: leave the signature and do not
56 add a new one with the corresponding key
57 LDNS_SIGNATURE_REMOVE_NO_ADD: remove the signature and do not
58 replace
59
60 arg: optional argument for the callback function
61 Returns LDNS_STATUS_OK on success, an error code otherwise
62
63 ldns_dnssec_zone_sign_nsec3() signs the given zone with the given new
64 zone, with NSEC3
65
66 zone: the zone to sign
67 key_list: the list of keys to sign the zone with
68 new_rrs: newly created resource records are added to this list,
69 to free them later
70 func: callback function that decides what to do with old signa‐
71 tures
72 arg: optional argument for the callback function
73 algorithm: the NSEC3 hashing algorithm to use
74 flags: NSEC3 flags
75 iterations: the number of NSEC3 hash iterations to use
76 salt_length: the length (in octets) of the NSEC3 salt
77 salt: the NSEC3 salt data
78 Returns LDNS_STATUS_OK on success, an error code otherwise
79
80 ldns_dnssec_zone_mark_glue()
81
82 ldns_dnssec_name_node_next_nonglue() Finds the first dnssec_name node
83 in the rbtree that is not occluded. It *does* return names that
84 are partially occluded.
85
86 node: the first node to check
87 Returns the first node that has not been marked as glue, or NULL
88 if not found (TODO: make that LDNS_RBTREE_NULL?)
89
90 ldns_dnssec_zone_create_nsecs() Adds NSEC records to the given
91 dnssec_zone
92
93 zone: the zone to add the records to
94 new_rrs: ldns_rr's created by this function are added to this rr
95 list, so the caller can free them later
96 Returns LDNS_STATUS_OK on success, an error code otherwise
97
98 ldns_dnssec_remove_signatures() remove signatures if callback function
99 tells to
100
101 signatures: list of signatures to check, and possibly remove,
102 depending on the value of the callback
103 key_list: these are marked to be used or not, on the return
104 value of the callback
105 func: this function is called to specify what to do with each
106 signature (and corresponding key)
107 arg: Optional argument for the callback function
108 Returns s pointer to the new signatures rrs (the original passed
109 to this function may have been removed)
110
111 ldns_dnssec_zone_create_rrsigs() Adds signatures to the zone
112
113 zone: the zone to add RRSIG Resource Records to
114 new_rrs: the RRSIG RRs that are created are also added to this
115 list, so the caller can free them later
116 key_list: list of keys to sign with.
117 func: Callback function to decide what keys to use and what to
118 do with old signatures
119 arg: Optional argument for the callback function
120 Returns LDNS_STATUS_OK on success, error otherwise
121
123 The ldns team at NLnet Labs. Which consists out of Jelte Jansen and
124 Miek Gieben.
125
126
128 Please report bugs to ldns-team@nlnetlabs.nl or in our bugzilla at
129 http://www.nlnetlabs.nl/bugs/index.html
130
131
133 Copyright (c) 2004 - 2006 NLnet Labs.
134
135 Licensed under the BSD License. There is NO warranty; not even for MER‐
136 CHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
137
138
140 ldns_dnssec_zone. And perldoc Net::DNS, RFC1034, RFC1035, RFC4033,
141 RFC4034 and RFC4035.
142
144 This manpage was automatically generated from the ldns source code by
145 use of Doxygen and some perl.
146
147
148
149 30 May 2006 ldns(3)