move all DNSSECRecordType variants into RecordType
This commit is contained in:
parent
8eca711b9a
commit
59d6343862
@ -26,6 +26,7 @@ All notes should be prepended with the location of the change, e.g. `(proto)` or
|
||||
|
||||
### Removed
|
||||
|
||||
- (proto) removed `RecordType::DNSSEC` and moved all variants of `DNSSECRecordType` into `RecordType`
|
||||
- (proto) removed `BufStreamHandle` and `StreamHandle` #1433
|
||||
- (response) disabled `mdns` to work on a new solution #1433
|
||||
|
||||
|
@ -17,7 +17,7 @@ use tokio::runtime::Runtime;
|
||||
use trust_dns_client::client::*;
|
||||
use trust_dns_client::proto::xfer::DnsResponse;
|
||||
use trust_dns_client::rr::dnssec::*;
|
||||
use trust_dns_client::rr::rdata::{DNSSECRData, DNSSECRecordType};
|
||||
use trust_dns_client::rr::rdata::DNSSECRData;
|
||||
use trust_dns_client::rr::*;
|
||||
|
||||
use self::mut_message_client::MutMessageHandle;
|
||||
@ -251,17 +251,12 @@ pub fn query_all_dnssec(
|
||||
client.support_algorithms = Some(SupportedAlgorithms::from_vec(&[algorithm]));
|
||||
}
|
||||
|
||||
let response = query_message(
|
||||
io_loop,
|
||||
&mut client,
|
||||
name.clone(),
|
||||
RecordType::DNSSEC(DNSSECRecordType::DNSKEY),
|
||||
);
|
||||
let response = query_message(io_loop, &mut client, name.clone(), RecordType::DNSKEY);
|
||||
|
||||
let dnskey = response
|
||||
.answers()
|
||||
.iter()
|
||||
.filter(|r| r.rr_type() == RecordType::DNSSEC(DNSSECRecordType::DNSKEY))
|
||||
.filter(|r| r.rr_type() == RecordType::DNSKEY)
|
||||
.map(|r| {
|
||||
if let RData::DNSSEC(DNSSECRData::DNSKEY(ref dnskey)) = *r.rdata() {
|
||||
dnskey.clone()
|
||||
@ -272,17 +267,12 @@ pub fn query_all_dnssec(
|
||||
.find(|d| d.algorithm() == algorithm);
|
||||
assert!(dnskey.is_some(), "DNSKEY not found");
|
||||
|
||||
let response = query_message(
|
||||
io_loop,
|
||||
&mut client,
|
||||
name,
|
||||
RecordType::DNSSEC(DNSSECRecordType::DNSKEY),
|
||||
);
|
||||
let response = query_message(io_loop, &mut client, name, RecordType::DNSKEY);
|
||||
|
||||
let rrsig = response
|
||||
.answers()
|
||||
.iter()
|
||||
.filter(|r| r.rr_type() == RecordType::DNSSEC(DNSSECRecordType::RRSIG))
|
||||
.filter(|r| r.rr_type() == RecordType::RRSIG)
|
||||
.map(|r| {
|
||||
if let RData::DNSSEC(DNSSECRData::SIG(ref rrsig)) = *r.rdata() {
|
||||
rrsig.clone()
|
||||
@ -291,7 +281,7 @@ pub fn query_all_dnssec(
|
||||
}
|
||||
})
|
||||
.filter(|rrsig| rrsig.algorithm() == algorithm)
|
||||
.find(|rrsig| rrsig.type_covered() == RecordType::DNSSEC(DNSSECRecordType::DNSKEY));
|
||||
.find(|rrsig| rrsig.type_covered() == RecordType::DNSKEY);
|
||||
assert!(rrsig.is_some(), "Associated RRSIG not found");
|
||||
}
|
||||
|
||||
|
@ -11,9 +11,12 @@
|
||||
use std::{fmt, io};
|
||||
|
||||
use thiserror::Error;
|
||||
use trust_dns_proto::error::{ProtoError, ProtoErrorKind};
|
||||
|
||||
use super::LexerError;
|
||||
use crate::proto::{
|
||||
error::{ProtoError, ProtoErrorKind},
|
||||
rr::RecordType,
|
||||
};
|
||||
#[cfg(feature = "backtrace")]
|
||||
use crate::proto::{trace, ExtBacktrace};
|
||||
use crate::serialize::txt::Token;
|
||||
@ -78,6 +81,10 @@ pub enum ErrorKind {
|
||||
#[error("unknown RecordType: {0}")]
|
||||
UnknownRecordType(u16),
|
||||
|
||||
/// Unknown RecordType
|
||||
#[error("unsupported RecordType: {0}")]
|
||||
UnsupportedRecordType(RecordType),
|
||||
|
||||
/// A request timed out
|
||||
#[error("request timed out")]
|
||||
Timeout,
|
||||
@ -100,6 +107,7 @@ impl Clone for ErrorKind {
|
||||
Lexer(e) => Lexer(e.clone()),
|
||||
ParseInt(e) => ParseInt(e.clone()),
|
||||
Proto(e) => Proto(e.clone()),
|
||||
UnsupportedRecordType(ty) => UnsupportedRecordType(*ty),
|
||||
UnknownRecordType(ty) => UnknownRecordType(*ty),
|
||||
Timeout => Timeout,
|
||||
}
|
||||
|
@ -17,7 +17,7 @@ use {
|
||||
crate::error::DnsSecResult,
|
||||
crate::proto::rr::dnssec::{tbs, TBS},
|
||||
crate::rr::dnssec::{Algorithm, KeyPair, Private},
|
||||
crate::rr::rdata::{DNSSECRData, DNSSECRecordType, DNSKEY, KEY, SIG},
|
||||
crate::rr::rdata::{DNSSECRData, DNSKEY, KEY, SIG},
|
||||
crate::rr::{DNSClass, Name, RData, RecordType},
|
||||
crate::serialize::binary::BinEncoder,
|
||||
};
|
||||
@ -537,7 +537,7 @@ impl MessageFinalizer for SigSigner {
|
||||
|
||||
let expiration_time: u32 = current_time + (5 * 60); // +5 minutes in seconds
|
||||
|
||||
sig0.set_rr_type(RecordType::DNSSEC(DNSSECRecordType::SIG));
|
||||
sig0.set_rr_type(RecordType::SIG);
|
||||
let pre_sig0 = SIG::new(
|
||||
// type covered in SIG(0) is 0 which is what makes this SIG0 vs a standard SIG
|
||||
RecordType::ZERO,
|
||||
|
@ -17,7 +17,6 @@
|
||||
//! record data enum variants
|
||||
|
||||
use crate::error::*;
|
||||
use crate::rr::rdata::DNSSECRecordType;
|
||||
use crate::rr::{Name, RData, RecordType};
|
||||
use crate::serialize::txt::rdata_parsers::*;
|
||||
|
||||
@ -61,44 +60,30 @@ impl RDataParser for RData {
|
||||
RecordType::SVCB => svcb::parse(tokens).map(RData::SVCB)?,
|
||||
RecordType::TLSA => RData::TLSA(tlsa::parse(tokens)?),
|
||||
RecordType::TXT => RData::TXT(txt::parse(tokens)?),
|
||||
RecordType::DNSSEC(DNSSECRecordType::SIG) => {
|
||||
return Err(ParseError::from("parsing SIG doesn't make sense"))
|
||||
}
|
||||
RecordType::DNSSEC(DNSSECRecordType::DNSKEY) => {
|
||||
RecordType::SIG => return Err(ParseError::from("parsing SIG doesn't make sense")),
|
||||
RecordType::DNSKEY => {
|
||||
return Err(ParseError::from("DNSKEY should be dynamically generated"))
|
||||
}
|
||||
RecordType::DNSSEC(DNSSECRecordType::KEY) => {
|
||||
return Err(ParseError::from("KEY should be dynamically generated"))
|
||||
}
|
||||
RecordType::DNSSEC(DNSSECRecordType::DS) => {
|
||||
return Err(ParseError::from("DS should be dynamically generated"))
|
||||
}
|
||||
RecordType::DNSSEC(DNSSECRecordType::NSEC) => {
|
||||
RecordType::KEY => return Err(ParseError::from("KEY should be dynamically generated")),
|
||||
RecordType::DS => return Err(ParseError::from("DS should be dynamically generated")),
|
||||
RecordType::NSEC => {
|
||||
return Err(ParseError::from("NSEC should be dynamically generated"))
|
||||
}
|
||||
RecordType::DNSSEC(DNSSECRecordType::NSEC3) => {
|
||||
RecordType::NSEC3 => {
|
||||
return Err(ParseError::from("NSEC3 should be dynamically generated"))
|
||||
}
|
||||
RecordType::DNSSEC(DNSSECRecordType::NSEC3PARAM) => {
|
||||
RecordType::NSEC3PARAM => {
|
||||
return Err(ParseError::from(
|
||||
"NSEC3PARAM should be dynamically generated",
|
||||
))
|
||||
}
|
||||
RecordType::DNSSEC(DNSSECRecordType::RRSIG) => {
|
||||
RecordType::RRSIG => {
|
||||
return Err(ParseError::from("RRSIG should be dynamically generated"))
|
||||
}
|
||||
RecordType::DNSSEC(DNSSECRecordType::Unknown(code)) => {
|
||||
return Err(ParseError::from(ParseErrorKind::UnknownRecordType(code)))
|
||||
}
|
||||
RecordType::Unknown(code) => {
|
||||
// TODO: add a way to associate generic record types to the zone
|
||||
return Err(ParseError::from(ParseErrorKind::UnknownRecordType(code)));
|
||||
}
|
||||
RecordType::ZERO => RData::ZERO,
|
||||
r @ trust_dns_proto::rr::RecordType::DNSSEC(..) | r => {
|
||||
return Err(ParseError::from(ParseErrorKind::UnknownRecordType(
|
||||
u16::from(r),
|
||||
)))
|
||||
r => {
|
||||
// TODO: add a way to associate generic record types to the zone
|
||||
return Err(ParseError::from(ParseErrorKind::UnsupportedRecordType(r)));
|
||||
}
|
||||
};
|
||||
|
||||
|
@ -27,10 +27,6 @@ use super::{Edns, Header, MessageType, OpCode, Query, ResponseCode};
|
||||
use crate::error::*;
|
||||
use crate::rr::{Record, RecordType};
|
||||
use crate::serialize::binary::{BinDecodable, BinDecoder, BinEncodable, BinEncoder, EncodeMode};
|
||||
|
||||
#[cfg(feature = "dnssec")]
|
||||
#[cfg_attr(docsrs, doc(cfg(feature = "dnssec")))]
|
||||
use crate::rr::dnssec::rdata::DNSSECRecordType;
|
||||
use crate::xfer::DnsResponse;
|
||||
|
||||
/// The basic request and response datastructure, used for all DNS protocols.
|
||||
@ -334,7 +330,7 @@ impl Message {
|
||||
#[cfg(feature = "dnssec")]
|
||||
#[cfg_attr(docsrs, doc(cfg(feature = "dnssec")))]
|
||||
pub fn add_sig0(&mut self, record: Record) -> &mut Self {
|
||||
assert_eq!(RecordType::DNSSEC(DNSSECRecordType::SIG), record.rr_type());
|
||||
assert_eq!(RecordType::SIG, record.rr_type());
|
||||
self.signature.push(record);
|
||||
self
|
||||
}
|
||||
@ -345,7 +341,7 @@ impl Message {
|
||||
#[cfg(feature = "dnssec")]
|
||||
#[cfg_attr(docsrs, doc(cfg(feature = "dnssec")))]
|
||||
pub fn add_tsig(&mut self, record: Record) -> &mut Self {
|
||||
assert_eq!(RecordType::DNSSEC(DNSSECRecordType::TSIG), record.rr_type());
|
||||
assert_eq!(RecordType::TSIG, record.rr_type());
|
||||
self.signature.push(record);
|
||||
self
|
||||
}
|
||||
@ -653,12 +649,12 @@ impl Message {
|
||||
} else {
|
||||
match record.rr_type() {
|
||||
#[cfg(feature = "dnssec")]
|
||||
RecordType::DNSSEC(DNSSECRecordType::SIG) => {
|
||||
RecordType::SIG => {
|
||||
saw_sig0 = true;
|
||||
sigs.push(record);
|
||||
}
|
||||
#[cfg(feature = "dnssec")]
|
||||
RecordType::DNSSEC(DNSSECRecordType::TSIG) => {
|
||||
RecordType::TSIG => {
|
||||
if saw_sig0 {
|
||||
return Err("sig0 must be final resource record".into());
|
||||
} // SIG0 must be last
|
||||
@ -725,9 +721,9 @@ impl Message {
|
||||
match fin.rr_type() {
|
||||
// SIG0's are special, and come at the very end of the message
|
||||
#[cfg(feature = "dnssec")]
|
||||
RecordType::DNSSEC(DNSSECRecordType::SIG) => self.add_sig0(fin),
|
||||
RecordType::SIG => self.add_sig0(fin),
|
||||
#[cfg(feature = "dnssec")]
|
||||
RecordType::DNSSEC(DNSSECRecordType::TSIG) => self.add_tsig(fin),
|
||||
RecordType::TSIG => self.add_tsig(fin),
|
||||
_ => self.add_additional(fin),
|
||||
};
|
||||
}
|
||||
|
@ -30,12 +30,8 @@ pub mod nsec3param;
|
||||
pub mod sig;
|
||||
pub mod tsig;
|
||||
|
||||
use std::str::FromStr;
|
||||
|
||||
use enum_as_inner::EnumAsInner;
|
||||
use log::trace;
|
||||
#[cfg(feature = "serde-config")]
|
||||
use serde::{Deserialize, Serialize};
|
||||
|
||||
use crate::error::*;
|
||||
use crate::rr::rdata::null;
|
||||
@ -53,108 +49,8 @@ pub use self::sig::SIG;
|
||||
pub use self::tsig::TSIG;
|
||||
|
||||
/// The type of the resource record, for DNSSEC-specific records.
|
||||
#[cfg_attr(feature = "serde-config", derive(Deserialize, Serialize))]
|
||||
#[derive(Debug, PartialEq, Eq, Hash, Copy, Clone)]
|
||||
#[non_exhaustive]
|
||||
pub enum DNSSECRecordType {
|
||||
// CDS, // 59 RFC 7344 Child DS
|
||||
// CDNSKEY, // 60 RFC 7344 Child DNSKEY
|
||||
// DLV, // 32769 RFC 4431 DNSSEC Lookaside Validation record
|
||||
/// [RFC 4034](https://tools.ietf.org/html/rfc4034) DNS Key record: RSASHA256 and RSASHA512, RFC5702
|
||||
DNSKEY,
|
||||
/// [RFC 4034](https://tools.ietf.org/html/rfc4034) Delegation signer: RSASHA256 and RSASHA512, RFC5702
|
||||
DS,
|
||||
/// [RFC 2535](https://tools.ietf.org/html/rfc2535) and [RFC 2930](https://tools.ietf.org/html/rfc2930) Key record
|
||||
KEY,
|
||||
/// [RFC 4034](https://tools.ietf.org/html/rfc4034) Next-Secure record
|
||||
NSEC,
|
||||
/// [RFC 5155](https://tools.ietf.org/html/rfc5155) NSEC record version 3
|
||||
NSEC3,
|
||||
/// [RFC 5155](https://tools.ietf.org/html/rfc5155) NSEC3 parameters
|
||||
NSEC3PARAM,
|
||||
/// [RFC 4034](https://tools.ietf.org/html/rfc4034) DNSSEC signature: RSASHA256 and RSASHA512, RFC5702
|
||||
RRSIG,
|
||||
/// [RFC 2535](https://tools.ietf.org/html/rfc2535) (and [RFC 2931](https://tools.ietf.org/html/rfc2931)) Signature, to support [RFC 2137](https://tools.ietf.org/html/rfc2137) Update.
|
||||
///
|
||||
/// This isn't really a DNSSEC record type, but it is here because, at least
|
||||
/// for now, we enable/disable SIG(0) in exactly the same circumstances that
|
||||
/// we enable/disable DNSSEC. This may change in the future.
|
||||
SIG,
|
||||
/// [RFC 8945](https://tools.ietf.org/html/rfc8945) Transaction Signature
|
||||
TSIG,
|
||||
/// Unknown or not yet supported DNSSec record type
|
||||
Unknown(u16),
|
||||
}
|
||||
|
||||
impl FromStr for DNSSECRecordType {
|
||||
type Err = ProtoError;
|
||||
|
||||
fn from_str(str: &str) -> ProtoResult<Self> {
|
||||
match str {
|
||||
"DNSKEY" => Ok(DNSSECRecordType::DNSKEY),
|
||||
"DS" => Ok(DNSSECRecordType::DS),
|
||||
"KEY" => Ok(DNSSECRecordType::KEY),
|
||||
"NSEC" => Ok(DNSSECRecordType::NSEC),
|
||||
"NSEC3" => Ok(DNSSECRecordType::NSEC3),
|
||||
"NSEC3PARAM" => Ok(DNSSECRecordType::NSEC3PARAM),
|
||||
"RRSIG" => Ok(DNSSECRecordType::RRSIG),
|
||||
"SIG" => Ok(DNSSECRecordType::SIG),
|
||||
"TSIG" => Ok(DNSSECRecordType::TSIG),
|
||||
_ => Err(ProtoErrorKind::UnknownRecordTypeStr(str.to_string()).into()),
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
impl From<u16> for DNSSECRecordType {
|
||||
fn from(value: u16) -> Self {
|
||||
match value {
|
||||
48 => DNSSECRecordType::DNSKEY,
|
||||
43 => DNSSECRecordType::DS,
|
||||
25 => DNSSECRecordType::KEY,
|
||||
47 => DNSSECRecordType::NSEC,
|
||||
50 => DNSSECRecordType::NSEC3,
|
||||
51 => DNSSECRecordType::NSEC3PARAM,
|
||||
46 => DNSSECRecordType::RRSIG,
|
||||
24 => DNSSECRecordType::SIG,
|
||||
250 => DNSSECRecordType::TSIG,
|
||||
_ => DNSSECRecordType::Unknown(value),
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
impl From<DNSSECRecordType> for &'static str {
|
||||
fn from(rt: DNSSECRecordType) -> &'static str {
|
||||
match rt {
|
||||
DNSSECRecordType::DNSKEY => "DNSKEY",
|
||||
DNSSECRecordType::DS => "DS",
|
||||
DNSSECRecordType::KEY => "KEY",
|
||||
DNSSECRecordType::NSEC => "NSEC",
|
||||
DNSSECRecordType::NSEC3 => "NSEC3",
|
||||
DNSSECRecordType::NSEC3PARAM => "NSEC3PARAM",
|
||||
DNSSECRecordType::RRSIG => "RRSIG",
|
||||
DNSSECRecordType::SIG => "SIG",
|
||||
DNSSECRecordType::TSIG => "TSIG",
|
||||
DNSSECRecordType::Unknown(..) => "DnsSecUnknown",
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
impl From<DNSSECRecordType> for u16 {
|
||||
fn from(rt: DNSSECRecordType) -> Self {
|
||||
match rt {
|
||||
DNSSECRecordType::KEY => 25,
|
||||
DNSSECRecordType::DNSKEY => 48,
|
||||
DNSSECRecordType::DS => 43,
|
||||
DNSSECRecordType::NSEC => 47,
|
||||
DNSSECRecordType::NSEC3 => 50,
|
||||
DNSSECRecordType::NSEC3PARAM => 51,
|
||||
DNSSECRecordType::RRSIG => 46,
|
||||
DNSSECRecordType::SIG => 24,
|
||||
DNSSECRecordType::TSIG => 250,
|
||||
DNSSECRecordType::Unknown(value) => value,
|
||||
}
|
||||
}
|
||||
}
|
||||
#[deprecated(note = "All RecordType definitions have been moved into RecordType")]
|
||||
pub type DNSSECRecordType = RecordType;
|
||||
|
||||
/// Record data enum variants for DNSSEC-specific records.
|
||||
#[derive(Debug, EnumAsInner, PartialEq, Clone, Eq)]
|
||||
@ -611,49 +507,48 @@ pub enum DNSSECRData {
|
||||
impl DNSSECRData {
|
||||
pub(crate) fn read(
|
||||
decoder: &mut BinDecoder<'_>,
|
||||
record_type: DNSSECRecordType,
|
||||
record_type: RecordType,
|
||||
rdata_length: Restrict<u16>,
|
||||
) -> ProtoResult<Self> {
|
||||
match record_type {
|
||||
DNSSECRecordType::DNSKEY => {
|
||||
RecordType::DNSKEY => {
|
||||
trace!("reading DNSKEY");
|
||||
dnskey::read(decoder, rdata_length).map(DNSSECRData::DNSKEY)
|
||||
}
|
||||
DNSSECRecordType::DS => {
|
||||
RecordType::DS => {
|
||||
trace!("reading DS");
|
||||
ds::read(decoder, rdata_length).map(DNSSECRData::DS)
|
||||
}
|
||||
DNSSECRecordType::KEY => {
|
||||
RecordType::KEY => {
|
||||
trace!("reading KEY");
|
||||
key::read(decoder, rdata_length).map(DNSSECRData::KEY)
|
||||
}
|
||||
DNSSECRecordType::NSEC => {
|
||||
RecordType::NSEC => {
|
||||
trace!("reading NSEC");
|
||||
nsec::read(decoder, rdata_length).map(DNSSECRData::NSEC)
|
||||
}
|
||||
DNSSECRecordType::NSEC3 => {
|
||||
RecordType::NSEC3 => {
|
||||
trace!("reading NSEC3");
|
||||
nsec3::read(decoder, rdata_length).map(DNSSECRData::NSEC3)
|
||||
}
|
||||
DNSSECRecordType::NSEC3PARAM => {
|
||||
RecordType::NSEC3PARAM => {
|
||||
trace!("reading NSEC3PARAM");
|
||||
nsec3param::read(decoder).map(DNSSECRData::NSEC3PARAM)
|
||||
}
|
||||
DNSSECRecordType::RRSIG => {
|
||||
RecordType::RRSIG => {
|
||||
trace!("reading RRSIG");
|
||||
sig::read(decoder, rdata_length).map(DNSSECRData::SIG)
|
||||
}
|
||||
DNSSECRecordType::SIG => {
|
||||
RecordType::SIG => {
|
||||
trace!("reading SIG");
|
||||
sig::read(decoder, rdata_length).map(DNSSECRData::SIG)
|
||||
}
|
||||
DNSSECRecordType::TSIG => {
|
||||
RecordType::TSIG => {
|
||||
trace!("reading TSIG");
|
||||
tsig::read(decoder, rdata_length).map(DNSSECRData::TSIG)
|
||||
}
|
||||
DNSSECRecordType::Unknown(code) => {
|
||||
trace!("reading unknown dnssec: {}", code);
|
||||
null::read(decoder, rdata_length).map(|rdata| DNSSECRData::Unknown { code, rdata })
|
||||
r => {
|
||||
panic!("not a dnssec RecordType: {}", r);
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -688,17 +583,17 @@ impl DNSSECRData {
|
||||
}
|
||||
}
|
||||
|
||||
pub(crate) fn to_record_type(&self) -> DNSSECRecordType {
|
||||
pub(crate) fn to_record_type(&self) -> RecordType {
|
||||
match *self {
|
||||
DNSSECRData::DS(..) => DNSSECRecordType::DS,
|
||||
DNSSECRData::KEY(..) => DNSSECRecordType::KEY,
|
||||
DNSSECRData::DNSKEY(..) => DNSSECRecordType::DNSKEY,
|
||||
DNSSECRData::NSEC(..) => DNSSECRecordType::NSEC,
|
||||
DNSSECRData::NSEC3(..) => DNSSECRecordType::NSEC3,
|
||||
DNSSECRData::NSEC3PARAM(..) => DNSSECRecordType::NSEC3PARAM,
|
||||
DNSSECRData::SIG(..) => DNSSECRecordType::SIG,
|
||||
DNSSECRData::TSIG(..) => DNSSECRecordType::TSIG,
|
||||
DNSSECRData::Unknown { code, .. } => DNSSECRecordType::Unknown(code),
|
||||
DNSSECRData::DS(..) => RecordType::DS,
|
||||
DNSSECRData::KEY(..) => RecordType::KEY,
|
||||
DNSSECRData::DNSKEY(..) => RecordType::DNSKEY,
|
||||
DNSSECRData::NSEC(..) => RecordType::NSEC,
|
||||
DNSSECRData::NSEC3(..) => RecordType::NSEC3,
|
||||
DNSSECRData::NSEC3PARAM(..) => RecordType::NSEC3PARAM,
|
||||
DNSSECRData::SIG(..) => RecordType::SIG,
|
||||
DNSSECRData::TSIG(..) => RecordType::TSIG,
|
||||
DNSSECRData::Unknown { code, .. } => RecordType::Unknown(code),
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -723,12 +618,6 @@ impl fmt::Display for DNSSECRData {
|
||||
}
|
||||
}
|
||||
|
||||
impl From<DNSSECRecordType> for RecordType {
|
||||
fn from(record_type: DNSSECRecordType) -> RecordType {
|
||||
RecordType::DNSSEC(record_type)
|
||||
}
|
||||
}
|
||||
|
||||
impl From<DNSSECRData> for RData {
|
||||
fn from(rdata: DNSSECRData) -> RData {
|
||||
RData::DNSSEC(rdata)
|
||||
|
@ -19,7 +19,6 @@ use std::fmt;
|
||||
|
||||
use super::nsec3;
|
||||
use crate::error::*;
|
||||
use crate::rr::dnssec::rdata::DNSSECRecordType;
|
||||
use crate::rr::{Name, RecordType};
|
||||
use crate::serialize::binary::*;
|
||||
|
||||
@ -84,7 +83,7 @@ impl NSEC {
|
||||
///
|
||||
/// An NSEC RData for use in a Resource Record
|
||||
pub fn new_cover_self(next_domain_name: Name, mut type_bit_maps: Vec<RecordType>) -> NSEC {
|
||||
type_bit_maps.push(RecordType::DNSSEC(DNSSECRecordType::NSEC));
|
||||
type_bit_maps.push(RecordType::NSEC);
|
||||
|
||||
Self::new(next_domain_name, type_bit_maps)
|
||||
}
|
||||
@ -224,8 +223,8 @@ mod tests {
|
||||
vec![
|
||||
RecordType::A,
|
||||
RecordType::AAAA,
|
||||
RecordType::DNSSEC(DNSSECRecordType::DS),
|
||||
RecordType::DNSSEC(DNSSECRecordType::RRSIG),
|
||||
RecordType::DS,
|
||||
RecordType::RRSIG,
|
||||
],
|
||||
);
|
||||
|
||||
|
@ -563,7 +563,7 @@ mod tests {
|
||||
|
||||
#[test]
|
||||
fn test() {
|
||||
use crate::rr::dnssec::rdata::DNSSECRecordType;
|
||||
use crate::rr::dnssec::rdata::RecordType;
|
||||
|
||||
let rdata = NSEC3::new(
|
||||
Nsec3HashAlgorithm::SHA1,
|
||||
@ -574,8 +574,8 @@ mod tests {
|
||||
vec![
|
||||
RecordType::A,
|
||||
RecordType::AAAA,
|
||||
RecordType::DNSSEC(DNSSECRecordType::DS),
|
||||
RecordType::DNSSEC(DNSSECRecordType::RRSIG),
|
||||
RecordType::DS,
|
||||
RecordType::RRSIG,
|
||||
],
|
||||
);
|
||||
|
||||
@ -594,7 +594,7 @@ mod tests {
|
||||
|
||||
#[test]
|
||||
fn test_dups() {
|
||||
use crate::rr::dnssec::rdata::DNSSECRecordType;
|
||||
use crate::rr::dnssec::rdata::RecordType;
|
||||
|
||||
let rdata_with_dups = NSEC3::new(
|
||||
Nsec3HashAlgorithm::SHA1,
|
||||
@ -605,9 +605,9 @@ mod tests {
|
||||
vec![
|
||||
RecordType::A,
|
||||
RecordType::AAAA,
|
||||
RecordType::DNSSEC(DNSSECRecordType::DS),
|
||||
RecordType::DS,
|
||||
RecordType::AAAA,
|
||||
RecordType::DNSSEC(DNSSECRecordType::RRSIG),
|
||||
RecordType::RRSIG,
|
||||
],
|
||||
);
|
||||
|
||||
@ -620,8 +620,8 @@ mod tests {
|
||||
vec![
|
||||
RecordType::A,
|
||||
RecordType::AAAA,
|
||||
RecordType::DNSSEC(DNSSECRecordType::DS),
|
||||
RecordType::DNSSEC(DNSSECRecordType::RRSIG),
|
||||
RecordType::DS,
|
||||
RecordType::RRSIG,
|
||||
],
|
||||
);
|
||||
|
||||
|
@ -14,7 +14,7 @@ use crate::rr::rdata::sshfp;
|
||||
use crate::error::*;
|
||||
use crate::op::{Header, Message, Query};
|
||||
use crate::rr::dns_class::DNSClass;
|
||||
use crate::rr::dnssec::rdata::{DNSSECRData, DNSSECRecordType};
|
||||
use crate::rr::dnssec::rdata::DNSSECRData;
|
||||
use crate::rr::record_data::RData;
|
||||
use crate::rr::record_type::RecordType;
|
||||
use crate::rr::{Name, Record};
|
||||
@ -720,10 +720,8 @@ pub fn signed_bitmessage_to_buf(
|
||||
|
||||
// parse a tsig record
|
||||
let sig = Record::read(&mut decoder)?;
|
||||
let tsig = if let (
|
||||
RecordType::DNSSEC(DNSSECRecordType::TSIG),
|
||||
RData::DNSSEC(DNSSECRData::TSIG(tsig_data)),
|
||||
) = (sig.rr_type(), sig.rdata())
|
||||
let tsig = if let (RecordType::TSIG, RData::DNSSEC(DNSSECRData::TSIG(tsig_data))) =
|
||||
(sig.rr_type(), sig.rdata())
|
||||
{
|
||||
tsig_data
|
||||
} else {
|
||||
@ -766,7 +764,7 @@ pub fn make_tsig_record(name: Name, rdata: TSIG) -> Record {
|
||||
// NAME: The name of the key used, in domain name syntax
|
||||
tsig.set_name(name)
|
||||
// TYPE: This MUST be TSIG (250: Transaction SIGnature).
|
||||
.set_record_type(DNSSECRecordType::TSIG.into())
|
||||
.set_record_type(RecordType::TSIG.into())
|
||||
// CLASS: This MUST be ANY.
|
||||
.set_dns_class(DNSClass::ANY)
|
||||
// TTL: This MUST be 0.
|
||||
|
@ -776,12 +776,15 @@ impl RData {
|
||||
rdata::txt::read(decoder, rdata_length).map(RData::TXT)
|
||||
}
|
||||
#[cfg(feature = "dnssec")]
|
||||
RecordType::DNSSEC(record_type) => {
|
||||
r if r.is_dnssec() => {
|
||||
DNSSECRData::read(decoder, record_type, rdata_length).map(RData::DNSSEC)
|
||||
}
|
||||
RecordType::Unknown(code) => {
|
||||
trace!("reading Unknown");
|
||||
rdata::null::read(decoder, rdata_length).map(|rdata| RData::Unknown { code, rdata })
|
||||
record_type => {
|
||||
trace!("reading Unknown record: {}", record_type);
|
||||
rdata::null::read(decoder, rdata_length).map(|rdata| RData::Unknown {
|
||||
code: record_type.into(),
|
||||
rdata,
|
||||
})
|
||||
}
|
||||
};
|
||||
|
||||
@ -938,7 +941,7 @@ impl RData {
|
||||
RData::TLSA(..) => RecordType::TLSA,
|
||||
RData::TXT(..) => RecordType::TXT,
|
||||
#[cfg(feature = "dnssec")]
|
||||
RData::DNSSEC(ref rdata) => RecordType::DNSSEC(DNSSECRData::to_record_type(rdata)),
|
||||
RData::DNSSEC(ref rdata) => DNSSECRData::to_record_type(rdata),
|
||||
RData::Unknown { code, .. } => RecordType::Unknown(code),
|
||||
RData::ZERO => RecordType::ZERO,
|
||||
}
|
||||
@ -1230,7 +1233,7 @@ mod tests {
|
||||
RData::TLSA(..) => RecordType::TLSA,
|
||||
RData::TXT(..) => RecordType::TXT,
|
||||
#[cfg(feature = "dnssec")]
|
||||
RData::DNSSEC(ref rdata) => RecordType::DNSSEC(rdata.to_record_type()),
|
||||
RData::DNSSEC(ref rdata) => rdata.to_record_type(),
|
||||
RData::Unknown { code, .. } => RecordType::Unknown(code),
|
||||
RData::ZERO => RecordType::ZERO,
|
||||
}
|
||||
|
@ -19,9 +19,6 @@ use serde::{Deserialize, Serialize};
|
||||
use crate::error::*;
|
||||
use crate::serialize::binary::*;
|
||||
|
||||
#[cfg(feature = "dnssec")]
|
||||
use crate::rr::dnssec::rdata::DNSSECRecordType;
|
||||
|
||||
// TODO: adopt proper restrictions on usage: https://tools.ietf.org/html/rfc6895 section 3.1
|
||||
// add the data TYPEs, QTYPEs, and Meta-TYPEs
|
||||
//
|
||||
@ -48,11 +45,18 @@ pub enum RecordType {
|
||||
AXFR,
|
||||
/// [RFC 6844](https://tools.ietf.org/html/rfc6844) Certification Authority Authorization
|
||||
CAA,
|
||||
// CDS, // 59 RFC 7344 Child DS
|
||||
// CDNSKEY, // 60 RFC 7344 Child DNSKEY
|
||||
// CERT, // 37 RFC 4398 Certificate record
|
||||
/// [RFC 1035](https://tools.ietf.org/html/rfc1035) Canonical name record
|
||||
CNAME,
|
||||
// DHCID, // 49 RFC 4701 DHCP identifier
|
||||
// DLV, // 32769 RFC 4431 DNSSEC Lookaside Validation record
|
||||
// DNAME, // 39 RFC 2672 Delegation Name
|
||||
/// [RFC 4034](https://tools.ietf.org/html/rfc4034) DNS Key record: RSASHA256 and RSASHA512, RFC5702
|
||||
DNSKEY,
|
||||
/// [RFC 4034](https://tools.ietf.org/html/rfc4034) Delegation signer: RSASHA256 and RSASHA512, RFC5702
|
||||
DS,
|
||||
/// [RFC 1035](https://tools.ietf.org/html/rfc1035) host information
|
||||
HINFO,
|
||||
// HIP, // 55 RFC 5205 Host Identity Protocol
|
||||
@ -62,6 +66,8 @@ pub enum RecordType {
|
||||
/// [RFC 1996](https://tools.ietf.org/html/rfc1996) Incremental Zone Transfer
|
||||
IXFR,
|
||||
// KX, // 36 RFC 2230 Key eXchanger record
|
||||
/// [RFC 2535](https://tools.ietf.org/html/rfc2535) and [RFC 2930](https://tools.ietf.org/html/rfc2930) Key record
|
||||
KEY,
|
||||
// LOC, // 29 RFC 1876 Location record
|
||||
/// [RFC 1035](https://tools.ietf.org/html/rfc1035) Mail exchange record
|
||||
MX,
|
||||
@ -69,6 +75,12 @@ pub enum RecordType {
|
||||
NAPTR,
|
||||
/// [RFC 1035](https://tools.ietf.org/html/rfc1035) Name server record
|
||||
NS,
|
||||
/// [RFC 4034](https://tools.ietf.org/html/rfc4034) Next-Secure record
|
||||
NSEC,
|
||||
/// [RFC 5155](https://tools.ietf.org/html/rfc5155) NSEC record version 3
|
||||
NSEC3,
|
||||
/// [RFC 5155](https://tools.ietf.org/html/rfc5155) NSEC3 parameters
|
||||
NSEC3PARAM,
|
||||
/// [RFC 1035](https://tools.ietf.org/html/rfc1035) Null server record, for testing
|
||||
NULL,
|
||||
/// [RFC 7929](https://tools.ietf.org/html/rfc7929) OpenPGP public key
|
||||
@ -78,6 +90,10 @@ pub enum RecordType {
|
||||
/// [RFC 1035](https://tools.ietf.org/html/rfc1035) Pointer record
|
||||
PTR,
|
||||
// RP, // 17 RFC 1183 Responsible person
|
||||
/// [RFC 4034](https://tools.ietf.org/html/rfc4034) DNSSEC signature: RSASHA256 and RSASHA512, RFC5702
|
||||
RRSIG,
|
||||
/// [RFC 2535](https://tools.ietf.org/html/rfc2535) (and [RFC 2931](https://tools.ietf.org/html/rfc2931)) Signature, to support [RFC 2137](https://tools.ietf.org/html/rfc2137) Update.
|
||||
SIG,
|
||||
/// [RFC 1035](https://tools.ietf.org/html/rfc1035) and [RFC 2308](https://tools.ietf.org/html/rfc2308) Start of [a zone of] authority record
|
||||
SOA,
|
||||
/// [RFC 2782](https://tools.ietf.org/html/rfc2782) Service locator
|
||||
@ -90,17 +106,10 @@ pub enum RecordType {
|
||||
// TKEY, // 249 RFC 2930 Secret key record
|
||||
/// [RFC 6698](https://tools.ietf.org/html/rfc6698) TLSA certificate association
|
||||
TLSA,
|
||||
/// [RFC 8945](https://tools.ietf.org/html/rfc8945) Transaction Signature
|
||||
TSIG,
|
||||
/// [RFC 1035](https://tools.ietf.org/html/rfc1035) Text record
|
||||
TXT,
|
||||
|
||||
/// A DNSSEC- or SIG(0)- specific record type.
|
||||
///
|
||||
/// These types are in [DNSSECRecordType] to make them easy to disable when
|
||||
/// crypto functionality isn't needed.
|
||||
#[cfg(feature = "dnssec")]
|
||||
#[cfg_attr(docsrs, doc(cfg(feature = "dnssec")))]
|
||||
DNSSEC(DNSSECRecordType),
|
||||
|
||||
/// Unknown Record type, or unsupported
|
||||
Unknown(u16),
|
||||
|
||||
@ -144,6 +153,23 @@ impl RecordType {
|
||||
pub fn is_ip_addr(self) -> bool {
|
||||
matches!(self, RecordType::A | RecordType::AAAA)
|
||||
}
|
||||
|
||||
/// Returns true if this is a DNSSEC RecordType
|
||||
#[inline]
|
||||
pub fn is_dnssec(self) -> bool {
|
||||
matches!(
|
||||
self,
|
||||
RecordType::DNSKEY
|
||||
| RecordType::DS
|
||||
| RecordType::KEY
|
||||
| RecordType::NSEC
|
||||
| RecordType::NSEC3
|
||||
| RecordType::NSEC3PARAM
|
||||
| RecordType::RRSIG
|
||||
| RecordType::SIG
|
||||
| RecordType::TSIG
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
impl FromStr for RecordType {
|
||||
@ -165,27 +191,33 @@ impl FromStr for RecordType {
|
||||
"A" => Ok(RecordType::A),
|
||||
"AAAA" => Ok(RecordType::AAAA),
|
||||
"ANAME" => Ok(RecordType::ANAME),
|
||||
"AXFR" => Ok(RecordType::AXFR),
|
||||
"CAA" => Ok(RecordType::CAA),
|
||||
"CNAME" => Ok(RecordType::CNAME),
|
||||
"DNSKEY" => Ok(RecordType::DNSKEY),
|
||||
"DS" => Ok(RecordType::DS),
|
||||
"HINFO" => Ok(RecordType::HINFO),
|
||||
"HTTPS" => Ok(RecordType::HTTPS),
|
||||
"NULL" => Ok(RecordType::NULL),
|
||||
"KEY" => Ok(RecordType::KEY),
|
||||
"MX" => Ok(RecordType::MX),
|
||||
"NAPTR" => Ok(RecordType::NAPTR),
|
||||
"NSEC" => Ok(RecordType::NSEC),
|
||||
"NSEC3" => Ok(RecordType::NSEC3),
|
||||
"NSEC3PARAM" => Ok(RecordType::NSEC3PARAM),
|
||||
"NS" => Ok(RecordType::NS),
|
||||
"NULL" => Ok(RecordType::NULL),
|
||||
"OPENPGPKEY" => Ok(RecordType::OPENPGPKEY),
|
||||
"PTR" => Ok(RecordType::PTR),
|
||||
"RRSIG" => Ok(RecordType::RRSIG),
|
||||
"SIG" => Ok(RecordType::SIG),
|
||||
"SOA" => Ok(RecordType::SOA),
|
||||
"SRV" => Ok(RecordType::SRV),
|
||||
"SSHFP" => Ok(RecordType::SSHFP),
|
||||
"SVCB" => Ok(RecordType::SVCB),
|
||||
"TLSA" => Ok(RecordType::TLSA),
|
||||
"TXT" => Ok(RecordType::TXT),
|
||||
"TSIG" => Ok(RecordType::TSIG),
|
||||
"ANY" | "*" => Ok(RecordType::ANY),
|
||||
"AXFR" => Ok(RecordType::AXFR),
|
||||
#[cfg(feature = "dnssec")]
|
||||
"DNSKEY" | "DS" | "KEY" | "NSEC" | "NSEC3" | "NSEC3PARAM" | "RRSIG" | "SIG"
|
||||
| "TSIG" => Ok(RecordType::DNSSEC(str.parse()?)),
|
||||
_ => Err(ProtoErrorKind::UnknownRecordTypeStr(str.to_string()).into()),
|
||||
}
|
||||
}
|
||||
@ -211,32 +243,31 @@ impl From<u16> for RecordType {
|
||||
252 => RecordType::AXFR,
|
||||
257 => RecordType::CAA,
|
||||
5 => RecordType::CNAME,
|
||||
48 => RecordType::DNSKEY,
|
||||
43 => RecordType::DS,
|
||||
13 => RecordType::HINFO,
|
||||
65 => RecordType::HTTPS,
|
||||
25 => RecordType::KEY,
|
||||
15 => RecordType::MX,
|
||||
35 => RecordType::NAPTR,
|
||||
2 => RecordType::NS,
|
||||
47 => RecordType::NSEC,
|
||||
50 => RecordType::NSEC3,
|
||||
51 => RecordType::NSEC3PARAM,
|
||||
10 => RecordType::NULL,
|
||||
61 => RecordType::OPENPGPKEY,
|
||||
41 => RecordType::OPT,
|
||||
12 => RecordType::PTR,
|
||||
46 => RecordType::RRSIG,
|
||||
24 => RecordType::SIG,
|
||||
6 => RecordType::SOA,
|
||||
33 => RecordType::SRV,
|
||||
44 => RecordType::SSHFP,
|
||||
64 => RecordType::SVCB,
|
||||
52 => RecordType::TLSA,
|
||||
250 => RecordType::TSIG,
|
||||
16 => RecordType::TXT,
|
||||
0 => RecordType::ZERO,
|
||||
#[cfg(feature = "dnssec")]
|
||||
48/*DNSKEY*/ |
|
||||
43/*DS*/ |
|
||||
25/*KEY*/ |
|
||||
47/*NSEC*/|
|
||||
50/*NSEC3*/|
|
||||
51/*NSEC3PARAM*/|
|
||||
46/*RRSIG*/|
|
||||
24/*SIG*/|
|
||||
250/*TSIG*/ => RecordType::DNSSEC(DNSSECRecordType::from(value)),
|
||||
// all unknown record types
|
||||
_ => RecordType::Unknown(value),
|
||||
}
|
||||
@ -284,25 +315,32 @@ impl From<RecordType> for &'static str {
|
||||
RecordType::AXFR => "AXFR",
|
||||
RecordType::CAA => "CAA",
|
||||
RecordType::CNAME => "CNAME",
|
||||
RecordType::DNSKEY => "DNSKEY",
|
||||
RecordType::DS => "DS",
|
||||
RecordType::HINFO => "HINFO",
|
||||
RecordType::HTTPS => "HTTPS",
|
||||
RecordType::ZERO => "ZERO",
|
||||
RecordType::KEY => "KEY",
|
||||
RecordType::IXFR => "IXFR",
|
||||
RecordType::MX => "MX",
|
||||
RecordType::NAPTR => "NAPTR",
|
||||
RecordType::NS => "NS",
|
||||
RecordType::NSEC => "NSEC",
|
||||
RecordType::NSEC3 => "NSEC3",
|
||||
RecordType::NSEC3PARAM => "NSEC3PARAM",
|
||||
RecordType::NULL => "NULL",
|
||||
RecordType::OPENPGPKEY => "OPENPGPKEY",
|
||||
RecordType::OPT => "OPT",
|
||||
RecordType::PTR => "PTR",
|
||||
RecordType::RRSIG => "RRSIG",
|
||||
RecordType::SIG => "SIG",
|
||||
RecordType::SOA => "SOA",
|
||||
RecordType::SRV => "SRV",
|
||||
RecordType::SSHFP => "SSHFP",
|
||||
RecordType::SVCB => "SVCB",
|
||||
RecordType::TLSA => "TLSA",
|
||||
RecordType::TSIG => "TSIG",
|
||||
RecordType::TXT => "TXT",
|
||||
#[cfg(feature = "dnssec")]
|
||||
RecordType::DNSSEC(rt) => rt.into(),
|
||||
RecordType::ZERO => "ZERO",
|
||||
RecordType::Unknown(_) => "Unknown",
|
||||
}
|
||||
}
|
||||
@ -328,25 +366,32 @@ impl From<RecordType> for u16 {
|
||||
RecordType::AXFR => 252,
|
||||
RecordType::CAA => 257,
|
||||
RecordType::CNAME => 5,
|
||||
RecordType::DNSKEY => 48,
|
||||
RecordType::DS => 43,
|
||||
RecordType::HINFO => 13,
|
||||
RecordType::HTTPS => 65,
|
||||
RecordType::ZERO => 0,
|
||||
RecordType::KEY => 25,
|
||||
RecordType::IXFR => 251,
|
||||
RecordType::MX => 15,
|
||||
RecordType::NAPTR => 35,
|
||||
RecordType::NS => 2,
|
||||
RecordType::NSEC => 47,
|
||||
RecordType::NSEC3 => 50,
|
||||
RecordType::NSEC3PARAM => 51,
|
||||
RecordType::NULL => 10,
|
||||
RecordType::OPENPGPKEY => 61,
|
||||
RecordType::OPT => 41,
|
||||
RecordType::PTR => 12,
|
||||
RecordType::RRSIG => 46,
|
||||
RecordType::SIG => 24,
|
||||
RecordType::SOA => 6,
|
||||
RecordType::SRV => 33,
|
||||
RecordType::SSHFP => 44,
|
||||
RecordType::SVCB => 64,
|
||||
RecordType::TLSA => 52,
|
||||
RecordType::TSIG => 250,
|
||||
RecordType::TXT => 16,
|
||||
#[cfg(feature = "dnssec")]
|
||||
RecordType::DNSSEC(rt) => rt.into(),
|
||||
RecordType::ZERO => 0,
|
||||
RecordType::Unknown(code) => code,
|
||||
}
|
||||
}
|
||||
|
@ -860,7 +860,7 @@ mod test {
|
||||
#[allow(clippy::blocks_in_if_conditions)]
|
||||
fn test_get_filter() {
|
||||
use crate::rr::dnssec::rdata::SIG;
|
||||
use crate::rr::dnssec::rdata::{DNSSECRData, DNSSECRecordType};
|
||||
use crate::rr::dnssec::rdata::{DNSSECRData, RecordType};
|
||||
use crate::rr::dnssec::{Algorithm, SupportedAlgorithms};
|
||||
|
||||
let name = Name::root();
|
||||
@ -912,28 +912,28 @@ mod test {
|
||||
let rrsig_rsa = Record::new()
|
||||
.set_name(name.clone())
|
||||
.set_ttl(3600)
|
||||
.set_rr_type(RecordType::DNSSEC(DNSSECRecordType::RRSIG))
|
||||
.set_rr_type(RecordType::RRSIG)
|
||||
.set_dns_class(DNSClass::IN)
|
||||
.set_rdata(RData::DNSSEC(DNSSECRData::SIG(rsasha256)))
|
||||
.clone();
|
||||
let rrsig_ecp256 = Record::new()
|
||||
.set_name(name.clone())
|
||||
.set_ttl(3600)
|
||||
.set_rr_type(RecordType::DNSSEC(DNSSECRecordType::RRSIG))
|
||||
.set_rr_type(RecordType::RRSIG)
|
||||
.set_dns_class(DNSClass::IN)
|
||||
.set_rdata(RData::DNSSEC(DNSSECRData::SIG(ecp256)))
|
||||
.clone();
|
||||
let rrsig_ecp384 = Record::new()
|
||||
.set_name(name.clone())
|
||||
.set_ttl(3600)
|
||||
.set_rr_type(RecordType::DNSSEC(DNSSECRecordType::RRSIG))
|
||||
.set_rr_type(RecordType::RRSIG)
|
||||
.set_dns_class(DNSClass::IN)
|
||||
.set_rdata(RData::DNSSEC(DNSSECRData::SIG(ecp384)))
|
||||
.clone();
|
||||
let rrsig_ed25519 = Record::new()
|
||||
.set_name(name.clone())
|
||||
.set_ttl(3600)
|
||||
.set_rr_type(RecordType::DNSSEC(DNSSECRecordType::RRSIG))
|
||||
.set_rr_type(RecordType::RRSIG)
|
||||
.set_dns_class(DNSClass::IN)
|
||||
.set_rdata(RData::DNSSEC(DNSSECRData::SIG(ed25519)))
|
||||
.clone();
|
||||
|
@ -21,7 +21,7 @@ use log::{debug, trace};
|
||||
|
||||
use crate::error::*;
|
||||
use crate::op::{OpCode, Query};
|
||||
use crate::rr::dnssec::rdata::{DNSSECRData, DNSSECRecordType, DNSKEY, SIG};
|
||||
use crate::rr::dnssec::rdata::{DNSSECRData, DNSKEY, SIG};
|
||||
#[cfg(feature = "dnssec")]
|
||||
use crate::rr::dnssec::Verifier;
|
||||
use crate::rr::dnssec::{Algorithm, SupportedAlgorithms, TrustAnchor};
|
||||
@ -201,7 +201,7 @@ where
|
||||
let nsecs = verified_message
|
||||
.name_servers()
|
||||
.iter()
|
||||
.filter(|rr| is_dnssec(rr, DNSSECRecordType::NSEC))
|
||||
.filter(|rr| is_dnssec(rr, RecordType::NSEC))
|
||||
.collect::<Vec<_>>();
|
||||
|
||||
if !verify_nsec(&query, soa_name, nsecs.as_slice()) {
|
||||
@ -239,14 +239,14 @@ where
|
||||
.iter()
|
||||
.chain(message_result.name_servers())
|
||||
.filter(|rr| {
|
||||
!is_dnssec(rr, DNSSECRecordType::RRSIG) &&
|
||||
!is_dnssec(rr, RecordType::RRSIG) &&
|
||||
// if we are at a depth greater than 1, we are only interested in proving evaluation chains
|
||||
// this means that only DNSKEY and DS are interesting at that point.
|
||||
// this protects against looping over things like NS records and DNSKEYs in responses.
|
||||
// TODO: is there a cleaner way to prevent cycles in the evaluations?
|
||||
(handle.request_depth <= 1 ||
|
||||
is_dnssec(rr, DNSSECRecordType::DNSKEY) ||
|
||||
is_dnssec(rr, DNSSECRecordType::DS))
|
||||
is_dnssec(rr, RecordType::DNSKEY) ||
|
||||
is_dnssec(rr, RecordType::DS))
|
||||
})
|
||||
.map(|rr| (rr.name().clone(), rr.rr_type()))
|
||||
{
|
||||
@ -286,7 +286,7 @@ where
|
||||
.iter()
|
||||
.chain(message_result.name_servers())
|
||||
.chain(message_result.additionals())
|
||||
.filter(|rr| is_dnssec(rr, DNSSECRecordType::RRSIG))
|
||||
.filter(|rr| is_dnssec(rr, RecordType::RRSIG))
|
||||
.filter(|rr| {
|
||||
if let RData::DNSSEC(DNSSECRData::SIG(ref rrsig)) = *rr.rdata() {
|
||||
rrsig.type_covered() == record_type
|
||||
@ -320,8 +320,8 @@ where
|
||||
verify_all_rrsets(message_result, rrsets_to_verify).await
|
||||
}
|
||||
|
||||
fn is_dnssec(rr: &Record, dnssec_type: DNSSECRecordType) -> bool {
|
||||
rr.rr_type() == RecordType::DNSSEC(dnssec_type)
|
||||
fn is_dnssec(rr: &Record, dnssec_type: RecordType) -> bool {
|
||||
rr.rr_type().is_dnssec() && dnssec_type.is_dnssec() && rr.record_type() == dnssec_type
|
||||
}
|
||||
|
||||
async fn verify_all_rrsets<F, E>(
|
||||
@ -435,7 +435,7 @@ where
|
||||
// Special case for unsigned DNSKEYs, it's valid for a DNSKEY to be bare in the zone if
|
||||
// it's a trust_anchor, though some DNS servers choose to self-sign in this case,
|
||||
// for self-signed KEYS they will drop through to the standard validation logic.
|
||||
if let RecordType::DNSSEC(DNSSECRecordType::DNSKEY) = rrset.record_type {
|
||||
if let RecordType::DNSKEY = rrset.record_type {
|
||||
if rrsigs.is_empty() {
|
||||
debug!("unsigned key: {}, {:?}", rrset.name, rrset.record_type);
|
||||
// TODO: validate that this DNSKEY is stronger than the one lower in the chain,
|
||||
@ -449,7 +449,7 @@ where
|
||||
|
||||
// validation of DNSKEY records
|
||||
match rrset.record_type {
|
||||
RecordType::DNSSEC(DNSSECRecordType::DNSKEY) => verify_dnskey_rrset(handle, rrset).await,
|
||||
RecordType::DNSKEY => verify_dnskey_rrset(handle, rrset).await,
|
||||
_ => Ok(rrset),
|
||||
}
|
||||
}
|
||||
@ -476,7 +476,7 @@ where
|
||||
.records
|
||||
.iter()
|
||||
.enumerate()
|
||||
.filter(|&(_, rr)| is_dnssec(rr, DNSSECRecordType::DNSKEY))
|
||||
.filter(|&(_, rr)| is_dnssec(rr, RecordType::DNSKEY))
|
||||
.filter_map(|(i, rr)| {
|
||||
if let RData::DNSSEC(DNSSECRData::DNSKEY(ref rdata)) = *rr.rdata() {
|
||||
Some((i, rdata))
|
||||
@ -511,7 +511,7 @@ where
|
||||
// need to get DS records for each DNSKEY
|
||||
let ds_message = handle
|
||||
.lookup(
|
||||
Query::query(rrset.name.clone(), RecordType::DNSSEC(DNSSECRecordType::DS)),
|
||||
Query::query(rrset.name.clone(), RecordType::DS),
|
||||
DnsRequestOptions::default(),
|
||||
)
|
||||
.first_answer()
|
||||
@ -520,7 +520,7 @@ where
|
||||
.records
|
||||
.iter()
|
||||
.enumerate()
|
||||
.filter(|&(_, rr)| is_dnssec(rr, DNSSECRecordType::DNSKEY))
|
||||
.filter(|&(_, rr)| is_dnssec(rr, RecordType::DNSKEY))
|
||||
.filter_map(|(i, rr)| {
|
||||
if let RData::DNSSEC(DNSSECRData::DNSKEY(ref rdata)) = *rr.rdata() {
|
||||
Some((i, rdata))
|
||||
@ -532,7 +532,7 @@ where
|
||||
ds_message
|
||||
.answers()
|
||||
.iter()
|
||||
.filter(|ds| is_dnssec(ds, DNSSECRecordType::DS))
|
||||
.filter(|ds| is_dnssec(ds, RecordType::DS))
|
||||
.filter_map(|ds| {
|
||||
if let RData::DNSSEC(DNSSECRData::DS(ref ds_rdata)) = *ds.rdata() {
|
||||
Some((ds.name(), ds_rdata))
|
||||
@ -656,11 +656,10 @@ where
|
||||
// Special case for self-signed DNSKEYS, validate with itself...
|
||||
if rrsigs
|
||||
.iter()
|
||||
.filter(|rrsig| is_dnssec(rrsig, DNSSECRecordType::RRSIG))
|
||||
.filter(|rrsig| is_dnssec(rrsig, RecordType::RRSIG))
|
||||
.any(|rrsig| {
|
||||
if let RData::DNSSEC(DNSSECRData::SIG(ref sig)) = *rrsig.rdata() {
|
||||
RecordType::DNSSEC(DNSSECRecordType::DNSKEY) == rrset.record_type
|
||||
&& sig.signer_name() == &rrset.name
|
||||
RecordType::DNSKEY == rrset.record_type && sig.signer_name() == &rrset.name
|
||||
} else {
|
||||
panic!("expected a SIG here");
|
||||
}
|
||||
@ -674,7 +673,7 @@ where
|
||||
rrsigs
|
||||
.into_iter()
|
||||
// this filter is technically unnecessary, can probably remove it...
|
||||
.filter(|rrsig| is_dnssec(rrsig, DNSSECRecordType::RRSIG))
|
||||
.filter(|rrsig| is_dnssec(rrsig, RecordType::RRSIG))
|
||||
.map(|rrsig| {
|
||||
if let RData::DNSSEC(DNSSECRData::SIG(sig)) = rrsig.into_data() {
|
||||
// setting up the context explicitly.
|
||||
@ -721,7 +720,7 @@ where
|
||||
// TODO: strip RRSIGS to accepted algorithms and make algorithms configurable.
|
||||
let verifications = rrsigs.into_iter()
|
||||
// this filter is technically unnecessary, can probably remove it...
|
||||
.filter(|rrsig| is_dnssec(rrsig, DNSSECRecordType::RRSIG))
|
||||
.filter(|rrsig| is_dnssec(rrsig, RecordType::RRSIG))
|
||||
.map(|rrsig|
|
||||
if let RData::DNSSEC(DNSSECRData::SIG(sig)) = rrsig.into_data() {
|
||||
// setting up the context explicitly.
|
||||
@ -736,7 +735,7 @@ where
|
||||
|
||||
handle
|
||||
.lookup(
|
||||
Query::query(sig.signer_name().clone(), RecordType::DNSSEC(DNSSECRecordType::DNSKEY)),
|
||||
Query::query(sig.signer_name().clone(), RecordType::DNSKEY),
|
||||
DnsRequestOptions::default()
|
||||
)
|
||||
.first_answer()
|
||||
@ -745,7 +744,7 @@ where
|
||||
future::ready(message
|
||||
.answers()
|
||||
.iter()
|
||||
.filter(|r| is_dnssec(r, DNSSECRecordType::DNSKEY))
|
||||
.filter(|r| is_dnssec(r, RecordType::DNSKEY))
|
||||
.find(|r|
|
||||
if let RData::DNSSEC(DNSSECRData::DNSKEY(ref dnskey)) = *r.rdata() {
|
||||
let dnskey_name = r.name();
|
||||
|
@ -21,7 +21,6 @@ use crate::client::rr::dnssec::{DnsSecResult, SigSigner, SupportedAlgorithms};
|
||||
use crate::client::rr::rdata::key::KEY;
|
||||
#[cfg(feature = "dnssec")]
|
||||
use crate::client::rr::rdata::DNSSECRData;
|
||||
use crate::client::rr::rdata::DNSSECRecordType;
|
||||
use crate::client::rr::rdata::SOA;
|
||||
use crate::client::rr::{DNSClass, LowerName, Name, RData, Record, RecordSet, RecordType, RrKey};
|
||||
|
||||
@ -242,7 +241,7 @@ impl InMemoryAuthority {
|
||||
|
||||
let (records, _rrsigs): (Vec<&Record>, Vec<&Record>) = rrset
|
||||
.records(and_rrsigs, supported_algorithms)
|
||||
.partition(|r| r.record_type() != RecordType::DNSSEC(DNSSECRecordType::RRSIG));
|
||||
.partition(|r| r.record_type() != RecordType::RRSIG);
|
||||
|
||||
for record in records {
|
||||
new_answer.add_rdata(record.rdata().clone());
|
||||
@ -359,10 +358,10 @@ impl InMemoryAuthority {
|
||||
#[cfg(feature = "dnssec")]
|
||||
fn is_nsec(upsert_type: RecordType, occupied_type: RecordType) -> bool {
|
||||
// NSEC is always allowed
|
||||
upsert_type == RecordType::DNSSEC(DNSSECRecordType::NSEC)
|
||||
|| upsert_type == RecordType::DNSSEC(DNSSECRecordType::NSEC3)
|
||||
|| occupied_type == RecordType::DNSSEC(DNSSECRecordType::NSEC)
|
||||
|| occupied_type == RecordType::DNSSEC(DNSSECRecordType::NSEC3)
|
||||
upsert_type == RecordType::NSEC
|
||||
|| upsert_type == RecordType::NSEC3
|
||||
|| occupied_type == RecordType::NSEC
|
||||
|| occupied_type == RecordType::NSEC3
|
||||
}
|
||||
|
||||
#[cfg(not(feature = "dnssec"))]
|
||||
@ -460,7 +459,7 @@ impl InMemoryAuthority {
|
||||
let delete_keys: Vec<RrKey> = self
|
||||
.records
|
||||
.keys()
|
||||
.filter(|k| k.record_type == RecordType::DNSSEC(DNSSECRecordType::NSEC))
|
||||
.filter(|k| k.record_type == RecordType::NSEC)
|
||||
.cloned()
|
||||
.collect();
|
||||
|
||||
@ -483,11 +482,7 @@ impl InMemoryAuthority {
|
||||
}
|
||||
Some((name, vec)) => {
|
||||
// names aren't equal, create the NSEC record
|
||||
let mut record = Record::with(
|
||||
name.clone(),
|
||||
RecordType::DNSSEC(DNSSECRecordType::NSEC),
|
||||
ttl,
|
||||
);
|
||||
let mut record = Record::with(name.clone(), RecordType::NSEC, ttl);
|
||||
let rdata = NSEC::new_cover_self(key.name.clone().into(), vec);
|
||||
record.set_rdata(RData::DNSSEC(DNSSECRData::NSEC(rdata)));
|
||||
records.push(record);
|
||||
@ -501,11 +496,7 @@ impl InMemoryAuthority {
|
||||
// the last record
|
||||
if let Some((name, vec)) = nsec_info {
|
||||
// names aren't equal, create the NSEC record
|
||||
let mut record = Record::with(
|
||||
name.clone(),
|
||||
RecordType::DNSSEC(DNSSECRecordType::NSEC),
|
||||
ttl,
|
||||
);
|
||||
let mut record = Record::with(name.clone(), RecordType::NSEC, ttl);
|
||||
let rdata = NSEC::new_cover_self(Authority::origin(self).clone().into(), vec);
|
||||
record.set_rdata(RData::DNSSEC(DNSSECRData::NSEC(rdata)));
|
||||
records.push(record);
|
||||
@ -544,11 +535,7 @@ impl InMemoryAuthority {
|
||||
|
||||
rr_set.clear_rrsigs();
|
||||
|
||||
let rrsig_temp = Record::with(
|
||||
rr_set.name().clone(),
|
||||
RecordType::DNSSEC(DNSSECRecordType::RRSIG),
|
||||
zone_ttl,
|
||||
);
|
||||
let rrsig_temp = Record::with(rr_set.name().clone(), RecordType::RRSIG, zone_ttl);
|
||||
|
||||
for signer in secure_keys {
|
||||
debug!(
|
||||
@ -1031,11 +1018,11 @@ impl Authority for InMemoryAuthority {
|
||||
supported_algorithms: SupportedAlgorithms,
|
||||
) -> Pin<Box<dyn Future<Output = Result<Self::Lookup, LookupError>> + Send>> {
|
||||
fn is_nsec_rrset(rr_set: &RecordSet) -> bool {
|
||||
rr_set.record_type() == RecordType::DNSSEC(DNSSECRecordType::NSEC)
|
||||
rr_set.record_type() == RecordType::NSEC
|
||||
}
|
||||
|
||||
// TODO: need a BorrowdRrKey
|
||||
let rr_key = RrKey::new(name.clone(), RecordType::DNSSEC(DNSSECRecordType::NSEC));
|
||||
let rr_key = RrKey::new(name.clone(), RecordType::NSEC);
|
||||
let no_data = self
|
||||
.records
|
||||
.get(&rr_key)
|
||||
|
@ -445,7 +445,7 @@ impl SqliteAuthority {
|
||||
use futures_executor::block_on;
|
||||
use log::debug;
|
||||
|
||||
use crate::client::rr::rdata::{DNSSECRData, DNSSECRecordType};
|
||||
use crate::client::rr::rdata::{DNSSECRData, RecordType};
|
||||
use crate::proto::rr::dnssec::Verifier;
|
||||
|
||||
// 3.3.3 - Pseudocode for Permission Checking
|
||||
@ -484,7 +484,7 @@ impl SqliteAuthority {
|
||||
// TODO: updates should be async as well.
|
||||
let keys = block_on(self.lookup(
|
||||
&name,
|
||||
RecordType::DNSSEC(DNSSECRecordType::KEY),
|
||||
RecordType::KEY,
|
||||
false,
|
||||
SupportedAlgorithms::new(),
|
||||
));
|
||||
|
@ -8,7 +8,7 @@ use futures_executor::block_on;
|
||||
use trust_dns_client::op::Query;
|
||||
use trust_dns_client::rr::dnssec::{Algorithm, SupportedAlgorithms, Verifier};
|
||||
use trust_dns_client::rr::{DNSClass, Name, Record, RecordType};
|
||||
use trust_dns_proto::rr::dnssec::rdata::{DNSSECRecordType, DNSKEY};
|
||||
use trust_dns_proto::rr::dnssec::rdata::{RecordType, DNSKEY};
|
||||
use trust_dns_proto::xfer;
|
||||
use trust_dns_server::authority::{AuthLookup, Authority};
|
||||
|
||||
@ -25,7 +25,7 @@ pub fn test_a_lookup<A: Authority<Lookup = AuthLookup>>(authority: A, keys: &[DN
|
||||
|
||||
let (rrsig_records, _other_records): (Vec<_>, Vec<_>) = other_records
|
||||
.into_iter()
|
||||
.partition(|r| r.record_type() == RecordType::DNSSEC(DNSSECRecordType::RRSIG));
|
||||
.partition(|r| r.record_type() == RecordType::RRSIG);
|
||||
|
||||
assert!(!rrsig_records.is_empty());
|
||||
verify(&a_records, &rrsig_records, keys);
|
||||
@ -54,7 +54,7 @@ pub fn test_soa<A: Authority<Lookup = AuthLookup>>(authority: A, keys: &[DNSKEY]
|
||||
|
||||
let (rrsig_records, _other_records): (Vec<_>, Vec<_>) = other_records
|
||||
.into_iter()
|
||||
.partition(|r| r.record_type() == RecordType::DNSSEC(DNSSECRecordType::RRSIG));
|
||||
.partition(|r| r.record_type() == RecordType::RRSIG);
|
||||
|
||||
assert!(!rrsig_records.is_empty());
|
||||
verify(&soa_records, &rrsig_records, keys);
|
||||
@ -75,7 +75,7 @@ pub fn test_ns<A: Authority<Lookup = AuthLookup>>(authority: A, keys: &[DNSKEY])
|
||||
|
||||
let (rrsig_records, _other_records): (Vec<_>, Vec<_>) = other_records
|
||||
.into_iter()
|
||||
.partition(|r| r.record_type() == RecordType::DNSSEC(DNSSECRecordType::RRSIG));
|
||||
.partition(|r| r.record_type() == RecordType::RRSIG);
|
||||
|
||||
assert!(!rrsig_records.is_empty());
|
||||
verify(&ns_records, &rrsig_records, keys);
|
||||
@ -97,7 +97,7 @@ pub fn test_aname_lookup<A: Authority<Lookup = AuthLookup>>(authority: A, keys:
|
||||
|
||||
let (rrsig_records, _other_records): (Vec<_>, Vec<_>) = other_records
|
||||
.into_iter()
|
||||
.partition(|r| r.record_type() == RecordType::DNSSEC(DNSSECRecordType::RRSIG));
|
||||
.partition(|r| r.record_type() == RecordType::RRSIG);
|
||||
|
||||
assert!(!rrsig_records.is_empty());
|
||||
verify(&a_records, &rrsig_records, keys);
|
||||
@ -123,7 +123,7 @@ pub fn test_wildcard<A: Authority<Lookup = AuthLookup>>(authority: A, keys: &[DN
|
||||
|
||||
let (rrsig_records, _other_records): (Vec<_>, Vec<_>) = other_records
|
||||
.into_iter()
|
||||
.partition(|r| r.record_type() == RecordType::DNSSEC(DNSSECRecordType::RRSIG));
|
||||
.partition(|r| r.record_type() == RecordType::RRSIG);
|
||||
|
||||
assert!(!rrsig_records.is_empty());
|
||||
verify(&cname_records, &rrsig_records, keys);
|
||||
@ -142,7 +142,7 @@ pub fn test_nsec_nodata<A: Authority<Lookup = AuthLookup>>(authority: A, keys: &
|
||||
let (nsec_records, _other_records): (Vec<_>, Vec<_>) = lookup
|
||||
.into_iter()
|
||||
.cloned()
|
||||
.partition(|r| r.record_type() == RecordType::DNSSEC(DNSSECRecordType::NSEC));
|
||||
.partition(|r| r.record_type() == RecordType::NSEC);
|
||||
|
||||
println!("nsec_records: {:?}", nsec_records);
|
||||
|
||||
@ -173,7 +173,7 @@ pub fn test_nsec_nxdomain_start<A: Authority<Lookup = AuthLookup>>(authority: A,
|
||||
let (nsec_records, _other_records): (Vec<_>, Vec<_>) = lookup
|
||||
.into_iter()
|
||||
.cloned()
|
||||
.partition(|r| r.record_type() == RecordType::DNSSEC(DNSSECRecordType::NSEC));
|
||||
.partition(|r| r.record_type() == RecordType::NSEC);
|
||||
|
||||
println!("nsec_records: {:?}", nsec_records);
|
||||
|
||||
@ -206,7 +206,7 @@ pub fn test_nsec_nxdomain_middle<A: Authority<Lookup = AuthLookup>>(authority: A
|
||||
let (nsec_records, _other_records): (Vec<_>, Vec<_>) = lookup
|
||||
.into_iter()
|
||||
.cloned()
|
||||
.partition(|r| r.record_type() == RecordType::DNSSEC(DNSSECRecordType::NSEC));
|
||||
.partition(|r| r.record_type() == RecordType::NSEC);
|
||||
|
||||
println!("nsec_records: {:?}", nsec_records);
|
||||
|
||||
@ -241,7 +241,7 @@ pub fn test_nsec_nxdomain_wraps_end<A: Authority<Lookup = AuthLookup>>(
|
||||
let (nsec_records, _other_records): (Vec<_>, Vec<_>) = lookup
|
||||
.into_iter()
|
||||
.cloned()
|
||||
.partition(|r| r.record_type() == RecordType::DNSSEC(DNSSECRecordType::NSEC));
|
||||
.partition(|r| r.record_type() == RecordType::NSEC);
|
||||
|
||||
println!("nsec_records: {:?}", nsec_records);
|
||||
|
||||
@ -284,7 +284,7 @@ pub fn test_rfc_6975_supported_algorithms<A: Authority<Lookup = AuthLookup>>(
|
||||
|
||||
let (rrsig_records, _other_records): (Vec<_>, Vec<_>) = other_records
|
||||
.into_iter()
|
||||
.partition(|r| r.record_type() == RecordType::DNSSEC(DNSSECRecordType::RRSIG));
|
||||
.partition(|r| r.record_type() == RecordType::RRSIG);
|
||||
|
||||
assert!(!rrsig_records.is_empty());
|
||||
verify(&a_records, &rrsig_records, &[key.clone()]);
|
||||
|
@ -288,7 +288,7 @@ async fn create_sig0_ready_client() -> (
|
||||
) {
|
||||
use openssl::rsa::Rsa;
|
||||
use trust_dns_client::rr::dnssec::{Algorithm, KeyPair};
|
||||
use trust_dns_client::rr::rdata::{DNSSECRData, DNSSECRecordType};
|
||||
use trust_dns_client::rr::rdata::{DNSSECRData, RecordType};
|
||||
use trust_dns_server::store::sqlite::SqliteAuthority;
|
||||
|
||||
let authority = create_example();
|
||||
@ -306,7 +306,7 @@ async fn create_sig0_ready_client() -> (
|
||||
// insert the KEY for the trusted.example.com
|
||||
let mut auth_key = Record::with(
|
||||
trusted_name,
|
||||
RecordType::DNSSEC(DNSSECRecordType::KEY),
|
||||
RecordType::KEY,
|
||||
Duration::minutes(5).num_seconds() as u32,
|
||||
);
|
||||
auth_key.set_rdata(RData::DNSSEC(DNSSECRData::KEY(sig0_key)));
|
||||
|
@ -310,7 +310,7 @@ fn test_timeout_query_tcp() {
|
||||
// c.secure_query(
|
||||
// &Name::parse("rollernet.us.", None).unwrap(),
|
||||
// DNSClass::IN,
|
||||
// RecordType::DNSSEC(DNSSECRecordType::DS),
|
||||
// RecordType::DS),
|
||||
// ).unwrap();
|
||||
// }
|
||||
|
||||
@ -324,7 +324,7 @@ fn test_timeout_query_tcp() {
|
||||
// c.secure_query(
|
||||
// &Name::parse("rollernet.us.", None).unwrap(),
|
||||
// DNSClass::IN,
|
||||
// RecordType::DNSSEC(DNSSECRecordType::DS),
|
||||
// RecordType::DS),
|
||||
// ).unwrap();
|
||||
// }
|
||||
|
||||
@ -338,7 +338,7 @@ fn test_timeout_query_tcp() {
|
||||
// c.secure_query(
|
||||
// &Name::parse("RollErnet.Us.", None).unwrap(),
|
||||
// DNSClass::IN,
|
||||
// RecordType::DNSSEC(DNSSECRecordType::DS),
|
||||
// RecordType::DS),
|
||||
// ).unwrap();
|
||||
// }
|
||||
|
||||
@ -437,7 +437,7 @@ fn test_nsec_query_type() {
|
||||
fn create_sig0_ready_client(mut catalog: Catalog) -> (SyncClient<TestClientConnection>, Name) {
|
||||
use openssl::rsa::Rsa;
|
||||
use trust_dns_client::rr::dnssec::{Algorithm, KeyPair, Signer as SigSigner};
|
||||
use trust_dns_proto::rr::dnssec::rdata::{DNSSECRData, DNSSECRecordType, KEY};
|
||||
use trust_dns_proto::rr::dnssec::rdata::{DNSSECRData, RecordType, KEY};
|
||||
use trust_dns_server::store::sqlite::SqliteAuthority;
|
||||
|
||||
let authority = create_example();
|
||||
@ -460,7 +460,7 @@ fn create_sig0_ready_client(mut catalog: Catalog) -> (SyncClient<TestClientConne
|
||||
// insert the KEY for the trusted.example.com
|
||||
let mut auth_key = Record::with(
|
||||
Name::from_str("trusted.example.com").unwrap(),
|
||||
RecordType::DNSSEC(DNSSECRecordType::KEY),
|
||||
RecordType::KEY,
|
||||
Duration::minutes(5).num_seconds() as u32,
|
||||
);
|
||||
auth_key.set_rdata(RData::DNSSEC(DNSSECRData::KEY(KEY::new(
|
||||
|
@ -156,7 +156,7 @@ where
|
||||
// .block_on(client.query(
|
||||
// name.clone(),
|
||||
// DNSClass::IN,
|
||||
// RecordType::DNSSEC(DNSSECRecordType::DS),
|
||||
// RecordType::DS),
|
||||
// ))
|
||||
// .expect("query failed");
|
||||
|
||||
@ -176,7 +176,7 @@ where
|
||||
// .block_on(client.query(
|
||||
// name.clone(),
|
||||
// DNSClass::IN,
|
||||
// RecordType::DNSSEC(DNSSECRecordType::DS),
|
||||
// RecordType::DS),
|
||||
// ))
|
||||
// .expect("query failed");
|
||||
|
||||
|
@ -821,9 +821,7 @@ fn test_zone_signing() {
|
||||
.unwrap();
|
||||
|
||||
assert!(
|
||||
results
|
||||
.iter()
|
||||
.any(|r| r.rr_type() == RecordType::DNSSEC(DNSSECRecordType::DNSKEY)),
|
||||
results.iter().any(|r| r.rr_type() == RecordType::DNSKEY),
|
||||
"must contain a DNSKEY"
|
||||
);
|
||||
|
||||
@ -836,10 +834,10 @@ fn test_zone_signing() {
|
||||
.unwrap();
|
||||
|
||||
for record in &results {
|
||||
if record.rr_type() == RecordType::DNSSEC(DNSSECRecordType::RRSIG) {
|
||||
if record.rr_type() == RecordType::RRSIG {
|
||||
continue;
|
||||
}
|
||||
if record.rr_type() == RecordType::DNSSEC(DNSSECRecordType::DNSKEY) {
|
||||
if record.rr_type() == RecordType::DNSKEY {
|
||||
continue;
|
||||
}
|
||||
|
||||
@ -853,14 +851,15 @@ fn test_zone_signing() {
|
||||
|
||||
// validate all records have associated RRSIGs after signing
|
||||
assert!(
|
||||
inner_results.iter().any(|r| r.rr_type()
|
||||
== RecordType::DNSSEC(DNSSECRecordType::RRSIG)
|
||||
&& r.name() == record.name()
|
||||
&& if let RData::DNSSEC(DNSSECRData::SIG(ref rrsig)) = *r.rdata() {
|
||||
rrsig.type_covered() == record.rr_type()
|
||||
} else {
|
||||
false
|
||||
}),
|
||||
inner_results
|
||||
.iter()
|
||||
.any(|r| r.rr_type() == RecordType::RRSIG
|
||||
&& r.name() == record.name()
|
||||
&& if let RData::DNSSEC(DNSSECRData::SIG(ref rrsig)) = *r.rdata() {
|
||||
rrsig.type_covered() == record.rr_type()
|
||||
} else {
|
||||
false
|
||||
}),
|
||||
"record type not covered: {:?}",
|
||||
record
|
||||
);
|
||||
|
@ -30,7 +30,6 @@ use clap::{
|
||||
|
||||
use trust_dns_client::rr::dnssec::Algorithm;
|
||||
use trust_dns_proto::rr::dnssec::rdata::DNSSECRData;
|
||||
use trust_dns_proto::rr::dnssec::rdata::DNSSECRecordType;
|
||||
use trust_dns_proto::rr::record_data::RData;
|
||||
use trust_dns_proto::rr::record_type::RecordType;
|
||||
use trust_dns_resolver::Resolver;
|
||||
@ -47,7 +46,7 @@ pub fn main() {
|
||||
println!("querying for root key-signing-keys, ie dnskeys");
|
||||
let resolver = Resolver::default().expect("could not create resolver");
|
||||
let lookup = resolver
|
||||
.lookup(".", RecordType::DNSSEC(DNSSECRecordType::DNSKEY))
|
||||
.lookup(".", RecordType::DNSKEY)
|
||||
.expect("query failed");
|
||||
|
||||
for r in lookup.iter() {
|
||||
|
Loading…
Reference in New Issue
Block a user