// Check if we have nsec3 records and if so, check them
func nsecCheck(in *dns.Msg) {
for _, r := range in.Answer {
if r.Header().Rrtype == dns.TypeNSEC3 {
goto Check
}
}
for _, r := range in.Ns {
if r.Header().Rrtype == dns.TypeNSEC3 {
goto Check
}
}
for _, r := range in.Extra {
if r.Header().Rrtype == dns.TypeNSEC3 {
goto Check
}
}
return
Check:
w, err := in.Nsec3Verify(in.Question[0])
switch w {
case dns.NSEC3_NXDOMAIN:
fmt.Printf(";+ [beta] Correct denial of existence (NSEC3/NXDOMAIN)\n")
case dns.NSEC3_NODATA:
fmt.Printf(";+ [beta] Correct denial of existence (NSEC3/NODATA)\n")
default:
// w == 0
if err != nil {
fmt.Printf(";- [beta] Incorrect denial of existence (NSEC3): %s\n", err.Error())
}
}
}