func sectionCheck(set []dns.RR, server string, tcp bool) {
var key *dns.DNSKEY
for _, rr := range set {
if rr.Header().Rrtype == dns.TypeRRSIG {
rrset := getRRset(set, rr.Header().Name, rr.(*dns.RRSIG).TypeCovered)
if dnskey == nil {
key = getKey(rr.(*dns.RRSIG).SignerName, rr.(*dns.RRSIG).KeyTag, server, tcp)
} else {
key = dnskey
}
if key == nil {
fmt.Printf(";? DNSKEY %s/%d not found\n", rr.(*dns.RRSIG).SignerName, rr.(*dns.RRSIG).KeyTag)
continue
}
where := "net"
if dnskey != nil {
where = "disk"
}
if err := rr.(*dns.RRSIG).Verify(key, rrset); err != nil {
fmt.Printf(";- Bogus signature, %s does not validate (DNSKEY %s/%d/%s) [%s]\n",
shortSig(rr.(*dns.RRSIG)), key.Header().Name, key.KeyTag(), where, err.Error())
} else {
fmt.Printf(";+ Secure signature, %s validates (DNSKEY %s/%d/%s)\n", shortSig(rr.(*dns.RRSIG)), key.Header().Name, key.KeyTag(), where)
}
}
}
}
func CalcTag(flags uint16, algorithm uint8, publickey string) uint16 {
key := new(dns.DNSKEY)
key.Hdr.Name = "."
key.Hdr.Rrtype = dns.TypeDNSKEY
key.Hdr.Class = dns.ClassINET
key.Hdr.Ttl = 3600
key.Flags = flags
key.Protocol = 3
key.Algorithm = algorithm
key.PublicKey = publickey
return key.KeyTag()
}
func (s *Server) SetKeys(k *dns.DNSKEY, p dns.PrivateKey) {
s.dnsKey = k
s.keyTag = k.KeyTag()
s.privKey = p
s.registry.DNSSEC(true)
}
func (s *server) setKeys(k *dns.DNSKEY, p dns.PrivateKey) {
s.PubKey = k
s.KeyTag = k.KeyTag()
s.PrivKey = p
}