Пример #1
0
// newNSEC3CEandWildcard returns the NSEC3 for the closest encloser
// and the NSEC3 that denies that wildcard at that level.
func newNSEC3CEandWildcard(apex, ce string, ttl uint32) (*dns.NSEC3, *dns.NSEC3) {
	n1 := new(dns.NSEC3)
	n1.Hdr.Class = dns.ClassINET
	n1.Hdr.Rrtype = dns.TypeNSEC3
	n1.Hdr.Ttl = ttl
	n1.Hash = dns.SHA1
	n1.Flags = 0
	n1.Salt = ""
	//n.TypeBitMap = []uint16{dns.TypeA, dns.TypeNS, dns.TypeSOA, dns.TypeAAAA, dns.TypeRRSIG, dns.TypeDNSKEY}
	n1.TypeBitMap = []uint16{}
	n1.Hdr.Name = dns.HashName(ce, dns.SHA1, 0, "") + "." + apex
	buf := packBase32(n1.Hdr.Name)
	byteArith(buf, true) // one next
	n1.NextDomain = unpackBase32(buf)

	n2 := new(dns.NSEC3)
	n2.Hdr.Class = dns.ClassINET
	n2.Hdr.Rrtype = dns.TypeNSEC3
	n2.Hdr.Ttl = ttl
	n2.Hash = dns.SHA1
	n2.Flags = 0
	n2.Salt = ""

	buf = packBase32("*." + apex)
	byteArith(buf, false) // one before
	n2.Hdr.Name = strings.ToLower(unpackBase32(buf)) + "." + apex
	byteArith(buf, true) // one next
	byteArith(buf, true) // and another one
	n2.NextDomain = unpackBase32(buf)

	return n1, n2
}
Пример #2
0
// newNSEC3CEandWildcard returns the NSEC3 for the closest encloser
// and the NSEC3 that denies that wildcard at that level.
func newNSEC3CEandWildcard(apex, ce string, ttl uint32) (*dns.NSEC3, *dns.NSEC3) {
	n1 := new(dns.NSEC3)
	n1.Hdr.Class = dns.ClassINET
	n1.Hdr.Rrtype = dns.TypeNSEC3
	n1.Hdr.Ttl = ttl
	n1.Hash = dns.SHA1
	n1.HashLength = sha1.Size
	n1.Flags = 0
	n1.Iterations = 0
	n1.Salt = ""
	// for the apex we need another bitmap
	n1.TypeBitMap = []uint16{dns.TypeA, dns.TypeAAAA, dns.TypeSRV, dns.TypeRRSIG}
	prev := dns.HashName(ce, dns.SHA1, n1.Iterations, n1.Salt)
	n1.Hdr.Name = strings.ToLower(prev) + "." + apex
	buf := packBase32(prev)
	byteArith(buf, true) // one next
	n1.NextDomain = unpackBase32(buf)

	n2 := new(dns.NSEC3)
	n2.Hdr.Class = dns.ClassINET
	n2.Hdr.Rrtype = dns.TypeNSEC3
	n2.Hdr.Ttl = ttl
	n2.Hash = dns.SHA1
	n2.HashLength = sha1.Size
	n2.Flags = 0
	n2.Iterations = 0
	n2.Salt = ""

	prev = dns.HashName("*."+ce, dns.SHA1, n2.Iterations, n2.Salt)
	buf = packBase32(prev)
	byteArith(buf, false) // one before
	n2.Hdr.Name = appendDomain(strings.ToLower(unpackBase32(buf)), apex)
	byteArith(buf, true) // one next
	byteArith(buf, true) // and another one
	n2.NextDomain = unpackBase32(buf)

	return n1, n2
}
Пример #3
0
// NewNSEC3 returns the NSEC3 record needed to denial the types
func (s *server) NewNSEC3NoData(qname string) *dns.NSEC3 {
	n := new(dns.NSEC3)
	n.Hdr.Class = dns.ClassINET
	n.Hdr.Rrtype = dns.TypeNSEC3
	n.Hdr.Ttl = s.config.MinTtl
	n.Hash = dns.SHA1
	n.Flags = 0
	n.Salt = ""
	n.TypeBitMap = []uint16{}

	n.Hdr.Name = dns.HashName(qname, dns.SHA1, 0, "")
	buf := packBase32(n.Hdr.Name)
	byteArith(buf, true) // one next
	n.NextDomain = unpackBase32(buf)

	n.Hdr.Name += "." + s.config.Domain
	return n
}
Пример #4
0
// newNSEC3NoData returns the NSEC3 record needed to denial the types
func (s *server) newNSEC3NoData(qname string) *dns.NSEC3 {
	n := new(dns.NSEC3)
	n.Hdr.Class = dns.ClassINET
	n.Hdr.Rrtype = dns.TypeNSEC3
	n.Hdr.Ttl = s.config.MinTtl
	n.Hash = dns.SHA1
	n.HashLength = sha1.Size
	n.Flags = 0
	n.Salt = ""
	n.TypeBitMap = []uint16{dns.TypeA, dns.TypeAAAA, dns.TypeSRV, dns.TypeRRSIG}

	n.Hdr.Name = dns.HashName(qname, dns.SHA1, 0, "")
	buf := packBase32(n.Hdr.Name)
	byteArith(buf, true) // one next
	n.NextDomain = unpackBase32(buf)

	n.Hdr.Name += appendDomain("", s.config.Domain)
	return n
}
Пример #5
0
// NewNSEC3 returns the NSEC3 record needed to denial qname.
func (s *server) NewNSEC3NameError(qname string) *dns.NSEC3 {
	n := new(dns.NSEC3)
	n.Hdr.Class = dns.ClassINET
	n.Hdr.Rrtype = dns.TypeNSEC3
	n.Hdr.Ttl = s.config.MinTtl
	n.Hash = dns.SHA1
	n.Flags = 0
	n.Salt = ""
	n.TypeBitMap = []uint16{}

	covername := dns.HashName(qname, dns.SHA1, 0, "")

	buf := packBase32(covername)
	byteArith(buf, false) // one before
	n.Hdr.Name = strings.ToLower(unpackBase32(buf)) + "." + s.config.Domain
	byteArith(buf, true) // one next
	byteArith(buf, true) // and another one
	n.NextDomain = unpackBase32(buf)
	return n
}