// newNSEC3NoData returns the NSEC3 record needed to denial the types func (s *server) newNSEC3NoData(qname string) *dns.NSEC3 { n := new(dns.NSEC3) n.Hdr.Class = dns.ClassINET n.Hdr.Rrtype = dns.TypeNSEC3 n.Hdr.Ttl = s.config.MinTtl n.Hash = dns.SHA1 n.HashLength = sha1.Size n.Flags = 0 n.Salt = "" n.TypeBitMap = []uint16{dns.TypeA, dns.TypeAAAA, dns.TypeSRV, dns.TypeRRSIG} n.Hdr.Name = dns.HashName(qname, dns.SHA1, 0, "") buf := packBase32(n.Hdr.Name) byteArith(buf, true) // one next n.NextDomain = unpackBase32(buf) n.Hdr.Name += appendDomain("", s.config.Domain) return n }
// newNSEC3NameError returns the NSEC3 record needed to denial qname. func (s *server) newNSEC3NameError(qname string) *dns.NSEC3 { n := new(dns.NSEC3) n.Hdr.Class = dns.ClassINET n.Hdr.Rrtype = dns.TypeNSEC3 n.Hdr.Ttl = s.config.MinTtl n.Hash = dns.SHA1 n.HashLength = sha1.Size n.Flags = 0 n.Salt = "" n.TypeBitMap = []uint16{} covername := dns.HashName(qname, dns.SHA1, 0, "") buf := packBase32(covername) byteArith(buf, false) // one before n.Hdr.Name = appendDomain(strings.ToLower(unpackBase32(buf)), s.config.Domain) byteArith(buf, true) // one next byteArith(buf, true) // and another one n.NextDomain = unpackBase32(buf) return n }
// NewNSEC3 returns the NSEC3 record needed to denial the types func (s *server) NewNSEC3NoData(qname string) *dns.NSEC3 { n := new(dns.NSEC3) n.Hdr.Class = dns.ClassINET n.Hdr.Rrtype = dns.TypeNSEC3 n.Hdr.Ttl = s.config.MinTtl n.Hash = dns.SHA1 n.Flags = 0 n.Salt = "" n.TypeBitMap = []uint16{} n.Hdr.Name = dns.HashName(qname, dns.SHA1, 0, "") buf := packBase32(n.Hdr.Name) byteArith(buf, true) // one next n.NextDomain = unpackBase32(buf) n.Hdr.Name += "." + s.config.Domain return n }
// newNSEC3CEandWildcard returns the NSEC3 for the closest encloser // and the NSEC3 that denies that wildcard at that level. func newNSEC3CEandWildcard(apex, ce string, ttl uint32) (*dns.NSEC3, *dns.NSEC3) { n1 := new(dns.NSEC3) n1.Hdr.Class = dns.ClassINET n1.Hdr.Rrtype = dns.TypeNSEC3 n1.Hdr.Ttl = ttl n1.Hash = dns.SHA1 n1.HashLength = sha1.Size n1.Flags = 0 n1.Iterations = 0 n1.Salt = "" // for the apex we need another bitmap n1.TypeBitMap = []uint16{dns.TypeA, dns.TypeAAAA, dns.TypeSRV, dns.TypeRRSIG} prev := dns.HashName(ce, dns.SHA1, n1.Iterations, n1.Salt) n1.Hdr.Name = strings.ToLower(prev) + "." + apex buf := packBase32(prev) byteArith(buf, true) // one next n1.NextDomain = unpackBase32(buf) n2 := new(dns.NSEC3) n2.Hdr.Class = dns.ClassINET n2.Hdr.Rrtype = dns.TypeNSEC3 n2.Hdr.Ttl = ttl n2.Hash = dns.SHA1 n2.HashLength = sha1.Size n2.Flags = 0 n2.Iterations = 0 n2.Salt = "" prev = dns.HashName("*."+ce, dns.SHA1, n2.Iterations, n2.Salt) buf = packBase32(prev) byteArith(buf, false) // one before n2.Hdr.Name = appendDomain(strings.ToLower(unpackBase32(buf)), apex) byteArith(buf, true) // one next byteArith(buf, true) // and another one n2.NextDomain = unpackBase32(buf) return n1, n2 }
// newNSEC3CEandWildcard returns the NSEC3 for the closest encloser // and the NSEC3 that denies that wildcard at that level. func newNSEC3CEandWildcard(apex, ce string, ttl uint32) (*dns.NSEC3, *dns.NSEC3) { n1 := new(dns.NSEC3) n1.Hdr.Class = dns.ClassINET n1.Hdr.Rrtype = dns.TypeNSEC3 n1.Hdr.Ttl = ttl n1.Hash = dns.SHA1 n1.Flags = 0 n1.Salt = "" //n.TypeBitMap = []uint16{dns.TypeA, dns.TypeNS, dns.TypeSOA, dns.TypeAAAA, dns.TypeRRSIG, dns.TypeDNSKEY} n1.TypeBitMap = []uint16{} n1.Hdr.Name = dns.HashName(ce, dns.SHA1, 0, "") + "." + apex buf := packBase32(n1.Hdr.Name) byteArith(buf, true) // one next n1.NextDomain = unpackBase32(buf) n2 := new(dns.NSEC3) n2.Hdr.Class = dns.ClassINET n2.Hdr.Rrtype = dns.TypeNSEC3 n2.Hdr.Ttl = ttl n2.Hash = dns.SHA1 n2.Flags = 0 n2.Salt = "" buf = packBase32("*." + apex) byteArith(buf, false) // one before n2.Hdr.Name = strings.ToLower(unpackBase32(buf)) + "." + apex byteArith(buf, true) // one next byteArith(buf, true) // and another one n2.NextDomain = unpackBase32(buf) return n1, n2 }