24 #include <openssl/conf.h>
25 #if defined(HAVE_OPENSSL_ENGINE_H) && !defined(OPENSSL_NO_ENGINE)
26 #include <openssl/engine.h>
28 # ifndef OPENSSL_NO_ENGINE
29 # define OPENSSL_NO_ENGINE
32 #include <openssl/err.h>
34 #define MAX_FILENAME_LEN 250
40 usage(FILE *fp,
const char *
prog) {
41 fprintf(fp,
"%s [OPTIONS] zonefile key [key [key]]\n",
prog);
42 fprintf(fp,
" signs the zone with the given key(s)\n");
43 fprintf(fp,
" -b\t\tuse layout in signed zone and print comments DNSSEC records\n");
44 fprintf(fp,
" -d\t\tused keys are not added to the zone\n");
45 fprintf(fp,
" -e <date>\texpiration date\n");
46 fprintf(fp,
" -f <file>\toutput zone to file (default <name>.signed)\n");
47 fprintf(fp,
" -i <date>\tinception date\n");
48 fprintf(fp,
" -o <domain>\torigin for the zone\n");
49 fprintf(fp,
" -u\t\tset SOA serial to the number of seconds since 1-1-1970\n");
50 fprintf(fp,
" -v\t\tprint version and exit\n");
51 fprintf(fp,
" -z <[scheme:]hash>\tAdd ZONEMD resource record\n");
52 fprintf(fp,
"\t\t<scheme> should be \"simple\" (or 1)\n");
53 fprintf(fp,
"\t\t<hash> should be \"sha384\" or \"sha512\" (or 1 or 2)\n");
54 fprintf(fp,
"\t\tthis option can be given more than once\n");
55 fprintf(fp,
" -Z\t\tAllow ZONEMDs to be added without signing\n");
56 fprintf(fp,
" -A\t\tsign DNSKEY with all keys instead of minimal\n");
57 fprintf(fp,
" -U\t\tSign with every unique algorithm in the provided keys\n");
58 #ifndef OPENSSL_NO_ENGINE
59 fprintf(fp,
" -E <name>\tuse <name> as the crypto engine for signing\n");
60 fprintf(fp,
" \tThis can have a lot of extra options, see the manual page for more info\n");
61 fprintf(fp,
" -k <algorithm>,<key>\tuse `key' with `algorithm' from engine as ZSK\n");
62 fprintf(fp,
" -K <algorithm>,<key>\tuse `key' with `algorithm' from engine as KSK\n");
64 fprintf(fp,
" -n\t\tuse NSEC3 instead of NSEC.\n");
65 fprintf(fp,
"\t\tIf you use NSEC3, you can specify the following extra options:\n");
66 fprintf(fp,
"\t\t-a [algorithm] hashing algorithm\n");
67 fprintf(fp,
"\t\t-t [number] number of hash iterations\n");
68 fprintf(fp,
"\t\t-s [string] salt\n");
69 fprintf(fp,
"\t\t-p set the opt-out flag on all nsec3 rrs\n");
71 fprintf(fp,
" keys must be specified by their base name (usually K<name>+<alg>+<id>),\n");
72 fprintf(fp,
" i.e. WITHOUT the .private extension.\n");
73 fprintf(fp,
" If the public part of the key is not present in the zone, the DNSKEY RR\n");
74 fprintf(fp,
" will be read from the file called <base name>.key. If that does not exist,\n");
75 fprintf(fp,
" a default DNSKEY will be generated from the private key and added to the zone.\n");
76 fprintf(fp,
" A date can be a timestamp (seconds since the epoch), or of\n the form <YYYYMMdd[hhmmss]>\n");
77 #ifndef OPENSSL_NO_ENGINE
78 fprintf(fp,
" For -k or -K, the algorithm can be specified as an integer or a symbolic name:" );
80 #define __LIST(x) fprintf ( fp, " %3d: %-15s", LDNS_SIGN_ ## x, # x )
82 fprintf ( fp,
"\n " );
88 fprintf ( fp,
"\n " );
92 __LIST ( RSASHA1_NSEC3 );
94 fprintf ( fp,
"\n " );
97 __LIST ( ECDSAP256SHA256 );
98 fprintf ( fp,
"\n " );
99 __LIST ( ECDSAP384SHA384 );
108 fprintf ( fp,
"\n" );
114 static void check_tm(
struct tm tm)
116 if (tm.tm_year < 70) {
117 fprintf(stderr,
"You cannot specify dates before 1970\n");
120 if (tm.tm_mon < 0 || tm.tm_mon > 11) {
121 fprintf(stderr,
"The month must be in the range 1 to 12\n");
124 if (tm.tm_mday < 1 || tm.tm_mday > 31) {
125 fprintf(stderr,
"The day must be in the range 1 to 31\n");
129 if (tm.tm_hour < 0 || tm.tm_hour > 23) {
130 fprintf(stderr,
"The hour must be in the range 0-23\n");
134 if (tm.tm_min < 0 || tm.tm_min > 59) {
135 fprintf(stderr,
"The minute must be in the range 0-59\n");
139 if (tm.tm_sec < 0 || tm.tm_sec > 59) {
140 fprintf(stderr,
"The second must be in the range 0-59\n");
162 if (ttl1 == default_ttl) {
164 }
else if (ttl2 == default_ttl) {
169 "warning: changing non-default TTL %u to %u\n",
170 (
unsigned int) ttl2, (
unsigned int) ttl1);
184 equalize_ttls(cur_rr, rr, default_ttl);
208 fprintf(stderr,
"Found it in the zone!\n");
223 uint32_t default_ttl = zone_ttl;
227 strlen(keyfile_name_base) + 5);
228 snprintf(keyfile_name,
229 strlen(keyfile_name_base) + 5,
233 fprintf(stderr,
"Trying to read %s\n", keyfile_name);
235 keyfile = fopen(keyfile_name,
"r");
246 printf(
"Key found in file: %s\n", keyfile_name);
265 find_or_create_pubkey(
const char *keyfile_name_base,
ldns_key *key,
ldns_zone *orig_zone,
bool add_keys, uint32_t default_ttl) {
295 "Looking for key with keytag %u or %u\n",
301 pubkey = find_key_in_zone(pubkey_gen, orig_zone);
306 pubkey = find_key_in_file(keyfile_name_base, key, default_ttl);
310 pubkey = find_key_in_file(keyfile_name_base, key, default_ttl);
317 fprintf(stderr,
"Error %s.key has wrong name: %s\n",
328 fprintf(stderr,
"Not in zone, no .key file, generating ZSK DNSKEY from private key data\n");
336 if (add_keys && !key_in_zone) {
337 equalize_ttls_rr_list(
ldns_zone_rrs(orig_zone), pubkey, default_ttl);
342 #ifndef OPENSSL_NO_ENGINE
347 parse_algspec (
const char *
const p )
352 if ( isdigit ( (
const unsigned char)*p ) ) {
353 const char *nptr = NULL;
354 const long id = strtol ( p, (
char **) &nptr, 10 );
355 return id > 0 && nptr != NULL && *nptr ==
',' ? id : 0;
359 if ( !memcmp ( # x, p, sizeof ( # x ) - 1 ) \
360 && p [ sizeof ( # x ) - 1 ] == ',' ) { \
361 return LDNS_SIGN_ ## x; \
369 __MATCH ( RSASHA1_NSEC3 );
370 __MATCH ( RSASHA256 );
371 __MATCH ( RSASHA512 );
373 __MATCH ( DSA_NSEC3 );
375 __MATCH ( ECC_GOST );
376 __MATCH ( ECDSAP256SHA256 );
377 __MATCH ( ECDSAP384SHA384 );
401 parse_keyspec (
const char *
const p,
403 const char **
const id )
405 const char *
const comma = strchr ( p,
',' );
407 if ( comma == NULL || !(*algorithm = parse_algspec ( p )) )
409 return comma [ 1 ] ? *
id = comma + 1 : NULL;
416 load_key (
const char *
const p, ENGINE *
const e )
419 const char *
id = NULL;
424 if ( parse_keyspec ( p, &alg, &
id ) == NULL ) {
426 "Failed to parse key specification `%s'.\n",
428 usage ( stderr,
prog );
429 exit ( EXIT_FAILURE );
451 "Algorithm %d cannot be used for signing.\n",
453 usage ( stderr,
prog );
454 exit ( EXIT_FAILURE );
457 printf (
"Engine key id: %s, algo %d\n",
id, alg );
463 ERR_print_errors_fp ( stderr );
464 exit ( EXIT_FAILURE );
480 const uint32_t inception,
481 const uint32_t expiration )
483 if ( key == NULL )
return;
490 find_or_create_pubkey (
"", key, zone, add_keys, ttl );
497 init_openssl_engine (
const char *
const id )
501 #ifdef HAVE_ERR_LOAD_CRYPTO_STRINGS
502 ERR_load_crypto_strings();
504 #if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(HAVE_LIBRESSL) || !defined(HAVE_OPENSSL_INIT_CRYPTO)
505 OpenSSL_add_all_algorithms();
507 if ( !OPENSSL_init_crypto ( OPENSSL_INIT_LOAD_CONFIG, NULL ) ) {
508 fprintf ( stderr,
"OPENSSL_init_crypto(3) failed.\n" );
509 ERR_print_errors_fp ( stderr );
510 exit ( EXIT_FAILURE );
514 if ( (e = ENGINE_by_id (
id )) == NULL ) {
515 fprintf ( stderr,
"ENGINE_by_id(3) failed.\n" );
516 ERR_print_errors_fp ( stderr );
517 exit ( EXIT_FAILURE );
520 if ( !ENGINE_set_default_DSA ( e ) ) {
521 fprintf ( stderr,
"ENGINE_set_default_DSA(3) failed.\n" );
522 ERR_print_errors_fp ( stderr );
523 exit ( EXIT_FAILURE );
526 if ( !ENGINE_set_default_RSA ( e ) ) {
527 fprintf ( stderr,
"ENGINE_set_default_RSA(3) failed.\n" );
528 ERR_print_errors_fp ( stderr );
529 exit ( EXIT_FAILURE );
545 shutdown_openssl ( ENGINE *
const e )
548 #ifdef HAVE_ENGINE_FREE
551 #ifdef HAVE_ENGINE_CLEANUP
556 #ifdef HAVE_CONF_MODULES_UNLOAD
557 CONF_modules_unload ( 1 );
559 #ifdef HAVE_EVP_CLEANUP
562 #ifdef HAVE_CRYPTO_CLEANUP_ALL_EX_DATA
563 CRYPTO_cleanup_all_ex_data ();
565 #ifdef HAVE_ERR_FREE_STRINGS
575 static const char *reasons[] = {
576 "Unknown <scheme>, should be \"simple\""
577 ,
"Syntax error in <hash>, should be \"sha384\" or \"sha512\""
578 ,
"Unknown <hash>, should be \"sha384\" or \"sha512\""
584 if ((colon = strchr(str,
':'))) {
585 if ((colon - str != 1 || str[0] !=
'1')
586 && (colon - str != 6 || strncasecmp(str,
"simple", 6))) {
587 if (reason) *reason = reasons[0];
591 if (strchr(colon + 1,
':')) {
592 if (reason) *reason = reasons[1];
597 if (!strcasecmp(str,
"1") || !strcasecmp(str,
"sha384"))
599 if (!strcasecmp(str,
"2") || !strcasecmp(str,
"sha512"))
602 if (reason) *reason = reasons[2];
609 const char *zonefile_name;
610 FILE *zonefile = NULL;
614 #ifndef OPENSSL_NO_ENGINE
615 ENGINE *engine = NULL;
622 char *keyfile_name_base;
623 char *keyfile_name = NULL;
624 FILE *keyfile = NULL;
626 #ifndef OPENSSL_NO_ENGINE
635 char *outputfile_name = NULL;
638 bool use_nsec3 =
false;
640 bool unixtime_serial =
false;
643 bool add_keys =
true;
644 uint8_t nsec3_algorithm = 1;
645 uint8_t nsec3_flags = 0;
646 size_t nsec3_iterations_cmd = 1;
647 uint16_t nsec3_iterations = 1;
648 uint8_t nsec3_salt_length = 0;
649 uint8_t *nsec3_salt = NULL;
668 const char *reason = NULL;
670 prog = strdup(argv[0]);
676 while ((c = getopt(argc, argv,
"a:bde:f:i:k:no:ps:t:uvz:ZAUE:K:")) != -1) {
679 nsec3_algorithm = (uint8_t) atoi(optarg);
680 if (nsec3_algorithm != 1) {
681 fprintf(stderr,
"Bad NSEC3 algorithm, only RSASHA1 allowed\n");
699 memset(&tm, 0,
sizeof(tm));
701 if (strlen(optarg) == 8 &&
702 sscanf(optarg,
"%4d%2d%2d", &tm.tm_year, &tm.tm_mon, &tm.tm_mday)
709 }
else if (strlen(optarg) == 14 &&
710 sscanf(optarg,
"%4d%2d%2d%2d%2d%2d", &tm.tm_year, &tm.tm_mon, &tm.tm_mday, &tm.tm_hour, &tm.tm_min, &tm.tm_sec)
718 expiration = (uint32_t) atol(optarg);
726 memset(&tm, 0,
sizeof(tm));
728 if (strlen(optarg) == 8 &&
729 sscanf(optarg,
"%4d%2d%2d", &tm.tm_year, &tm.tm_mon, &tm.tm_mday)
736 }
else if (strlen(optarg) == 14 &&
737 sscanf(optarg,
"%4d%2d%2d%2d%2d%2d", &tm.tm_year, &tm.tm_mon, &tm.tm_mday, &tm.tm_hour, &tm.tm_min, &tm.tm_sec)
745 inception = (uint32_t) atol(optarg);
753 fprintf(stderr,
"Bad origin, not a correct domain name\n");
762 unixtime_serial =
true;
774 ,
"%s\nwith zone digest parameters:"
787 #ifndef OPENSSL_NO_ENGINE
788 engine = init_openssl_engine ( optarg );
794 #ifndef OPENSSL_NO_ENGINE
795 eng_zsk = load_key ( optarg, engine );
801 #ifndef OPENSSL_NO_ENGINE
802 eng_ksk = load_key ( optarg, engine );
806 fprintf(stderr,
"%s compiled without engine support\n"
815 if (strlen(optarg) % 2 != 0) {
816 fprintf(stderr,
"Salt value is not valid hex data, not a multiple of 2 characters\n");
819 nsec3_salt_length = (uint8_t) strlen(optarg) / 2;
821 for (c = 0; c < (int) strlen(optarg); c += 2) {
822 if (isxdigit((
int) optarg[c]) && isxdigit((
int) optarg[c+1])) {
826 fprintf(stderr,
"Salt value is not valid hex data.\n");
833 nsec3_iterations_cmd = (size_t) atol(optarg);
838 nsec3_iterations = (uint16_t) nsec3_iterations_cmd;
850 printf(
"Error: not enough arguments\n");
854 zonefile_name = argv[0];
859 if (strncmp(zonefile_name,
"-", 2) == 0) {
867 fprintf(stderr,
"Zone not read, error: %s at stdin line %d\n",
875 "Error reading zonefile: missing SOA record\n");
881 "Error reading zonefile: no resource records\n");
886 zonefile = fopen(zonefile_name,
"r");
890 "Error: unable to read %s (%s)\n",
902 fprintf(stderr,
"Zone not read, error: %s at %s line %d\n",
904 zonefile_name, line_nr);
910 "Error reading zonefile: missing SOA record\n");
916 "Error reading zonefile: no resource records\n");
926 while (argi < argc) {
927 keyfile_name_base = argv[argi];
928 keyfile_name =
LDNS_XMALLOC(
char, strlen(keyfile_name_base) + 9);
929 snprintf(keyfile_name,
930 strlen(keyfile_name_base) + 9,
933 keyfile = fopen(keyfile_name,
"r");
937 "Error: unable to read %s: %s\n",
947 if (expiration != 0) {
950 if (inception != 0) {
958 fprintf(stderr,
"Error reading key from %s at line %d: %s\n", argv[argi], line_nr,
ldns_get_errorstr_by_id(s));
963 find_or_create_pubkey(keyfile_name_base, key,
964 orig_zone, add_keys, ttl);
969 #ifndef OPENSSL_NO_ENGINE
980 post_process_engine_key ( keys,
989 post_process_engine_key ( keys,
1000 fprintf(stderr,
"Error: no keys to sign with. Aborting.\n\n");
1001 usage(stderr,
prog);
1006 if (unixtime_serial) {
1013 "Error adding SOA to dnssec zone, skipping record\n");
1024 "Error adding RR to dnssec zone");
1025 fprintf(stderr,
", skipping record:\n");
1037 else if (nsec3_iterations > 500)
1038 fprintf(stderr,
"Warning! NSEC3 iterations larger than "
1039 "500 may cause validating resolvers to return "
1041 "See: https://datatracker.ietf.org/doc/html/"
1042 "draft-hardaker-dnsop-nsec3-guidance-03#section-4\n");
1044 else if (nsec3_iterations > 100)
1045 fprintf(stderr,
"Warning! NSEC3 iterations larger than "
1046 "100 may cause validating resolvers to return "
1047 "insecure responses!\n"
1048 "See: https://datatracker.ietf.org/doc/html/"
1049 "draft-hardaker-dnsop-nsec3-guidance-03#section-4\n");
1072 fprintf(stderr,
"Error signing zone: %s\n",
1076 if (!outputfile_name) {
1082 if (strncmp(outputfile_name,
"-", 2) == 0) {
1085 outputfile = fopen(outputfile_name,
"w");
1087 fprintf(stderr,
"Unable to open %s for writing: %s\n",
1088 outputfile_name, strerror(errno));
1091 outputfile, fmt, signed_zone);
1096 fprintf(stderr,
"Error signing zone.\n");
1099 if (ERR_peek_error()) {
1100 #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(HAVE_LIBRESSL)
1101 #ifdef HAVE_ERR_LOAD_CRYPTO_STRINGS
1102 ERR_load_crypto_strings();
1105 ERR_print_errors_fp(stderr);
1106 #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(HAVE_LIBRESSL)
1107 #ifdef HAVE_ERR_FREE_STRINGS
1108 ERR_free_strings ();
1128 #ifndef OPENSSL_NO_ENGINE
1129 shutdown_openssl ( engine );
1131 #if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(HAVE_LIBRESSL)
1132 #ifdef HAVE_CRYPTO_CLEANUP_ALL_EX_DATA
1133 CRYPTO_cleanup_all_ex_data ();
1144 main(
int argc __attribute__((unused)),
1145 char **argv __attribute__((unused)))
1147 fprintf(stderr,
"ldns-signzone needs OpenSSL support, which has not been compiled in\n");
int ldns_dname_compare(const ldns_rdf *dname1, const ldns_rdf *dname2)
Compares the two dname rdf's according to the algorithm for ordering in RFC4034 Section 6.
#define LDNS_NSEC3_MAX_ITERATIONS
uint16_t ldns_calc_keytag(const ldns_rr *key)
calculates a keytag of a key for use in DNSSEC.
int ldns_dnssec_default_replace_signatures(ldns_rr *sig, void *n)
Default callback function to always leave present signatures, and add new ones.
#define LDNS_SIGN_WITH_ZONEMD_SIMPLE_SHA384
#define LDNS_SIGN_DNSKEY_WITH_ZSK
dnssec_verify
#define LDNS_SIGN_WITH_ZONEMD_SIMPLE_SHA512
#define LDNS_SIGN_WITH_ALL_ALGORITHMS
ldns_status ldns_dnssec_zone_sign_nsec3_flg_mkmap(ldns_dnssec_zone *zone, ldns_rr_list *new_rrs, ldns_key_list *key_list, int(*func)(ldns_rr *, void *), void *arg, uint8_t algorithm, uint8_t flags, uint16_t iterations, uint8_t salt_length, uint8_t *salt, int signflags, ldns_rbtree_t **map)
signs the given zone with the given new zone, with NSEC3
#define LDNS_SIGN_NO_KEYS_NO_NSECS
ldns_status ldns_dnssec_zone_sign_flg(ldns_dnssec_zone *zone, ldns_rr_list *new_rrs, ldns_key_list *key_list, int(*func)(ldns_rr *, void *), void *arg, int flags)
signs the given zone with the given keys
void ldns_dnssec_zone_print_fmt(FILE *out, const ldns_output_format *fmt, const ldns_dnssec_zone *zone)
Prints the complete zone to the given file descriptor.
void ldns_dnssec_zone_print(FILE *out, const ldns_dnssec_zone *zone)
Prints the complete zone to the given file descriptor.
ldns_status ldns_dnssec_zone_add_rr(ldns_dnssec_zone *zone, ldns_rr *rr)
Adds the given RR to the zone.
void ldns_dnssec_zone_free(ldns_dnssec_zone *zone)
Frees the given zone structure, and its rbtree of dnssec_names Individual ldns_rr RRs within those na...
ldns_dnssec_zone * ldns_dnssec_zone_new(void)
Creates a new dnssec_zone structure.
const char * ldns_get_errorstr_by_id(ldns_status err)
look up a descriptive text by each error.
enum ldns_enum_status ldns_status
#define LDNS_COMMENT_BUBBLEBABBLE
Provide bubblebabble representation for DS RR's as comment.
void ldns_rr_print(FILE *output, const ldns_rr *rr)
Prints the data in the resource record to the given file stream (in presentation format)
#define LDNS_COMMENT_FLAGS
Show when a NSEC3 RR has the optout flag set as comment.
char * ldns_rdf2str(const ldns_rdf *rdf)
Converts the data in the rdata field to presentation format and returns that as a char *.
#define LDNS_COMMENT_NSEC3_CHAIN
Show the unhashed owner and next owner names for NSEC3 RR's as comment.
#define LDNS_COMMENT_LAYOUT
Print mark up.
Addendum to dnssec.h, this module contains key and algorithm definitions and functions.
void ldns_key_list_free(ldns_key_list *key_list)
Frees a key list structure.
ldns_status ldns_key_new_frm_engine(ldns_key **key, ENGINE *e, char *key_id, ldns_algorithm a)
Read the key with the given id from the given engine and store it in the given ldns_key structure.
ldns_status ldns_key_new_frm_fp_l(ldns_key **k, FILE *fp, int *line_nr)
Creates a new private key based on the contents of the file pointed by fp.
void ldns_key_set_expiration(ldns_key *k, uint32_t e)
Set the key's expiration date (seconds after epoch)
ldns_rr * ldns_key2rr(const ldns_key *k)
converts a ldns_key to a public key rr If the key data exists at an external point,...
void ldns_key_set_pubkey_owner(ldns_key *k, ldns_rdf *r)
Set the key's pubkey owner.
ldns_key_list * ldns_key_list_new(void)
Creates a new empty key list.
signed char ldns_key_list_push_key(ldns_key_list *key_list, ldns_key *key)
pushes a key to a keylist
uint16_t ldns_key_keytag(const ldns_key *k)
return the keytag
void ldns_key_set_keytag(ldns_key *k, uint16_t tag)
Set the key's key tag.
void ldns_key_set_flags(ldns_key *k, uint16_t flags)
Set the key's flags.
ldns_enum_signing_algorithm
Algorithms used in dns for signing.
@ LDNS_SIGN_ECDSAP256SHA256
@ LDNS_SIGN_RSASHA1_NSEC3
@ LDNS_SIGN_ECDSAP384SHA384
ldns_rdf * ldns_key_pubkey_owner(const ldns_key *k)
return the public key's owner
uint16_t ldns_key_flags(const ldns_key *k)
return the flag of the key
size_t ldns_key_list_key_count(const ldns_key_list *key_list)
returns the number of keys in the key list
void ldns_key_set_inception(ldns_key *k, uint32_t i)
Set the key's inception date (seconds after epoch)
enum ldns_enum_algorithm ldns_algorithm
int main(int argc, char *argv[])
int str2zonemd_signflag(const char *str, const char **reason)
Including this file will include all ldns files, and define some lookup tables.
void ldns_rdf_deep_free(ldns_rdf *rd)
frees a rdf structure and frees the data.
uint16_t ldns_rdf2native_int16(const ldns_rdf *rd)
returns the native uint16_t representation from the rdf.
#define LDNS_NSEC3_VARS_OPTOUT_MASK
ldns_rdf * ldns_rdf_clone(const ldns_rdf *rd)
clones a rdf structure.
ldns_rr * ldns_rr_list_rr(const ldns_rr_list *rr_list, size_t nr)
returns a specific rr of an rrlist.
uint32_t ldns_rr_ttl(const ldns_rr *rr)
returns the ttl of an rr structure.
ldns_rdf * ldns_rr_owner(const ldns_rr *rr)
returns the owner name of an rr structure.
void ldns_rr_list_deep_free(ldns_rr_list *rr_list)
frees an rr_list structure and all rrs contained therein.
void ldns_rr_free(ldns_rr *rr)
frees an RR structure
size_t ldns_rr_list_rr_count(const ldns_rr_list *rr_list)
returns the number of rr's in an rr_list.
ldns_rr_type ldns_rr_get_type(const ldns_rr *rr)
returns the type of the rr.
void ldns_rr_set_ttl(ldns_rr *rr, uint32_t ttl)
sets the ttl in the rr structure.
int ldns_rr_compare_no_rdata(const ldns_rr *rr1, const ldns_rr *rr2)
compares two rrs, up to the rdata.
enum ldns_enum_rr_class ldns_rr_class
ldns_rr_list * ldns_rr_list_new(void)
creates a new rr_list structure.
ldns_status ldns_rr_new_frm_fp_l(ldns_rr **rr, FILE *fp, uint32_t *default_ttl, ldns_rdf **origin, ldns_rdf **prev, int *line_nr)
creates a new rr from a file containing a string.
@ LDNS_RR_CLASS_IN
the Internet
ldns_rdf * ldns_rr_rdf(const ldns_rr *rr, size_t nr)
returns the rdata field member counter.
uint32_t ldns_soa_serial_unixtime(uint32_t s, void *data)
Function to be used with ldns_rr_soa_increment_func or ldns_rr_soa_increment_func_int to set the soa ...
void ldns_rr_soa_increment_func_int(ldns_rr *soa, ldns_soa_serial_increment_func_t f, int data)
Increment the serial number of the given SOA with the given function using data as an argument for th...
ldns_status ldns_str2rdf_dname(ldns_rdf **rd, const char *str)
convert a dname string into wireformat
Structure containing a dnssec zone.
Same as rr_list, but now for keys.
General key structure, can contain all types of keys that are used in DNSSEC.
struct ldns_struct_key::@1::@3 dnssec
Some values that influence generated signatures.
Resource record data field.
List or Set of Resource Records.
int ldns_hexdigit_to_int(char ch)
Returns the int value of the given (hex) digit.
time_t ldns_mktime_from_utc(const struct tm *tm)
Convert TM to seconds since epoch (midnight, January 1st, 1970).
#define LDNS_XMALLOC(type, count)
const char * ldns_version(void)
Show the internal library version.
signed char ldns_zone_push_rr(ldns_zone *z, ldns_rr *rr)
push an single rr to a zone structure.
ldns_rr_list * ldns_zone_rrs(const ldns_zone *z)
Get a list of a zone's content.
void ldns_zone_deep_free(ldns_zone *zone)
Frees the allocated memory for the zone, the soa rr in it, and the rr_list structure in it,...
ldns_rr * ldns_zone_soa(const ldns_zone *z)
Return the soa record of a zone.
ldns_status ldns_zone_new_frm_fp_l(ldns_zone **z, FILE *fp, const ldns_rdf *origin, uint32_t ttl, ldns_rr_class c, int *line_nr)
Create a new zone from a file, keep track of the line numbering.