Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
Types ¶
type KeyStore ¶
type KeyStore struct {
// contains filtered or unexported fields
}
func (*KeyStore) SetEmptyZone ¶
type Option ¶
type Option func(*config)
func WithDNSResolver ¶
func WithDNSResolver(resolver DNSResolver) Option
type Resolver ¶
type Resolver struct {
// contains filtered or unexported fields
}
func (*Resolver) GetVerifiedZoneKeys ¶
type SecurityStatus ¶
type SecurityStatus error
[rfc4035] 4.3. Determining Security Status of Data
A security-aware resolver MUST be able to determine whether it should expect a particular RRset to be signed. More precisely, a security-aware resolver must be able to distinguish between four cases:
var ( // An RRset for which the resolver is able to build a chain of signed DNSKEY // and DS RRs from a trusted security anchor to the RRset. In this case, the // RRset should be signed and is subject to signature validation. Secure SecurityStatus = nil // An RRset for which the resolver knows that it has no chain of signed // DNSKEY and DS RRs from any trusted starting point to the RRset. This can // occur when the target RRset lies in an unsigned zone or in a descendent // of an unsigned zone. In this case, the RRset may or may not be signed, // but the resolver will not be able to verify the signature. ErrInsecure SecurityStatus = errors.New("insecure RRSet, DNSSEC not enabled in part of the chain of trust") // An RRset for which the resolver believes that it ought to be able to // establish a chain of trust but for which it is unable to do so, either // due to signatures that for some reason fail to validate or due to missing // data that the relevant DNSSEC RRs indicate should be present. This case // may indicate an attack but may also indicate a configuration error or // some form of data corruption. ErrBogus SecurityStatus = errors.New("bogus RRSet, DNSSEC maybe hijacked or misconfigured") // An RRset for which the resolver is not able to determine whether the // RRset should be signed, as the resolver is not able to obtain the // necessary DNSSEC RRs. This can occur when the security-aware resolver is // not able to contact security-aware name servers for the relevant zones. ErrIndeterminate SecurityStatus = errors.New("indeterminated security status, DNSSEC info not availiable due to network error") )
Source Files ¶
Click to show internal directories.
Click to hide internal directories.