Enum hickory_proto::rr::dnssec::proof::Proof

#[repr(u8)]
pub enum Proof {
    Secure = 3,
    Insecure = 2,
    Bogus = 1,
    Indeterminate = 0,
}

Available on crate feature dnssec only.

Represents the status of a DNSSEC verified record.

see RFC 4035, DNSSEC Protocol Modifications, March 2005

4.3.  Determining Security Status of Data

  A security-aware resolver MUST be able to determine whether it should
  expect a particular RRset to be signed.  More precisely, a
  security-aware resolver must be able to distinguish between four
  cases:

Variants

Secure = 3

An RRset for which the resolver is able to build a chain of signed DNSKEY and DS RRs from a trusted security anchor to the RRset. In this case, the RRset should be signed and is subject to signature validation, as described above.

Insecure = 2

An RRset for which the resolver knows that it has no chain of signed DNSKEY and DS RRs from any trusted starting point to the RRset. This can occur when the target RRset lies in an unsigned zone or in a descendent of an unsigned zone. In this case, the RRset may or may not be signed, but the resolver will not be able to verify the signature.

Bogus = 1

An RRset for which the resolver believes that it ought to be able to establish a chain of trust but for which it is unable to do so, either due to signatures that for some reason fail to validate or due to missing data that the relevant DNSSEC RRs indicate should be present. This case may indicate an attack but may also indicate a configuration error or some form of data corruption.

Indeterminate = 0

An RRset for which the resolver is not able to determine whether the RRset should be signed, as the resolver is not able to obtain the necessary DNSSEC RRs. This can occur when the security-aware resolver is not able to contact security-aware name servers for the relevant zones.

Implementations

impl Proof

pub fn is_secure(&self) -> bool

Returns true if this Proof represents a validated DNSSEC record

pub fn is_insecure(&self) -> bool

Returns true if this Proof represents a validated to be insecure DNSSEC record, meaning the zone is known to be not signed

pub fn is_bogus(&self) -> bool

Returns true if this Proof represents a DNSSEC record that failed validation, meaning that the DNSSEC is bad, or other DNSSEC records are incorrect

pub fn is_indeterminate(&self) -> bool

Either the record has not been verified or there were network issues fetching DNSSEC records

Trait Implementations

impl BitOr for Proof

type Output = ProofFlags

The resulting type after applying the | operator.

fn bitor(self, rhs: Self) -> Self::Output

Performs the | operation.

impl Clone for Proof

fn clone(&self) -> Proof

Returns a copy of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for Proof

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl Default for Proof

fn default() -> Proof

Returns the “default value” for a type.

impl<'de> Deserialize<'de> for Proof

fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>

where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer.

impl Display for Proof

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl Error for Proof

fn source(&self) -> Option<&(dyn Error + 'static)>

Returns the lower-level source of this error, if any.

fn description(&self) -> &str

👎Deprecated since 1.42.0: use the Display impl or to_string()

fn cause(&self) -> Option<&dyn Error>

👎Deprecated since 1.33.0: replaced by Error::source, which can support downcasting

fn provide<'a>(&'a self, request: &mut Request<'a>)

🔬This is a nightly-only experimental API. (error_generic_member_access)

Provides type-based access to context intended for error reports.

impl From<Proof> for ProofFlags

fn from(proof: Proof) -> Self

Converts to this type from the input type.

impl Ord for Proof

fn cmp(&self, other: &Proof) -> Ordering

This method returns an Ordering between self and other.

fn max(self, other: Self) -> Self

where Self: Sized,

Compares and returns the maximum of two values.

fn min(self, other: Self) -> Self

where Self: Sized,

Compares and returns the minimum of two values.

fn clamp(self, min: Self, max: Self) -> Self

where Self: Sized + PartialOrd,

Restrict a value to a certain interval.

impl PartialEq for Proof

fn eq(&self, other: &Proof) -> bool

Tests for self and other values to be equal, and is used by ==.

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.

impl PartialOrd for Proof

fn partial_cmp(&self, other: &Proof) -> Option<Ordering>

This method returns an ordering between self and other values if one exists.

fn lt(&self, other: &Rhs) -> bool

Tests less than (for self and other) and is used by the < operator.

fn le(&self, other: &Rhs) -> bool

Tests less than or equal to (for self and other) and is used by the <= operator.

fn gt(&self, other: &Rhs) -> bool

Tests greater than (for self and other) and is used by the > operator.

fn ge(&self, other: &Rhs) -> bool

Tests greater than or equal to (for self and other) and is used by the >= operator.

impl Serialize for Proof

fn serialize<__S>(&self, __serializer: __S) -> Result<__S::Ok, __S::Error>

where __S: Serializer,

Serialize this value into the given Serde serializer.

impl Copy for Proof

impl Eq for Proof

impl StructuralPartialEq for Proof