hickory_proto::dnssec::rdata::ds

Struct DS

Source
pub struct DS { /* private fields */ }
Available on crate feature dnssec only.
Expand description

RFC 4034, DNSSEC Resource Records, March 2005

5.1.  DS RDATA Wire Format

   The RDATA for a DS RR consists of a 2 octet Key Tag field, a 1 octet
   Algorithm field, a 1 octet Digest Type field, and a Digest field.

                        1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |           Key Tag             |  Algorithm    |  Digest Type  |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   /                                                               /
   /                            Digest                             /
   /                                                               /
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

5.2.  Processing of DS RRs When Validating Responses

   The DS RR links the authentication chain across zone boundaries, so
   the DS RR requires extra care in processing.  The DNSKEY RR referred
   to in the DS RR MUST be a DNSSEC zone key.  The DNSKEY RR Flags MUST
   have Flags bit 7 set.  If the DNSKEY flags do not indicate a DNSSEC
   zone key, the DS RR (and the DNSKEY RR it references) MUST NOT be
   used in the validation process.

5.3.  The DS RR Presentation Format

   The presentation format of the RDATA portion is as follows:

   The Key Tag field MUST be represented as an unsigned decimal integer.

   The Algorithm field MUST be represented either as an unsigned decimal
   integer or as an algorithm mnemonic specified in Appendix A.1.

   The Digest Type field MUST be represented as an unsigned decimal
   integer.

   The Digest MUST be represented as a sequence of case-insensitive
   hexadecimal digits.  Whitespace is allowed within the hexadecimal
   text.

Implementations§

Source§

impl DS

Source

pub fn from_key( public_key: &dyn PublicKey, name: &Name, algorithm: Algorithm, digest_type: DigestType, ) -> Result<Self, DnsSecError>

Creates a DS record for the given public_key and name.

§Arguments
  • public_key - the public key to create the DS record for
  • name - name of the DNSKEY record covered by the new DS record
  • algorithm - the algorithm of the DNSKEY
  • digest_type - the digest_type used to
Source

pub fn new( key_tag: u16, algorithm: Algorithm, digest_type: DigestType, digest: Vec<u8>, ) -> Self

Constructs a new DS RData

§Arguments
  • key_tag - the key_tag associated to the DNSKEY
  • algorithm - algorithm as specified in the DNSKEY
  • digest_type - hash algorithm used to validate the DNSKEY
  • digest - hash of the DNSKEY
§Returns

the DS RDATA for use in a Resource Record

Source

pub fn key_tag(&self) -> u16

RFC 4034, DNSSEC Resource Records, March 2005

5.1.1.  The Key Tag Field

   The Key Tag field lists the key tag of the DNSKEY RR referred to by
   the DS record, in network byte order.

   The Key Tag used by the DS RR is identical to the Key Tag used by
   RRSIG RRs.  Appendix B describes how to compute a Key Tag.
Source

pub fn algorithm(&self) -> Algorithm

RFC 4034, DNSSEC Resource Records, March 2005

5.1.2.  The Algorithm Field

   The Algorithm field lists the algorithm number of the DNSKEY RR
   referred to by the DS record.

   The algorithm number used by the DS RR is identical to the algorithm
   number used by RRSIG and DNSKEY RRs.  Appendix A.1 lists the
   algorithm number types.
Source

pub fn digest_type(&self) -> DigestType

RFC 4034, DNSSEC Resource Records, March 2005

5.1.3.  The Digest Type Field

   The DS RR refers to a DNSKEY RR by including a digest of that DNSKEY
   RR.  The Digest Type field identifies the algorithm used to construct
   the digest.  Appendix A.2 lists the possible digest algorithm types.
Source

pub fn digest(&self) -> &[u8]

RFC 4034, DNSSEC Resource Records, March 2005

5.1.4.  The Digest Field

   The DS record refers to a DNSKEY RR by including a digest of that
   DNSKEY RR.

   The digest is calculated by concatenating the canonical form of the
   fully qualified owner name of the DNSKEY RR with the DNSKEY RDATA,
   and then applying the digest algorithm.

     digest = digest_algorithm( DNSKEY owner name | DNSKEY RDATA);

      "|" denotes concatenation

     DNSKEY RDATA = Flags | Protocol | Algorithm | Public Key.

   The size of the digest may vary depending on the digest algorithm and
   DNSKEY RR size.  As of the time of this writing, the only defined
   digest algorithm is SHA-1, which produces a 20 octet digest.
Source

pub fn covers(&self, name: &Name, key: &DNSKEY) -> Result<bool, ProtoError>

Available on crate features dnssec-openssl or dnssec-ring only.

Validates that a given DNSKEY is covered by the DS record.

§Return

true if and only if the DNSKEY is covered by the DS record.

Trait Implementations§

Source§

impl BinEncodable for DS

Source§

fn emit(&self, encoder: &mut BinEncoder<'_>) -> Result<(), ProtoError>

Write the type to the stream
Source§

fn to_bytes(&self) -> Result<Vec<u8>, ProtoError>

Returns the object in binary form
Source§

impl Clone for DS

Source§

fn clone(&self) -> DS

Returns a copy of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for DS

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl<'de> Deserialize<'de> for DS

Source§

fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>
where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer. Read more
Source§

impl Display for DS

RFC 4034, DNSSEC Resource Records, March 2005

5.3.  The DS RR Presentation Format

   The presentation format of the RDATA portion is as follows:

   The Key Tag field MUST be represented as an unsigned decimal integer.

   The Algorithm field MUST be represented either as an unsigned decimal
   integer or as an algorithm mnemonic specified in Appendix A.1.

   The Digest Type field MUST be represented as an unsigned decimal
   integer.

   The Digest MUST be represented as a sequence of case-insensitive
   hexadecimal digits.  Whitespace is allowed within the hexadecimal
   text.

5.4.  DS RR Example

   The following example shows a DNSKEY RR and its corresponding DS RR.

   dskey.example.com. 86400 IN DNSKEY 256 3 5 ( AQOeiiR0GOMYkDshWoSKz9Xz
                                             fwJr1AYtsmx3TGkJaNXVbfi/
                                             2pHm822aJ5iI9BMzNXxeYCmZ
                                             DRD99WYwYqUSdjMmmAphXdvx
                                             egXd/M5+X7OrzKBaMbCVdFLU
                                             Uh6DhweJBjEVv5f2wwjM9Xzc
                                             nOf+EPbtG9DMBmADjFDc2w/r
                                             ljwvFw==
                                             ) ;  key id = 60485

   dskey.example.com. 86400 IN DS 60485 5 1 ( 2BB183AF5F22588179A53B0A
                                              98631FAD1A292118 )

   The first four text fields specify the name, TTL, Class, and RR type
   (DS).  Value 60485 is the key tag for the corresponding
   "dskey.example.com." DNSKEY RR, and value 5 denotes the algorithm
   used by this "dskey.example.com." DNSKEY RR.  The value 1 is the
   algorithm used to construct the digest, and the rest of the RDATA
   text is the digest in hexadecimal.
Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result<(), Error>

Formats the value using the given formatter. Read more
Source§

impl Hash for DS

Source§

fn hash<__H: Hasher>(&self, state: &mut __H)

Feeds this value into the given Hasher. Read more
1.3.0 · Source§

fn hash_slice<H>(data: &[Self], state: &mut H)
where H: Hasher, Self: Sized,

Feeds a slice of this type into the given Hasher. Read more
Source§

impl PartialEq for DS

Source§

fn eq(&self, other: &DS) -> bool

Tests for self and other values to be equal, and is used by ==.
1.0.0 · Source§

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.
Source§

impl RecordData for DS

Source§

fn try_from_rdata(data: RData) -> Result<Self, RData>

Attempts to convert to this RecordData from the RData type, if it is not the correct type the original is returned
Source§

fn try_borrow(data: &RData) -> Option<&Self>

Attempts to borrow this RecordData from the RData type, if it is not the correct type the original is returned
Source§

fn record_type(&self) -> RecordType

Get the associated RecordType for the RecordData
Source§

fn into_rdata(self) -> RData

Converts this RecordData into generic RecordData
Source§

fn is_update(&self) -> bool

RDLENGTH = 0
Source§

impl Serialize for DS

Source§

fn serialize<__S>(&self, __serializer: __S) -> Result<__S::Ok, __S::Error>
where __S: Serializer,

Serialize this value into the given Serde serializer. Read more
Source§

impl Eq for DS

Source§

impl StructuralPartialEq for DS

Auto Trait Implementations§

§

impl Freeze for DS

§

impl RefUnwindSafe for DS

§

impl Send for DS

§

impl Sync for DS

§

impl Unpin for DS

§

impl UnwindSafe for DS

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dst: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dst. Read more
Source§

impl<Q, K> Equivalent<K> for Q
where Q: Eq + ?Sized, K: Borrow<Q> + ?Sized,

Source§

fn equivalent(&self, key: &K) -> bool

Checks if this value is equivalent to the given key. Read more
Source§

impl<Q, K> Equivalent<K> for Q
where Q: Eq + ?Sized, K: Borrow<Q> + ?Sized,

Source§

fn equivalent(&self, key: &K) -> bool

Compare self to key and return true if they are equal.
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T> ToString for T
where T: Display + ?Sized,

Source§

default fn to_string(&self) -> String

Converts the given value to a String. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

Source§

fn vzip(self) -> V

Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

impl<T> DeserializeOwned for T
where T: for<'de> Deserialize<'de>,

Source§

impl<T> ErasedDestructor for T
where T: 'static,

Source§

impl<T> MaybeSendSync for T