pub struct DS { /* private fields */ }
Available on crate feature
dnssec
only.Expand description
RFC 4034, DNSSEC Resource Records, March 2005
5.1. DS RDATA Wire Format
The RDATA for a DS RR consists of a 2 octet Key Tag field, a 1 octet
Algorithm field, a 1 octet Digest Type field, and a Digest field.
1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Key Tag | Algorithm | Digest Type |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
/ /
/ Digest /
/ /
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
5.2. Processing of DS RRs When Validating Responses
The DS RR links the authentication chain across zone boundaries, so
the DS RR requires extra care in processing. The DNSKEY RR referred
to in the DS RR MUST be a DNSSEC zone key. The DNSKEY RR Flags MUST
have Flags bit 7 set. If the DNSKEY flags do not indicate a DNSSEC
zone key, the DS RR (and the DNSKEY RR it references) MUST NOT be
used in the validation process.
5.3. The DS RR Presentation Format
The presentation format of the RDATA portion is as follows:
The Key Tag field MUST be represented as an unsigned decimal integer.
The Algorithm field MUST be represented either as an unsigned decimal
integer or as an algorithm mnemonic specified in Appendix A.1.
The Digest Type field MUST be represented as an unsigned decimal
integer.
The Digest MUST be represented as a sequence of case-insensitive
hexadecimal digits. Whitespace is allowed within the hexadecimal
text.
Implementations§
Source§impl DS
impl DS
Sourcepub fn from_key(
public_key: &dyn PublicKey,
name: &Name,
algorithm: Algorithm,
digest_type: DigestType,
) -> Result<Self, DnsSecError>
pub fn from_key( public_key: &dyn PublicKey, name: &Name, algorithm: Algorithm, digest_type: DigestType, ) -> Result<Self, DnsSecError>
Sourcepub fn new(
key_tag: u16,
algorithm: Algorithm,
digest_type: DigestType,
digest: Vec<u8>,
) -> Self
pub fn new( key_tag: u16, algorithm: Algorithm, digest_type: DigestType, digest: Vec<u8>, ) -> Self
Sourcepub fn key_tag(&self) -> u16
pub fn key_tag(&self) -> u16
RFC 4034, DNSSEC Resource Records, March 2005
5.1.1. The Key Tag Field
The Key Tag field lists the key tag of the DNSKEY RR referred to by
the DS record, in network byte order.
The Key Tag used by the DS RR is identical to the Key Tag used by
RRSIG RRs. Appendix B describes how to compute a Key Tag.
Sourcepub fn algorithm(&self) -> Algorithm
pub fn algorithm(&self) -> Algorithm
RFC 4034, DNSSEC Resource Records, March 2005
5.1.2. The Algorithm Field
The Algorithm field lists the algorithm number of the DNSKEY RR
referred to by the DS record.
The algorithm number used by the DS RR is identical to the algorithm
number used by RRSIG and DNSKEY RRs. Appendix A.1 lists the
algorithm number types.
Sourcepub fn digest_type(&self) -> DigestType
pub fn digest_type(&self) -> DigestType
RFC 4034, DNSSEC Resource Records, March 2005
5.1.3. The Digest Type Field
The DS RR refers to a DNSKEY RR by including a digest of that DNSKEY
RR. The Digest Type field identifies the algorithm used to construct
the digest. Appendix A.2 lists the possible digest algorithm types.
Sourcepub fn digest(&self) -> &[u8] ⓘ
pub fn digest(&self) -> &[u8] ⓘ
RFC 4034, DNSSEC Resource Records, March 2005
5.1.4. The Digest Field
The DS record refers to a DNSKEY RR by including a digest of that
DNSKEY RR.
The digest is calculated by concatenating the canonical form of the
fully qualified owner name of the DNSKEY RR with the DNSKEY RDATA,
and then applying the digest algorithm.
digest = digest_algorithm( DNSKEY owner name | DNSKEY RDATA);
"|" denotes concatenation
DNSKEY RDATA = Flags | Protocol | Algorithm | Public Key.
The size of the digest may vary depending on the digest algorithm and
DNSKEY RR size. As of the time of this writing, the only defined
digest algorithm is SHA-1, which produces a 20 octet digest.
Trait Implementations§
Source§impl BinEncodable for DS
impl BinEncodable for DS
Source§fn emit(&self, encoder: &mut BinEncoder<'_>) -> Result<(), ProtoError>
fn emit(&self, encoder: &mut BinEncoder<'_>) -> Result<(), ProtoError>
Write the type to the stream
Source§impl<'de> Deserialize<'de> for DS
impl<'de> Deserialize<'de> for DS
Source§fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>where
__D: Deserializer<'de>,
fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>where
__D: Deserializer<'de>,
Deserialize this value from the given Serde deserializer. Read more
Source§impl Display for DS
impl Display for DS
RFC 4034, DNSSEC Resource Records, March 2005
5.3. The DS RR Presentation Format
The presentation format of the RDATA portion is as follows:
The Key Tag field MUST be represented as an unsigned decimal integer.
The Algorithm field MUST be represented either as an unsigned decimal
integer or as an algorithm mnemonic specified in Appendix A.1.
The Digest Type field MUST be represented as an unsigned decimal
integer.
The Digest MUST be represented as a sequence of case-insensitive
hexadecimal digits. Whitespace is allowed within the hexadecimal
text.
5.4. DS RR Example
The following example shows a DNSKEY RR and its corresponding DS RR.
dskey.example.com. 86400 IN DNSKEY 256 3 5 ( AQOeiiR0GOMYkDshWoSKz9Xz
fwJr1AYtsmx3TGkJaNXVbfi/
2pHm822aJ5iI9BMzNXxeYCmZ
DRD99WYwYqUSdjMmmAphXdvx
egXd/M5+X7OrzKBaMbCVdFLU
Uh6DhweJBjEVv5f2wwjM9Xzc
nOf+EPbtG9DMBmADjFDc2w/r
ljwvFw==
) ; key id = 60485
dskey.example.com. 86400 IN DS 60485 5 1 ( 2BB183AF5F22588179A53B0A
98631FAD1A292118 )
The first four text fields specify the name, TTL, Class, and RR type
(DS). Value 60485 is the key tag for the corresponding
"dskey.example.com." DNSKEY RR, and value 5 denotes the algorithm
used by this "dskey.example.com." DNSKEY RR. The value 1 is the
algorithm used to construct the digest, and the rest of the RDATA
text is the digest in hexadecimal.
Source§impl RecordData for DS
impl RecordData for DS
Source§fn try_from_rdata(data: RData) -> Result<Self, RData>
fn try_from_rdata(data: RData) -> Result<Self, RData>
Attempts to convert to this RecordData from the RData type, if it is not the correct type the original is returned
Source§fn try_borrow(data: &RData) -> Option<&Self>
fn try_borrow(data: &RData) -> Option<&Self>
Attempts to borrow this RecordData from the RData type, if it is not the correct type the original is returned
Source§fn record_type(&self) -> RecordType
fn record_type(&self) -> RecordType
Get the associated RecordType for the RecordData
Source§fn into_rdata(self) -> RData
fn into_rdata(self) -> RData
Converts this RecordData into generic RecordData
impl Eq for DS
impl StructuralPartialEq for DS
Auto Trait Implementations§
impl Freeze for DS
impl RefUnwindSafe for DS
impl Send for DS
impl Sync for DS
impl Unpin for DS
impl UnwindSafe for DS
Blanket Implementations§
Source§impl<T> BorrowMut<T> for Twhere
T: ?Sized,
impl<T> BorrowMut<T> for Twhere
T: ?Sized,
Source§fn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
Mutably borrows from an owned value. Read more
Source§impl<T> CloneToUninit for Twhere
T: Clone,
impl<T> CloneToUninit for Twhere
T: Clone,
Source§impl<Q, K> Equivalent<K> for Q
impl<Q, K> Equivalent<K> for Q
Source§impl<Q, K> Equivalent<K> for Q
impl<Q, K> Equivalent<K> for Q
Source§fn equivalent(&self, key: &K) -> bool
fn equivalent(&self, key: &K) -> bool
Compare self to
key
and return true
if they are equal.