pub struct NSEC { /* private fields */ }
Available on crate feature
dnssec
only.Expand description
RFC 4034, DNSSEC Resource Records, March 2005
4.1. NSEC RDATA Wire Format
The RDATA of the NSEC RR is as shown below:
1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
/ Next Domain Name /
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
/ Type Bit Maps /
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
4.1.3. Inclusion of Wildcard Names in NSEC RDATA
If a wildcard owner name appears in a zone, the wildcard label ("*")
is treated as a literal symbol and is treated the same as any other
owner name for the purposes of generating NSEC RRs. Wildcard owner
names appear in the Next Domain Name field without any wildcard
expansion. [RFC4035] describes the impact of wildcards on
authenticated denial of existence.
Implementations§
Source§impl NSEC
impl NSEC
Sourcepub fn new(next_domain_name: Name, type_bit_maps: Vec<RecordType>) -> Self
pub fn new(next_domain_name: Name, type_bit_maps: Vec<RecordType>) -> Self
Constructs a new NSEC RData, warning this won’t guarantee that the NSEC covers itself which it should at it’s own name.
§Arguments
next_domain_name
- the name labels of the next ordered name in the zonetype_bit_maps
- a bit map of the types that exist at this name
§Returns
An NSEC RData for use in a Resource Record
Sourcepub fn new_cover_self(
next_domain_name: Name,
type_bit_maps: Vec<RecordType>,
) -> Self
pub fn new_cover_self( next_domain_name: Name, type_bit_maps: Vec<RecordType>, ) -> Self
Constructs a new NSEC RData, this will add the NSEC itself as covered, generally correct for NSEC records generated at their own name
§Arguments
next_domain_name
- the name labels of the next ordered name in the zonetype_bit_maps
- a bit map of the types that exist at this name
§Returns
An NSEC RData for use in a Resource Record
Sourcepub fn next_domain_name(&self) -> &Name
pub fn next_domain_name(&self) -> &Name
RFC 4034, DNSSEC Resource Records, March 2005
4.1.1. The Next Domain Name Field
The Next Domain field contains the next owner name (in the canonical
ordering of the zone) that has authoritative data or contains a
delegation point NS RRset; see Section 6.1 for an explanation of
canonical ordering. The value of the Next Domain Name field in the
last NSEC record in the zone is the name of the zone apex (the owner
name of the zone's SOA RR). This indicates that the owner name of
the NSEC RR is the last name in the canonical ordering of the zone.
A sender MUST NOT use DNS name compression on the Next Domain Name
field when transmitting an NSEC RR.
Owner names of RRsets for which the given zone is not authoritative
(such as glue records) MUST NOT be listed in the Next Domain Name
unless at least one authoritative RRset exists at the same owner
name.
Sourcepub fn type_bit_maps(&self) -> &[RecordType]
pub fn type_bit_maps(&self) -> &[RecordType]
RFC 4034, DNSSEC Resource Records, March 2005
4.1.2. The Type Bit Maps Field
The Type Bit Maps field identifies the RRset types that exist at the
NSEC RR's owner name.
A zone MUST NOT include an NSEC RR for any domain name that only
holds glue records.
Trait Implementations§
Source§impl BinEncodable for NSEC
impl BinEncodable for NSEC
Source§fn emit(&self, encoder: &mut BinEncoder<'_>) -> Result<(), ProtoError>
fn emit(&self, encoder: &mut BinEncoder<'_>) -> Result<(), ProtoError>
5.1. Errors in Canonical Form Type Code List
When canonicalizing DNS names (for both ordering and signing), DNS
names in the RDATA section of NSEC resource records are not converted
to lowercase. DNS names in the RDATA section of RRSIG resource
records are converted to lowercase.
Source§impl<'de> Deserialize<'de> for NSEC
impl<'de> Deserialize<'de> for NSEC
Source§fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>where
__D: Deserializer<'de>,
fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>where
__D: Deserializer<'de>,
Deserialize this value from the given Serde deserializer. Read more
Source§impl Display for NSEC
impl Display for NSEC
RFC 4034, DNSSEC Resource Records, March 2005
4.2. The NSEC RR Presentation Format
The presentation format of the RDATA portion is as follows:
The Next Domain Name field is represented as a domain name.
The Type Bit Maps field is represented as a sequence of RR type
mnemonics. When the mnemonic is not known, the TYPE representation
described in [RFC3597], Section 5, MUST be used.
4.3. NSEC RR Example
The following NSEC RR identifies the RRsets associated with
alfa.example.com. and identifies the next authoritative name after
alfa.example.com.
alfa.example.com. 86400 IN NSEC host.example.com. (
A MX RRSIG NSEC TYPE1234 )
The first four text fields specify the name, TTL, Class, and RR type
(NSEC). The entry host.example.com. is the next authoritative name
after alfa.example.com. in canonical order. The A, MX, RRSIG, NSEC,
and TYPE1234 mnemonics indicate that there are A, MX, RRSIG, NSEC,
and TYPE1234 RRsets associated with the name alfa.example.com.
Assuming that the validator can authenticate this NSEC record, it
could be used to prove that beta.example.com does not exist, or to
prove that there is no AAAA record associated with alfa.example.com.
Authenticated denial of existence is discussed in [RFC4035].
Source§impl RecordData for NSEC
impl RecordData for NSEC
Source§fn try_from_rdata(data: RData) -> Result<Self, RData>
fn try_from_rdata(data: RData) -> Result<Self, RData>
Attempts to convert to this RecordData from the RData type, if it is not the correct type the original is returned
Source§fn try_borrow(data: &RData) -> Option<&Self>
fn try_borrow(data: &RData) -> Option<&Self>
Attempts to borrow this RecordData from the RData type, if it is not the correct type the original is returned
Source§fn record_type(&self) -> RecordType
fn record_type(&self) -> RecordType
Get the associated RecordType for the RecordData
Source§fn into_rdata(self) -> RData
fn into_rdata(self) -> RData
Converts this RecordData into generic RecordData
impl Eq for NSEC
impl StructuralPartialEq for NSEC
Auto Trait Implementations§
impl Freeze for NSEC
impl RefUnwindSafe for NSEC
impl Send for NSEC
impl Sync for NSEC
impl Unpin for NSEC
impl UnwindSafe for NSEC
Blanket Implementations§
Source§impl<T> BorrowMut<T> for Twhere
T: ?Sized,
impl<T> BorrowMut<T> for Twhere
T: ?Sized,
Source§fn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
Mutably borrows from an owned value. Read more
Source§impl<T> CloneToUninit for Twhere
T: Clone,
impl<T> CloneToUninit for Twhere
T: Clone,
Source§impl<Q, K> Equivalent<K> for Q
impl<Q, K> Equivalent<K> for Q
Source§impl<Q, K> Equivalent<K> for Q
impl<Q, K> Equivalent<K> for Q
Source§fn equivalent(&self, key: &K) -> bool
fn equivalent(&self, key: &K) -> bool
Compare self to
key
and return true
if they are equal.