pub struct NSEC { /* private fields */ }
Available on crate feature dnssec only.
Expand description

RFC 4034, DNSSEC Resource Records, March 2005

4.1.  NSEC RDATA Wire Format

   The RDATA of the NSEC RR is as shown below:

                        1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   /                      Next Domain Name                         /
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   /                       Type Bit Maps                           /
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

4.1.3.  Inclusion of Wildcard Names in NSEC RDATA

   If a wildcard owner name appears in a zone, the wildcard label ("*")
   is treated as a literal symbol and is treated the same as any other
   owner name for the purposes of generating NSEC RRs.  Wildcard owner
   names appear in the Next Domain Name field without any wildcard
   expansion.  [RFC4035] describes the impact of wildcards on
   authenticated denial of existence.

Implementations

Constructs a new NSEC RData, warning this won’t guarantee that the NSEC covers itself which it should at it’s own name.

Arguments
  • next_domain_name - the name labels of the next ordered name in the zone
  • type_bit_maps - a bit map of the types that exist at this name
Returns

An NSEC RData for use in a Resource Record

Constructs a new NSEC RData, this will add the NSEC itself as covered, generally correct for NSEC records generated at their own name

Arguments
  • next_domain_name - the name labels of the next ordered name in the zone
  • type_bit_maps - a bit map of the types that exist at this name
Returns

An NSEC RData for use in a Resource Record

RFC 4034, DNSSEC Resource Records, March 2005

4.1.1.  The Next Domain Name Field

   The Next Domain field contains the next owner name (in the canonical
   ordering of the zone) that has authoritative data or contains a
   delegation point NS RRset; see Section 6.1 for an explanation of
   canonical ordering.  The value of the Next Domain Name field in the
   last NSEC record in the zone is the name of the zone apex (the owner
   name of the zone's SOA RR).  This indicates that the owner name of
   the NSEC RR is the last name in the canonical ordering of the zone.

   A sender MUST NOT use DNS name compression on the Next Domain Name
   field when transmitting an NSEC RR.

   Owner names of RRsets for which the given zone is not authoritative
   (such as glue records) MUST NOT be listed in the Next Domain Name
   unless at least one authoritative RRset exists at the same owner
   name.

RFC 4034, DNSSEC Resource Records, March 2005

4.1.2.  The Type Bit Maps Field

   The Type Bit Maps field identifies the RRset types that exist at the
   NSEC RR's owner name.

   A zone MUST NOT include an NSEC RR for any domain name that only
   holds glue records.

Trait Implementations

Returns a copy of the value. Read more

Performs copy-assignment from source. Read more

Formats the value using the given formatter. Read more

Deserialize this value from the given Serde deserializer. Read more

RFC 4034, DNSSEC Resource Records, March 2005

4.2.  The NSEC RR Presentation Format

   The presentation format of the RDATA portion is as follows:

   The Next Domain Name field is represented as a domain name.

   The Type Bit Maps field is represented as a sequence of RR type
   mnemonics.  When the mnemonic is not known, the TYPE representation
   described in [RFC3597], Section 5, MUST be used.

4.3.  NSEC RR Example

   The following NSEC RR identifies the RRsets associated with
   alfa.example.com. and identifies the next authoritative name after
   alfa.example.com.

   alfa.example.com. 86400 IN NSEC host.example.com. (
                                   A MX RRSIG NSEC TYPE1234 )

   The first four text fields specify the name, TTL, Class, and RR type
   (NSEC).  The entry host.example.com. is the next authoritative name
   after alfa.example.com. in canonical order.  The A, MX, RRSIG, NSEC,
   and TYPE1234 mnemonics indicate that there are A, MX, RRSIG, NSEC,
   and TYPE1234 RRsets associated with the name alfa.example.com.

   Assuming that the validator can authenticate this NSEC record, it
   could be used to prove that beta.example.com does not exist, or to
   prove that there is no AAAA record associated with alfa.example.com.
   Authenticated denial of existence is discussed in [RFC4035].

Formats the value using the given formatter. Read more

Feeds this value into the given Hasher. Read more

Feeds a slice of this type into the given Hasher. Read more

This method tests for self and other values to be equal, and is used by ==. Read more

This method tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason. Read more

Serialize this value into the given Serde serializer. Read more

Auto Trait Implementations

Blanket Implementations

Gets the TypeId of self. Read more

Immutably borrows from an owned value. Read more

Mutably borrows from an owned value. Read more

Compare self to key and return true if they are equal.

Returns the argument unchanged.

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more

Instruments this type with the current Span, returning an Instrumented wrapper. Read more

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

The resulting type after obtaining ownership.

Creates owned data from borrowed data, usually by cloning. Read more

Uses borrowed data to replace owned data, usually by cloning. Read more

Converts the given value to a String. Read more

The type returned in the event of a conversion error.

Performs the conversion.

The type returned in the event of a conversion error.

Performs the conversion.

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more