pub struct NSEC { /* private fields */ }
dnssec
only.Expand description
RFC 4034, DNSSEC Resource Records, March 2005
4.1. NSEC RDATA Wire Format
The RDATA of the NSEC RR is as shown below:
1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
/ Next Domain Name /
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
/ Type Bit Maps /
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
4.1.3. Inclusion of Wildcard Names in NSEC RDATA
If a wildcard owner name appears in a zone, the wildcard label ("*")
is treated as a literal symbol and is treated the same as any other
owner name for the purposes of generating NSEC RRs. Wildcard owner
names appear in the Next Domain Name field without any wildcard
expansion. [RFC4035] describes the impact of wildcards on
authenticated denial of existence.
Implementations
sourceimpl NSEC
impl NSEC
sourcepub fn new(next_domain_name: Name, type_bit_maps: Vec<RecordType>) -> Self
pub fn new(next_domain_name: Name, type_bit_maps: Vec<RecordType>) -> Self
Constructs a new NSEC RData, warning this won’t guarantee that the NSEC covers itself which it should at it’s own name.
Arguments
next_domain_name
- the name labels of the next ordered name in the zonetype_bit_maps
- a bit map of the types that exist at this name
Returns
An NSEC RData for use in a Resource Record
sourcepub fn new_cover_self(
next_domain_name: Name,
type_bit_maps: Vec<RecordType>
) -> Self
pub fn new_cover_self(
next_domain_name: Name,
type_bit_maps: Vec<RecordType>
) -> Self
Constructs a new NSEC RData, this will add the NSEC itself as covered, generally correct for NSEC records generated at their own name
Arguments
next_domain_name
- the name labels of the next ordered name in the zonetype_bit_maps
- a bit map of the types that exist at this name
Returns
An NSEC RData for use in a Resource Record
sourcepub fn next_domain_name(&self) -> &Name
pub fn next_domain_name(&self) -> &Name
RFC 4034, DNSSEC Resource Records, March 2005
4.1.1. The Next Domain Name Field
The Next Domain field contains the next owner name (in the canonical
ordering of the zone) that has authoritative data or contains a
delegation point NS RRset; see Section 6.1 for an explanation of
canonical ordering. The value of the Next Domain Name field in the
last NSEC record in the zone is the name of the zone apex (the owner
name of the zone's SOA RR). This indicates that the owner name of
the NSEC RR is the last name in the canonical ordering of the zone.
A sender MUST NOT use DNS name compression on the Next Domain Name
field when transmitting an NSEC RR.
Owner names of RRsets for which the given zone is not authoritative
(such as glue records) MUST NOT be listed in the Next Domain Name
unless at least one authoritative RRset exists at the same owner
name.
sourcepub fn type_bit_maps(&self) -> &[RecordType]
pub fn type_bit_maps(&self) -> &[RecordType]
RFC 4034, DNSSEC Resource Records, March 2005
4.1.2. The Type Bit Maps Field
The Type Bit Maps field identifies the RRset types that exist at the
NSEC RR's owner name.
A zone MUST NOT include an NSEC RR for any domain name that only
holds glue records.
Trait Implementations
sourceimpl<'de> Deserialize<'de> for NSEC
impl<'de> Deserialize<'de> for NSEC
sourcefn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error> where
__D: Deserializer<'de>,
fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error> where
__D: Deserializer<'de>,
Deserialize this value from the given Serde deserializer. Read more
sourceimpl Display for NSEC
impl Display for NSEC
RFC 4034, DNSSEC Resource Records, March 2005
4.2. The NSEC RR Presentation Format
The presentation format of the RDATA portion is as follows:
The Next Domain Name field is represented as a domain name.
The Type Bit Maps field is represented as a sequence of RR type
mnemonics. When the mnemonic is not known, the TYPE representation
described in [RFC3597], Section 5, MUST be used.
4.3. NSEC RR Example
The following NSEC RR identifies the RRsets associated with
alfa.example.com. and identifies the next authoritative name after
alfa.example.com.
alfa.example.com. 86400 IN NSEC host.example.com. (
A MX RRSIG NSEC TYPE1234 )
The first four text fields specify the name, TTL, Class, and RR type
(NSEC). The entry host.example.com. is the next authoritative name
after alfa.example.com. in canonical order. The A, MX, RRSIG, NSEC,
and TYPE1234 mnemonics indicate that there are A, MX, RRSIG, NSEC,
and TYPE1234 RRsets associated with the name alfa.example.com.
Assuming that the validator can authenticate this NSEC record, it
could be used to prove that beta.example.com does not exist, or to
prove that there is no AAAA record associated with alfa.example.com.
Authenticated denial of existence is discussed in [RFC4035].
sourceimpl PartialEq<NSEC> for NSEC
impl PartialEq<NSEC> for NSEC
impl Eq for NSEC
impl StructuralEq for NSEC
impl StructuralPartialEq for NSEC
Auto Trait Implementations
impl RefUnwindSafe for NSEC
impl Send for NSEC
impl Sync for NSEC
impl Unpin for NSEC
impl UnwindSafe for NSEC
Blanket Implementations
sourceimpl<T> BorrowMut<T> for T where
T: ?Sized,
impl<T> BorrowMut<T> for T where
T: ?Sized,
const: unstable · sourcefn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
Mutably borrows from an owned value. Read more
sourceimpl<Q, K> Equivalent<K> for Q where
Q: Eq + ?Sized,
K: Borrow<Q> + ?Sized,
impl<Q, K> Equivalent<K> for Q where
Q: Eq + ?Sized,
K: Borrow<Q> + ?Sized,
sourcefn equivalent(&self, key: &K) -> bool
fn equivalent(&self, key: &K) -> bool
Compare self to key
and return true
if they are equal.
sourceimpl<T> Instrument for T
impl<T> Instrument for T
sourcefn instrument(self, span: Span) -> Instrumented<Self>
fn instrument(self, span: Span) -> Instrumented<Self>
sourcefn in_current_span(self) -> Instrumented<Self>
fn in_current_span(self) -> Instrumented<Self>
impl<V, T> VZip<V> for T where
V: MultiLane<T>,
impl<V, T> VZip<V> for T where
V: MultiLane<T>,
fn vzip(self) -> V
sourceimpl<T> WithSubscriber for T
impl<T> WithSubscriber for T
sourcefn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self> where
S: Into<Dispatch>,
fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self> where
S: Into<Dispatch>,
Attaches the provided Subscriber
to this type, returning a
WithDispatch
wrapper. Read more
sourcefn with_current_subscriber(self) -> WithDispatch<Self>
fn with_current_subscriber(self) -> WithDispatch<Self>
Attaches the current default Subscriber
to this type, returning a
WithDispatch
wrapper. Read more