View Source erldns_dnssec (erldns v4.2.0)
Placeholder for eventual DNSSEC implementation.
Summary
Functions
Apply DNSSEC records to the given message if the zone is signed and DNSSEC is requested.
Return a function that can be used to sign the given records using the key signing key. The function accepts a keyset, allowing the zone signing mechanism to iterate through available keysets, applying the key signing key from each keyset.
This function will potentially sign the given RR set if the following conditions are true
Given a zone and a set of records, return the RRSIG records.
Return a function that can be used to sign the given records using the zone signing key. The function accepts a keyset, allowing the zone signing mechanism to iterate through available keysets, applying the zone signing key from each keyset.
Functions
-spec handle(dns:message(), erldns:zone(), dns:name(), dns:type()) -> dns:message().
Apply DNSSEC records to the given message if the zone is signed and DNSSEC is requested.
-spec key_rrset_signer(dns:name(), [dns:rr()]) -> fun((erldns:keyset()) -> [dns:rr()]).
Return a function that can be used to sign the given records using the key signing key. The function accepts a keyset, allowing the zone signing mechanism to iterate through available keysets, applying the key signing key from each keyset.
-spec maybe_sign_rrset(dns:message(), [dns:rr()], erldns:zone()) -> [dns:rr()].
This function will potentially sign the given RR set if the following conditions are true:
- DNSSEC is requested - The zone is signed
-spec rrsig_for_zone_rrset(erldns:zone(), [dns:rr()]) -> [dns:rr()].
Given a zone and a set of records, return the RRSIG records.
-spec zone_rrset_signer(dns:name(), [dns:rr()]) -> fun((erldns:keyset()) -> [dns:rr()]).
Return a function that can be used to sign the given records using the zone signing key. The function accepts a keyset, allowing the zone signing mechanism to iterate through available keysets, applying the zone signing key from each keyset.