View Source erldns_dnssec (erldns v4.2.0)

Placeholder for eventual DNSSEC implementation.

Summary

Functions

Apply DNSSEC records to the given message if the zone is signed and DNSSEC is requested.

Return a function that can be used to sign the given records using the key signing key. The function accepts a keyset, allowing the zone signing mechanism to iterate through available keysets, applying the key signing key from each keyset.

This function will potentially sign the given RR set if the following conditions are true

Given a zone and a set of records, return the RRSIG records.

Return a function that can be used to sign the given records using the zone signing key. The function accepts a keyset, allowing the zone signing mechanism to iterate through available keysets, applying the zone signing key from each keyset.

Functions

handle(Message, Zone, Qname, Qtype)

-spec handle(dns:message(), erldns:zone(), dns:name(), dns:type()) -> dns:message().

Apply DNSSEC records to the given message if the zone is signed and DNSSEC is requested.

key_rrset_signer(ZoneName, RRs)

-spec key_rrset_signer(dns:name(), [dns:rr()]) -> fun((erldns:keyset()) -> [dns:rr()]).

Return a function that can be used to sign the given records using the key signing key. The function accepts a keyset, allowing the zone signing mechanism to iterate through available keysets, applying the key signing key from each keyset.

map_nsec_rr_types(Types)

-spec map_nsec_rr_types([dns:type()]) -> [dns:type()].

maybe_sign_rrset(Message, Records, Zone)

-spec maybe_sign_rrset(dns:message(), [dns:rr()], erldns:zone()) -> [dns:rr()].

This function will potentially sign the given RR set if the following conditions are true:

- DNSSEC is requested - The zone is signed

rrsig_for_zone_rrset(Zone, RRs)

-spec rrsig_for_zone_rrset(erldns:zone(), [dns:rr()]) -> [dns:rr()].

Given a zone and a set of records, return the RRSIG records.

zone_rrset_signer(ZoneName, RRs)

-spec zone_rrset_signer(dns:name(), [dns:rr()]) -> fun((erldns:keyset()) -> [dns:rr()]).

Return a function that can be used to sign the given records using the zone signing key. The function accepts a keyset, allowing the zone signing mechanism to iterate through available keysets, applying the zone signing key from each keyset.