Struct trust_dns::rr::rdata::ds::DS
[−]
[src]
pub struct DS {
// some fields omitted
}RFC 4034, DNSSEC Resource Records, March 2005
5.1. DS RDATA Wire Format
The RDATA for a DS RR consists of a 2 octet Key Tag field, a 1 octet
Algorithm field, a 1 octet Digest Type field, and a Digest field.
1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Key Tag | Algorithm | Digest Type |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
/ /
/ Digest /
/ /
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
5.2. Processing of DS RRs When Validating Responses
The DS RR links the authentication chain across zone boundaries, so
the DS RR requires extra care in processing. The DNSKEY RR referred
to in the DS RR MUST be a DNSSEC zone key. The DNSKEY RR Flags MUST
have Flags bit 7 set. If the DNSKEY flags do not indicate a DNSSEC
zone key, the DS RR (and the DNSKEY RR it references) MUST NOT be
used in the validation process.
5.3. The DS RR Presentation Format
The presentation format of the RDATA portion is as follows:
The Key Tag field MUST be represented as an unsigned decimal integer.
The Algorithm field MUST be represented either as an unsigned decimal
integer or as an algorithm mnemonic specified in Appendix A.1.
The Digest Type field MUST be represented as an unsigned decimal
integer.
The Digest MUST be represented as a sequence of case-insensitive
hexadecimal digits. Whitespace is allowed within the hexadecimal
text.
Methods
impl DS
fn new(key_tag: u16, algorithm: Algorithm, digest_type: DigestType, digest: Vec<u8>) -> DS
fn get_key_tag(&self) -> u16
RFC 4034, DNSSEC Resource Records, March 2005
5.1.1. The Key Tag Field
The Key Tag field lists the key tag of the DNSKEY RR referred to by
the DS record, in network byte order.
The Key Tag used by the DS RR is identical to the Key Tag used by
RRSIG RRs. Appendix B describes how to compute a Key Tag.
fn get_algorithm(&self) -> &Algorithm
RFC 4034, DNSSEC Resource Records, March 2005
5.1.2. The Algorithm Field
The Algorithm field lists the algorithm number of the DNSKEY RR
referred to by the DS record.
The algorithm number used by the DS RR is identical to the algorithm
number used by RRSIG and DNSKEY RRs. Appendix A.1 lists the
algorithm number types.
fn get_digest_type(&self) -> DigestType
RFC 4034, DNSSEC Resource Records, March 2005
5.1.3. The Digest Type Field
The DS RR refers to a DNSKEY RR by including a digest of that DNSKEY
RR. The Digest Type field identifies the algorithm used to construct
the digest. Appendix A.2 lists the possible digest algorithm types.
fn get_digest(&self) -> &[u8]
RFC 4034, DNSSEC Resource Records, March 2005
5.1.4. The Digest Field
The DS record refers to a DNSKEY RR by including a digest of that
DNSKEY RR.
The digest is calculated by concatenating the canonical form of the
fully qualified owner name of the DNSKEY RR with the DNSKEY RDATA,
and then applying the digest algorithm.
digest = digest_algorithm( DNSKEY owner name | DNSKEY RDATA);
"|" denotes concatenation
DNSKEY RDATA = Flags | Protocol | Algorithm | Public Key.
The size of the digest may vary depending on the digest algorithm and
DNSKEY RR size. As of the time of this writing, the only defined
digest algorithm is SHA-1, which produces a 20 octet digest.