erldns_dnssec (erldns v9.0.0)

View Source

DNSSEC implementation.

If you want to enable DNSSEC, you need to add this module to the packet pipeline after a resolver, that being an authoritative (e.g. erldns_resolver) or recursive (e.g. erldns_resolver_recursive).

You also need to provide the zone keys for signing, during loading, see ZONES for more details.

Summary

Functions

call/2

erldns_pipeline:call/2 callback.

get_signed_records/1

Get signed records from a zone

get_signed_zone_records/1

Get signed records from a zone

prepare(Opts)

erldns_pipeline:prepare/1 callback.

rrsig_for_zone_rrset(Zone, RRs)

Given a zone and a set of records, return the RRSIG records.

Functions

call/2

-spec call(dns:message(), erldns_pipeline:opts()) -> erldns_pipeline:return().

erldns_pipeline:call/2 callback.

get_signed_records/1

-spec get_signed_records(erldns:zone()) -> #{atom() => [dns:rr()]}.

Get signed records from a zone

get_signed_zone_records/1

-spec get_signed_zone_records(erldns:zone()) -> [dns:rr()].

Get signed records from a zone

prepare(Opts)

-spec prepare(erldns_pipeline:opts()) -> erldns_pipeline:opts().

erldns_pipeline:prepare/1 callback.

rrsig_for_zone_rrset(Zone, RRs)

-spec rrsig_for_zone_rrset(erldns:zone(), [dns:rr()]) -> [dns:rr()].

Given a zone and a set of records, return the RRSIG records.