DNS.Zone.DNSSEC (DNS v0.4.1)
View SourceDNSSEC zone signing and validation functionality.
Provides DNSSEC zone signing, key management, and record generation according to DNSSEC standards (RFC 4034, RFC 4035, RFC 4509).
Summary
Functions
Calculate key tag for DNSKEY record.
Generate DNSKEY record for a DNSSEC zone.
Generate DS record for a DNSKEY.
Generate key pair for DNSSEC.
Generate NSEC3 record for denial of existence with hashed names.
Generate NSEC record for denial of existence.
Generate RRSIG record for a set of records.
Sign a complete zone with DNSSEC records.
Validate DNSSEC signatures for a zone.
Functions
@spec calculate_key_tag(DNS.Message.Record.t()) :: integer()
Calculate key tag for DNSKEY record.
@spec generate_dnskey( String.t(), keyword() ) :: DNS.Message.Record.t()
Generate DNSKEY record for a DNSSEC zone.
@spec generate_ds(String.t(), DNS.Message.Record.t(), keyword()) :: DNS.Message.Record.t()
Generate DS record for a DNSKEY.
@spec generate_key_pair(integer()) :: {:ok, %{public: binary(), private: binary()}} | {:error, String.t()}
Generate key pair for DNSSEC.
@spec generate_nsec3(String.t(), [atom()], keyword()) :: DNS.Message.Record.t()
Generate NSEC3 record for denial of existence with hashed names.
@spec generate_nsec(String.t(), [atom()], keyword()) :: DNS.Message.Record.t()
Generate NSEC record for denial of existence.
@spec generate_rrsig(String.t(), [DNS.Message.Record.t()], keyword()) :: DNS.Message.Record.t()
Generate RRSIG record for a set of records.
@spec sign_zone( DNS.Zone.t(), keyword() ) :: {:ok, DNS.Zone.t()} | {:error, String.t()}
Sign a complete zone with DNSSEC records.
@spec validate_zone(DNS.Zone.t()) :: {:ok, boolean()} | {:error, String.t()}
Validate DNSSEC signatures for a zone.