signer

package
v0.9.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 17, 2026 License: BSD-2-Clause Imports: 15 Imported by: 0

Documentation

Overview

Package signer provides DNSSEC signing for DNS zones. It wraps a store.Store and handles the signing workflow: - Applies mutations atomically in a single transaction - Signs all affected RRsets - Builds NSEC/NSEC3 chain - Commits with new serial

Index

Constants

This section is empty.

Variables

View Source 
var (
	ErrNilStore  = errors.New("signer: store cannot be nil")
	ErrNilKeys   = errors.New("signer: ZSK and KSK cannot be nil")
	ErrDuplicate = errors.New("signer: duplicate record")
)

Functions

This section is empty.

Types

type Config 

type Config struct {
	// Store is the underlying data store.
	Store *store.Store

	// Zone is the zone name to sign.
	Zone domainname.DomainName

	// ZSK is the Zone Signing Key (signs all RRsets except DNSKEY).
	ZSK crypto.Signer

	// KSK is the Key Signing Key (signs DNSKEY RRset).
	KSK crypto.Signer

	// Algorithm is the signing algorithm.
	Algorithm dnssec.SigningAlgorithm

	// DefaultTTL for generated records (NSEC, RRSIG).
	DefaultTTL uint32

	// RRSIGValidity is how long RRSIG records are valid.
	RRSIGValidity time.Duration

	// NextSecure specifies NSEC or NSEC3.
	NextSecure dnssec.NextSecure

	// NSEC3Params for NSEC3 mode (ignored if NextSecure is NSEC).
	NSEC3Params *mindnspb.NSEC3PARAMData

	// DSHash is the hash algorithm for DS records (default SHA256).
	DSHash uint8
}

Config holds signer configuration.

type Mutation 

type Mutation struct {
	Type   MutationType
	Name   domainname.DomainName
	RRType mindnspb.Type
	Record mindnspb.ProtoRR // For Add/Set operations
}

Mutation represents a zone change.

func AddMutation 

func AddMutation(rr mindnspb.ProtoRR) (Mutation, error)

Helper to create an Add mutation from a ProtoRR.

func DeleteMutation 

func DeleteMutation(name domainname.DomainName, rrtype mindnspb.Type) Mutation

Helper to create a Delete mutation.

func SetMutation 

func SetMutation(rr mindnspb.ProtoRR) (Mutation, error)

Helper to create a Set mutation (replace entire RRset).

type MutationType 

type MutationType int

MutationType indicates the kind of mutation. 

const (
	MutationAdd MutationType = iota
	MutationDelete
	MutationSet // Replace entire RRset
)

type Signer 

type Signer struct {
	// contains filtered or unexported fields
}

Signer handles DNSSEC signing for a zone.

func New 

func New(cfg Config) (*Signer, error)

New creates a new Signer with the given configuration.

func (*Signer) Apply 

func (s *Signer) Apply(ctx context.Context, mutations []Mutation) error

Apply applies mutations atomically, signs the zone, and commits. This is the main entry point for zone updates. All mutations are applied in a single transaction - either all succeed or none.

func (*Signer) DS 

func (s *Signer) DS() *dns.DS

DS returns the DS record for the KSK.

func (*Signer) KSKTag 

func (s *Signer) KSKTag() uint16

KSKTag returns the key tag for the KSK.

func (*Signer) ZSKTag 

func (s *Signer) ZSKTag() uint16

ZSKTag returns the key tag for the ZSK.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.