Package | Description |
---|---|
org.xbill.DNS.dnssec |
Modifier and Type | Method and Description |
---|---|
private static SMessage |
ValidatingResolver.errorMessage(Message request,
int rcode)
Creates a response message with the given return code.
|
private SMessage |
ValidatingResolver.processFinishedState(Message request,
SMessage response)
Apply any final massaging to a response before returning up the pipeline.
|
Modifier and Type | Method and Description |
---|---|
private java.util.concurrent.CompletionStage<SMessage> |
ValidatingResolver.processValidate(Message request,
SMessage response) |
private java.util.concurrent.CompletionStage<SMessage> |
ValidatingResolver.sendRequest(Message request) |
Modifier and Type | Method and Description |
---|---|
private void |
ValidatingResolver.applyEdeToOpt(SMessage validated,
Message m) |
(package private) void |
JustifiedSecStatus.applyToResponse(SMessage response)
Applies this security status to a response message.
|
static ResponseClassification |
ValUtils.classifyResponse(Message request,
SMessage m)
Given a response, classify ANSWER responses into a subtype.
|
private KeyEntry |
ValidatingResolver.dsReponseToKeForNodata(SMessage response,
Message request,
SRRset keyRrset)
Given a DS response, the DS request, and the current key rrset, validate the DS response for
the NODATA case, returning a KeyEntry.
|
private KeyEntry |
ValidatingResolver.dsResponseToKE(SMessage response,
Message request,
SRRset keyRrset)
Given a DS response, the DS request, and the current key rrset, validate the DS response,
returning a KeyEntry.
|
boolean |
ValUtils.hasSignedNsecs(SMessage message)
Checks if the authority section of a message contains at least one signed NSEC or NSEC3 record.
|
JustifiedSecStatus |
ValUtils.nsecProvesNodataDsReply(Message request,
SMessage response,
SRRset keyRrset,
java.time.Instant date)
Check DS absence.
|
private java.util.concurrent.CompletionStage<java.lang.Void> |
ValidatingResolver.processDNSKEYResponse(Message request,
SMessage response,
FindKeyState state) |
private java.util.concurrent.CompletionStage<java.lang.Void> |
ValidatingResolver.processDSResponse(Message request,
SMessage response,
FindKeyState state)
This handles the responses to locally generated DS queries.
|
private SMessage |
ValidatingResolver.processFinishedState(Message request,
SMessage response)
Apply any final massaging to a response before returning up the pipeline.
|
private java.util.concurrent.CompletionStage<SMessage> |
ValidatingResolver.processValidate(Message request,
SMessage response) |
private void |
ValidatingResolver.removeSpuriousAuthority(SMessage response)
For messages that are not referrals, if the chase reply contains an unsigned NS record in the
authority section it could have been inserted by a (BIND) forwarder that thinks the zone is
insecure, and that has an NS record without signatures in cache.
|
private java.util.concurrent.CompletionStage<java.lang.Boolean> |
ValidatingResolver.validateAnswerAndGetWildcards(SMessage response,
int qtype,
java.util.Map<Name,Name> wcs) |
private java.util.concurrent.CompletionStage<java.lang.Boolean> |
ValidatingResolver.validateAnswerAndGetWildcardsRecursive(SMessage response,
int qtype,
java.util.Map<Name,Name> wcs,
java.util.concurrent.atomic.AtomicInteger setIndex) |
private java.util.concurrent.CompletionStage<java.lang.Void> |
ValidatingResolver.validateNameErrorResponse(Message request,
SMessage response)
Validate a NAMEERROR signed response -- a response that has a NXDOMAIN Rcode.
|
private java.util.concurrent.CompletionStage<java.lang.Void> |
ValidatingResolver.validateNameErrorResponseRecursive(SMessage response,
java.util.concurrent.atomic.AtomicInteger setIndex) |
private java.util.concurrent.CompletionStage<java.lang.Void> |
ValidatingResolver.validateNodataResponse(Message request,
SMessage response)
Validate a NOERROR/NODATA signed response -- a response that has a NOERROR Rcode but no ANSWER
section RRsets.
|
private java.util.concurrent.CompletionStage<java.lang.Void> |
ValidatingResolver.validateNodataResponseRecursive(SMessage response,
java.util.concurrent.atomic.AtomicInteger setIndex) |
private java.util.concurrent.CompletionStage<java.lang.Void> |
ValidatingResolver.validatePositiveResponse(Message request,
SMessage response)
Given a "postive" response -- a response that contains an answer to the question, and no CNAME
chain, validate this response.
|
private java.util.concurrent.CompletionStage<java.lang.Boolean> |
ValidatingResolver.validatePositiveResponseRecursive(SMessage response,
java.util.Map<Name,Name> wcs,
java.util.List<SRRset> nsec3s,
java.util.List<SRRset> nsecs,
int[] sections,
java.util.concurrent.atomic.AtomicInteger sectionIndex,
java.util.concurrent.atomic.AtomicInteger setIndex) |