Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func FormatRecordForMokka ¶
FormatRecordForMokka formats a DNS RR for use in dns-mokka configuration Returns the format: "TYPE rdata TTL" Example: "A 192.0.2.1 300"
Types ¶
type DNSSECChainData ¶
type DNSSECChainData struct {
// Parent zone (e.g., "example.")
ParentZone string
ParentDNSKEY *dns.DNSKEY
ParentPrivateKey *ecdsa.PrivateKey
// Child zone (e.g., "child.example.")
ChildZone string
ChildDNSKEY *dns.DNSKEY
ChildPrivateKey *ecdsa.PrivateKey
// DS record linking child to parent
DS *dns.DS
// DS RRSIG (parent signs the DS record)
DSRRSIG *dns.RRSIG
// Child's A record and signature
ARecord *dns.A
ARRRSIG *dns.RRSIG
// DNSKEY RRSIGs (self-signed per RFC 4035 §5.2)
ChildDNSKEYRRSIG *dns.RRSIG
ParentDNSKEYRRSIG *dns.RRSIG
}
DNSSECChainData holds a complete DNSSEC chain with parent and child zones
func GenerateDNSSECChain ¶
func GenerateDNSSECChain(parentZone, childZone, hostname, ipAddr string) (*DNSSECChainData, error)
GenerateDNSSECChain generates a complete DNSSEC chain with parent and child zones This creates a parent zone, child zone, DS record, and all necessary signatures
type DNSSECTestData ¶
type DNSSECTestData struct {
ARecord *dns.A
RRSIG *dns.RRSIG
DNSKEY *dns.DNSKEY
PrivateKey *ecdsa.PrivateKey
}
DNSSECTestData holds generated DNSSEC test data for e2e tests
func GenerateMismatchedDNSSEC ¶
func GenerateMismatchedDNSSEC(zone, hostname, ipAddr string) (*DNSSECTestData, *dns.DNSKEY, error)
GenerateMismatchedDNSSEC generates DNSSEC data where RRSIG and DNSKEY don't match The A record is signed with keyA, but a different keyB is returned for DNSKEY queries
func GenerateValidDNSSEC ¶
func GenerateValidDNSSEC(zone, hostname, ipAddr string) (*DNSSECTestData, error)
GenerateValidDNSSEC generates a valid DNSSEC-signed A record with matching DNSKEY This creates cryptographically correct DNSSEC data for testing validation
Source Files