]>
git.ipfire.org Git - thirdparty/systemd.git/blob - src/resolve/dns-type.c
1 /* SPDX-License-Identifier: LGPL-2.1+ */
3 Copyright © 2014 Zbigniew Jędrzejewski-Szmek
6 #include <sys/socket.h>
10 #include "parse-util.h"
11 #include "string-util.h"
13 typedef const struct {
18 static const struct dns_type_name
*
19 lookup_dns_type (register const char *str
, register GPERF_LEN_TYPE len
);
21 #include "dns_type-from-name.h"
22 #include "dns_type-to-name.h"
24 int dns_type_from_string(const char *s
) {
25 const struct dns_type_name
*sc
;
29 sc
= lookup_dns_type(s
, strlen(s
));
33 s
= startswith_no_case(s
, "TYPE");
37 if (safe_atou(s
, &x
) >= 0 &&
42 return _DNS_TYPE_INVALID
;
45 bool dns_type_is_pseudo(uint16_t type
) {
47 /* Checks whether the specified type is a "pseudo-type". What
48 * a "pseudo-type" precisely is, is defined only very weakly,
49 * but apparently entails all RR types that are not actually
50 * stored as RRs on the server and should hence also not be
51 * cached. We use this list primarily to validate NSEC type
52 * bitfields, and to verify what to cache. */
55 0, /* A Pseudo RR type, according to RFC 2931 */
65 bool dns_class_is_pseudo(uint16_t class) {
66 return class == DNS_TYPE_ANY
;
69 bool dns_type_is_valid_query(uint16_t type
) {
71 /* The types valid as questions in packets */
79 /* RRSIG are technically valid as questions, but we refuse doing explicit queries for them, as
80 * they aren't really payload, but signatures for payload, and cannot be validated on their
81 * own. After all they are the signatures, and have no signatures of their own validating
86 bool dns_type_is_zone_transer(uint16_t type
) {
88 /* Zone transfers, either normal or incremental */
95 bool dns_type_is_valid_rr(uint16_t type
) {
97 /* The types valid as RR in packets (but not necessarily
98 * stored on servers). */
106 bool dns_class_is_valid_rr(uint16_t class) {
107 return class != DNS_CLASS_ANY
;
110 bool dns_type_may_redirect(uint16_t type
) {
111 /* The following record types should never be redirected using
112 * CNAME/DNAME RRs. See
113 * <https://tools.ietf.org/html/rfc4035#section-2.5>. */
115 if (dns_type_is_pseudo(type
))
129 bool dns_type_may_wildcard(uint16_t type
) {
131 /* The following records may not be expanded from wildcard RRsets */
133 if (dns_type_is_pseudo(type
))
140 /* Prohibited by https://tools.ietf.org/html/rfc4592#section-4.4 */
144 bool dns_type_apex_only(uint16_t type
) {
146 /* Returns true for all RR types that may only appear signed in a zone apex */
150 DNS_TYPE_NS
, /* this one can appear elsewhere, too, but not signed */
152 DNS_TYPE_NSEC3PARAM
);
155 bool dns_type_is_dnssec(uint16_t type
) {
162 DNS_TYPE_NSEC3PARAM
);
165 bool dns_type_is_obsolete(uint16_t type
) {
167 /* Obsoleted by RFC 973 */
172 /* Kinda obsoleted by RFC 2505 */
179 /* RFC1127 kinda obsoleted this by recommending against its use */
182 /* Declared historical by RFC 6563 */
185 /* Obsoleted by DNSSEC-bis */
188 /* RFC 1035 removed support for concepts that needed this from RFC 883 */
192 bool dns_type_needs_authentication(uint16_t type
) {
194 /* Returns true for all (non-obsolete) RR types where records are not useful if they aren't
195 * authenticated. I.e. everything that contains crypto keys. */
209 int dns_type_to_af(uint16_t t
) {
226 const char *dns_class_to_string(uint16_t class) {
240 int dns_class_from_string(const char *s
) {
243 return _DNS_CLASS_INVALID
;
245 if (strcaseeq(s
, "IN"))
247 else if (strcaseeq(s
, "ANY"))
248 return DNS_CLASS_ANY
;
250 return _DNS_CLASS_INVALID
;
253 const char* tlsa_cert_usage_to_string(uint8_t cert_usage
) {
255 switch (cert_usage
) {
258 return "CA constraint";
261 return "Service certificate constraint";
264 return "Trust anchor assertion";
267 return "Domain-issued certificate";
273 return "Private use";
276 return NULL
; /* clang cannot count that we covered everything */
279 const char* tlsa_selector_to_string(uint8_t selector
) {
283 return "Full Certificate";
286 return "SubjectPublicKeyInfo";
292 return "Private use";
298 const char* tlsa_matching_type_to_string(uint8_t selector
) {
303 return "No hash used";
315 return "Private use";