]>
git.ipfire.org Git - thirdparty/systemd.git/blob - src/resolve/dns-type.c
d98cff2e4ecb8458b1b5eab934be238d34e6082d
1 /* SPDX-License-Identifier: LGPL-2.1+ */
3 This file is part of systemd.
5 Copyright 2014 Zbigniew Jędrzejewski-Szmek
8 #include <sys/socket.h>
12 #include "parse-util.h"
13 #include "string-util.h"
15 typedef const struct {
20 static const struct dns_type_name
*
21 lookup_dns_type (register const char *str
, register GPERF_LEN_TYPE len
);
23 #include "dns_type-from-name.h"
24 #include "dns_type-to-name.h"
26 int dns_type_from_string(const char *s
) {
27 const struct dns_type_name
*sc
;
31 sc
= lookup_dns_type(s
, strlen(s
));
35 s
= startswith_no_case(s
, "TYPE");
39 if (safe_atou(s
, &x
) >= 0 &&
44 return _DNS_TYPE_INVALID
;
47 bool dns_type_is_pseudo(uint16_t type
) {
49 /* Checks whether the specified type is a "pseudo-type". What
50 * a "pseudo-type" precisely is, is defined only very weakly,
51 * but apparently entails all RR types that are not actually
52 * stored as RRs on the server and should hence also not be
53 * cached. We use this list primarily to validate NSEC type
54 * bitfields, and to verify what to cache. */
57 0, /* A Pseudo RR type, according to RFC 2931 */
67 bool dns_class_is_pseudo(uint16_t class) {
68 return class == DNS_TYPE_ANY
;
71 bool dns_type_is_valid_query(uint16_t type
) {
73 /* The types valid as questions in packets */
81 /* RRSIG are technically valid as questions, but we refuse doing explicit queries for them, as
82 * they aren't really payload, but signatures for payload, and cannot be validated on their
83 * own. After all they are the signatures, and have no signatures of their own validating
88 bool dns_type_is_zone_transer(uint16_t type
) {
90 /* Zone transfers, either normal or incremental */
97 bool dns_type_is_valid_rr(uint16_t type
) {
99 /* The types valid as RR in packets (but not necessarily
100 * stored on servers). */
108 bool dns_class_is_valid_rr(uint16_t class) {
109 return class != DNS_CLASS_ANY
;
112 bool dns_type_may_redirect(uint16_t type
) {
113 /* The following record types should never be redirected using
114 * CNAME/DNAME RRs. See
115 * <https://tools.ietf.org/html/rfc4035#section-2.5>. */
117 if (dns_type_is_pseudo(type
))
131 bool dns_type_may_wildcard(uint16_t type
) {
133 /* The following records may not be expanded from wildcard RRsets */
135 if (dns_type_is_pseudo(type
))
142 /* Prohibited by https://tools.ietf.org/html/rfc4592#section-4.4 */
146 bool dns_type_apex_only(uint16_t type
) {
148 /* Returns true for all RR types that may only appear signed in a zone apex */
152 DNS_TYPE_NS
, /* this one can appear elsewhere, too, but not signed */
154 DNS_TYPE_NSEC3PARAM
);
157 bool dns_type_is_dnssec(uint16_t type
) {
164 DNS_TYPE_NSEC3PARAM
);
167 bool dns_type_is_obsolete(uint16_t type
) {
169 /* Obsoleted by RFC 973 */
174 /* Kinda obsoleted by RFC 2505 */
181 /* RFC1127 kinda obsoleted this by recommending against its use */
184 /* Declared historical by RFC 6563 */
187 /* Obsoleted by DNSSEC-bis */
190 /* RFC 1035 removed support for concepts that needed this from RFC 883 */
194 bool dns_type_needs_authentication(uint16_t type
) {
196 /* Returns true for all (non-obsolete) RR types where records are not useful if they aren't
197 * authenticated. I.e. everything that contains crypto keys. */
211 int dns_type_to_af(uint16_t t
) {
228 const char *dns_class_to_string(uint16_t class) {
242 int dns_class_from_string(const char *s
) {
245 return _DNS_CLASS_INVALID
;
247 if (strcaseeq(s
, "IN"))
249 else if (strcaseeq(s
, "ANY"))
250 return DNS_CLASS_ANY
;
252 return _DNS_CLASS_INVALID
;
255 const char* tlsa_cert_usage_to_string(uint8_t cert_usage
) {
257 switch (cert_usage
) {
260 return "CA constraint";
263 return "Service certificate constraint";
266 return "Trust anchor assertion";
269 return "Domain-issued certificate";
275 return "Private use";
278 return NULL
; /* clang cannot count that we covered everything */
281 const char* tlsa_selector_to_string(uint8_t selector
) {
285 return "Full Certificate";
288 return "SubjectPublicKeyInfo";
294 return "Private use";
300 const char* tlsa_matching_type_to_string(uint8_t selector
) {
305 return "No hash used";
317 return "Private use";