2 * Copyright (C) 2012 Reto Guadagnini
4 * Copyright (C) secunet Security Networks AG
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2 of the License, or (at your
9 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
11 * This program is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
18 * @defgroup rsolver_response resolver_response
19 * @{ @ingroup resolver
22 #ifndef RESOLVER_RESPONSE_H_
23 #define RESOLVER_RESPONSE_H_
25 typedef struct resolver_response_t resolver_response_t
;
26 typedef enum dnssec_status_t dnssec_status_t
;
29 #include <resolver/rr_set.h>
32 * DNSSEC security state.
34 * DNSSEC security state, which a security aware resolver is able determine
35 * according to RFC 4033.
37 enum dnssec_status_t
{
39 * The validating resolver has a trust anchor, has a chain of
40 * trust, and is able to verify all the signatures in the response.
45 * The validating resolver has a trust anchor, a chain of
46 * trust, and, at some delegation point, signed proof of the
47 * non-existence of a DS record. This indicates that subsequent
48 * branches in the tree are provably insecure. A validating resolver
49 * may have a local policy to mark parts of the domain space as
54 * The validating resolver has a trust anchor and a secure
55 * delegation indicating that subsidiary data is signed, but the
56 * response fails to validate for some reason: missing signatures,
57 * expired signatures, signatures with unsupported algorithms, data
58 * missing that the relevant NSEC RR says should be present, and so
63 * There is no trust anchor that would indicate that a
64 * specific portion of the tree is secure. This is the default
65 * operation mode. [RFC4033]
72 * A response of the DNS resolver to a DNS query.
74 * A response represents the answer of the Domain Name System to a query.
75 * It contains the RRset with the queried Resource Records and additional
78 struct resolver_response_t
{
81 * Get the original question string.
83 * The string to which the returned pointer points, is still owned
84 * by the resolver_response. Clone it if necessary.
86 * @return the queried name
88 char *(*get_query_name
)(resolver_response_t
*this);
91 * Get the canonical name of the result.
93 * The string to which the returned pointer points, is still owned
94 * by the resolver_response. Clone it if necessary.
96 * @return - canonical name of result
97 * - NULL, if result has no canonical name
99 char *(*get_canon_name
)(resolver_response_t
*this);
102 * Does the RRset of this response contain some Resource Records?
104 * Returns TRUE if the RRset of this response contains some RRs
105 * (RRSIG Resource Records are ignored).
108 * - TRUE, if there are some RRs in the RRset
111 bool (*has_data
)(resolver_response_t
*this);
114 * Does the queried name exist?
117 * - TRUE, if the queried name exists
120 bool (*query_name_exist
)(resolver_response_t
*this);
123 * Get the DNSSEC security state of the response.
125 * @return DNSSEC security state
127 dnssec_status_t (*get_security_state
)(resolver_response_t
*this);
130 * Get the RRset with all Resource Records of this response.
133 * - NULL if there is no data or the query name
136 rr_set_t
*(*get_rr_set
)(resolver_response_t
*this);
139 * Destroy this response.
141 void (*destroy
) (resolver_response_t
*this);
144 #endif /** RR_SET_H_ @}*/