git.ipfire.org Git - thirdparty/bind9.git/commit

author	Matthijs Mekking <matthijs@isc.org>
	Wed, 19 Jun 2024 09:09:29 +0000 (11:09 +0200)
committer	Matthijs Mekking <matthijs@isc.org>
	Thu, 22 Aug 2024 06:21:52 +0000 (08:21 +0200)
commit	445722d2bf4bbe15af4e4940ffb0d4dc2d2c5a8b
tree	f92a5fb93f8c93afe685ab878bee85ace57fe75a	tree \| snapshot
parent	afe093258c279cd6b47a1d98657bc4e6f76e1875	commit \| diff

Add code to store SKR

This added source code stores SKR data. It is loosely based on:
https://www.iana.org/dnssec/archive/files/draft-icann-dnssec-keymgmt-01.txt

A SKR contains a list of signed DNSKEY RRsets. Each change in data
should be stored in a separate bundle. So if the RRSIG is refreshed that
means it is stored in the next bundle. Likewise, if there is a new ZSK
pre-published, it is in the next bundle.

In addition (not mentioned in the draft), each bundle may contain
signed CDS and CDNSKEY RRsets.

Each bundle has an inception time. These will determine when we need
to re-sign or re-key the zone.

lib/dns/Makefile.am		diff \| blob \| blame \| history
lib/dns/include/dns/skr.h	[new file with mode: 0644]	blob
lib/dns/include/dns/types.h		diff \| blob \| blame \| history
lib/dns/skr.c	[new file with mode: 0644]	blob