| Copyright | (c) Viktor Dukhovni 2026 |
|---|---|
| License | BSD-3-Clause |
| Maintainer | ietf-dane@dukhovni.org |
| Stability | unstable |
| Safe Haskell | None |
| Language | GHC2024 |
Net.DNSBase.RData.Dnssec
Description
The DNSSEC chain-of-trust RR types from RFC 4034 — T_ds,
T_dnskey, T_rrsig — plus their parent/child mirror
announcements: T_cds and T_cdnskey (RFC 7344) carry the
child-side signalling of which DS and DNSKEY records the parent
should publish. The legacy T_key and T_sig records, still
used by SIG(0) transaction authentication (RFC 2535, RFC 2931),
share a codec with their DNSSEC successors.
The three groups DS/CDS, DNSKEY/CDNSKEY/KEY, and SIG/RRSIG
each have a single underlying data type (X_ds, X_key,
X_sig) with the RR type carried at the type level. DS and
KEY have the phantom type role on n, so values are
mutually coercible; the SIG family has nominal, since SIG(0)
signs a single transaction while RRSIG signs an RRSet, and
conflating them at the type level would be unsafe.
T_ipseckey (RFC 4025) and T_zonemd (RFC 8976) live here
too, alongside the re-export of Net.DNSBase.RData.NSEC for
the denial-of-existence records.
Synopsis
- data X_ds (n :: Nat) where
- type family XdsConName (n :: Nat) :: Symbol where ...
- type T_ds = X_ds N_ds
- type T_cds = X_ds N_cds
- dsKtag :: T_ds -> Word16
- dsKalg :: T_ds -> DNSKEYAlg
- dsHalg :: T_ds -> DSHashAlg
- dsHval :: T_ds -> ShortByteString
- cdsKtag :: T_cds -> Word16
- cdsKalg :: T_cds -> DNSKEYAlg
- cdsHalg :: T_cds -> DSHashAlg
- cdsHval :: T_cds -> ShortByteString
- data X_key (n :: Nat) where
- type family XkeyConName (n :: Nat) :: Symbol where ...
- type T_key = X_key N_key
- type T_dnskey = X_key N_dnskey
- type T_cdnskey = X_key N_cdnskey
- keyFlags :: T_key -> Word16
- keyProto :: T_key -> Word8
- keyAlgor :: T_key -> DNSKEYAlg
- keyValue :: T_key -> ShortByteString
- dnskeyFlags :: T_dnskey -> Word16
- dnskeyProto :: T_dnskey -> Word8
- dnskeyAlgor :: T_dnskey -> DNSKEYAlg
- dnskeyValue :: T_dnskey -> ShortByteString
- cdnskeyFlags :: T_cdnskey -> Word16
- cdnskeyProto :: T_cdnskey -> Word8
- cdnskeyAlgor :: T_cdnskey -> DNSKEYAlg
- cdnskeyValue :: T_cdnskey -> ShortByteString
- keytag :: forall (n :: Nat). X_key n -> Word16
- data X_sig (n :: Nat) where
- type family XsigConName (n :: Nat) :: Symbol where ...
- type T_rrsig = X_sig N_rrsig
- type T_sig = X_sig N_sig
- rrsigType :: T_rrsig -> RRTYPE
- rrsigKeyAlg :: T_rrsig -> DNSKEYAlg
- rrsigNumLabels :: T_rrsig -> Word8
- rrsigTTL :: T_rrsig -> Word32
- rrsigExpiration :: T_rrsig -> Int64
- rrsigInception :: T_rrsig -> Int64
- rrsigKeyTag :: T_rrsig -> Word16
- rrsigZone :: T_rrsig -> Domain
- rrsigValue :: T_rrsig -> ShortByteString
- sigType :: T_sig -> RRTYPE
- sigKeyAlg :: T_sig -> DNSKEYAlg
- sigNumLabels :: T_sig -> Word8
- sigTTL :: T_sig -> Word32
- sigExpiration :: T_sig -> Int64
- sigInception :: T_sig -> Int64
- sigKeyTag :: T_sig -> Word16
- sigZone :: T_sig -> Domain
- sigValue :: T_sig -> ShortByteString
- data T_ipseckey where
- pattern IPSecKey :: Word8 -> Word8 -> Word8 -> IPSecKeyGateway -> ShortByteString -> T_ipseckey
- data IPSecKeyGateway
- data T_zonemd = T_ZONEMD {}
- module Net.DNSBase.RData.NSEC
DS and DNSKEY
DS resource records
Shared wire-format representation for DNSSEC delegation-signer
records: the parent-side DS record
(RFC 4034 section 5.1)
and the child-side CDS announcement
(RFC 7344 section 3.1).
The type parameter n (either N_ds or N_cds) determines
the RR type. Each has its own type synonym (T_ds, T_cds)
and matching record pattern synonym (T_DS, T_CDS) with the
corresponding field-name prefix (ds, cds). The wire format
is identical and the type role of n is phantom, so T_ds
and T_cds are mutually coercible — useful for promoting a
child-side CDS announcement into a parent-side DS without
rebuilding the value.
1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Key Tag | Algorithm | Digest Type | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ / / / Digest / / / +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
No embedded domain field, so derived Ord agrees with the
canonical wire-form octet ordering
(RFC 4034 section 6.2).
The record pattern synonyms T_DS and T_CDS build the
corresponding T_ds or T_cds value directly, with their own
field-name prefixes (ds and cds):
:set -XOverloadedStrings
let ds = T_DS { dsKtag = 12345
, dsKalg = 13
, dsHalg = 2
, dsHval = coerce @Bytes16 "0001...1e1f" }
cds = T_CDS { cdsKtag = 12345
, cdsKalg = 13
, cdsHalg = 2
, cdsHval = coerce @Bytes16 "0001...1e1f" }
in RData ds : RData cds : []Functions that work on either RR type can use the
underscore-prefixed selectors on the shared X_ds record:
hashTypeVal :: forall n. X_ds n -> (Word8, ShortByteString) hashTypeVal = (,) <$> _dsHalg <*> _dsHval
Constructors
| X_DS | |
Bundled Patterns
| pattern T_DS | Record pattern synonym viewing the shared |
| pattern T_CDS | Record pattern synonym viewing the shared |
Instances
| KnownSymbol (XdsConName n) => Presentable (X_ds n) Source # | |||||
Defined in Net.DNSBase.RData.Dnssec Methods present :: X_ds n -> Builder -> Builder Source # presentLazy :: X_ds n -> ByteString -> ByteString Source # | |||||
| (Nat16 n, KnownSymbol (XdsConName n)) => KnownRData (X_ds n) Source # | |||||
Defined in Net.DNSBase.RData.Dnssec Associated Types
Methods rdataExtensionVal :: forall b -> b ~ X_ds n => RDataExtensionVal (X_ds n) Source # rdType :: forall b -> b ~ X_ds n => RRTYPE Source # rdTypePres :: forall b -> b ~ X_ds n => Builder -> Builder Source # rdDecode :: forall b -> b ~ X_ds n => RDataExtensionVal (X_ds n) -> Int -> SGet RData Source # | |||||
| (Nat16 n, KnownSymbol (XdsConName n)) => Show (X_ds n) Source # | |||||
| KnownSymbol (XdsConName n) => Eq (X_ds n) Source # | |||||
| KnownSymbol (XdsConName n) => Ord (X_ds n) Source # | |||||
| type RDataExtensionVal (X_ds n) Source # | |||||
Defined in Net.DNSBase.RData.Dnssec | |||||
type family XdsConName (n :: Nat) :: Symbol where ... Source #
Equations
| XdsConName N_ds = "T_DS" | |
| XdsConName N_cds = "T_CDS" | |
| XdsConName n = TypeError ('ShowType n ':<>: 'Text " is not a DS or CDS RRTYPE") :: Symbol |
DS fields
dsHval :: T_ds -> ShortByteString Source #
CDS fields
cdsHval :: T_cds -> ShortByteString Source #
DNSKEY resource records
data X_key (n :: Nat) Source #
Shared wire-format representation for DNSSEC signing-key
records: the DNSKEY record
(RFC 4034 section 2)
published at the child zone apex, the CDNSKEY child-side
announcement
(RFC 7344 section 3.2)
of which KSKs the parent should reference, and the legacy
KEY record
(RFC 2535 section 3.1)
still used by SIG(0) transaction authentication and otherwise
effectively unused in modern deployments. The type parameter
n (one of N_key, N_dnskey, N_cdnskey) determines the
RR type. Each has its own type synonym (T_key, T_dnskey,
T_cdnskey) and matching record pattern synonym (T_KEY,
T_DNSKEY, T_CDNSKEY) with the corresponding field-name
prefix (key, dnskey, cdnskey). The wire format is
identical across all three and the type role of n is
phantom, so the types are mutually coercible; the practical
pairing is DNSKEY <-> CDNSKEY (mirroring DS <-> CDS).
1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Flags | Protocol | Algorithm | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ / / / Public Key / / / +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
No embedded domain field, so derived Ord agrees with the
canonical wire-form octet ordering
(RFC 4034 section 6.2).
The record pattern synonyms build the corresponding type directly, with their own field-name prefixes:
:set -XOverloadedStrings
let dk = T_DNSKEY { dnskeyFlags = 257
, dnskeyProto = 3
, dnskeyAlgor = 13
, dnskeyValue = coerce @Bytes64 "3FOs...Kw==" }
cdk = T_CDNSKEY { cdnskeyFlags = 257
, cdnskeyProto = 3
, cdnskeyAlgor = 13
, cdnskeyValue = coerce @Bytes64 "3FOs...Kw==" }
in RData dk : RData cdk : []Functions that work on any of the three RR types can use the
underscore-prefixed selectors on the shared X_key record:
keyAlgVal :: forall n. X_key n -> (DNSKEYAlg, ShortByteString) keyAlgVal = (,) <$> _keyAlgor <*> _keyValue
Constructors
| X_KEY | |
Bundled Patterns
| pattern T_KEY | Record pattern synonym viewing the shared |
Fields
| |
| pattern T_DNSKEY | Record pattern synonym viewing the shared |
Fields
| |
| pattern T_CDNSKEY | Record pattern synonym viewing the shared |
Fields
| |
Instances
type family XkeyConName (n :: Nat) :: Symbol where ... Source #
Equations
| XkeyConName N_dnskey = "T_DNSKEY" | |
| XkeyConName N_cdnskey = "T_CDNSKEY" | |
| XkeyConName N_key = "T_KEY" | |
| XkeyConName n = TypeError ('ShowType n ':<>: 'Text " is not a DNSSEC key RRTYPE") :: Symbol |
KEY fields
keyValue :: T_key -> ShortByteString Source #
DNSKEY fields
dnskeyFlags :: T_dnskey -> Word16 Source #
dnskeyProto :: T_dnskey -> Word8 Source #
dnskeyAlgor :: T_dnskey -> DNSKEYAlg Source #
CDNSKEY fields
cdnskeyFlags :: T_cdnskey -> Word16 Source #
cdnskeyProto :: T_cdnskey -> Word8 Source #
cdnskeyAlgor :: T_cdnskey -> DNSKEYAlg Source #
keytag :: forall (n :: Nat). X_key n -> Word16 Source #
Compute RFC 4034, Appendix B key tag over the DNSKEY RData: 16 bit flags, 8 bit proto, 8 bit alg and key octets.
With the obsolete algorithm 1 we assign key tag 0 to truncated keys, but RSAMD5 keys are no longer seen in the wild. We check that the modulus actually has at least 3 octets.
RRSIGs
data X_sig (n :: Nat) Source #
Shared wire-format representation for DNSSEC signature
records: the RRSIG record
(RFC 4034 section 3)
that signs an RRSet, and the legacy SIG record
(RFC 2535 section 4.1)
and its SIG(0) transaction-authentication use
(RFC 2931 section 3).
The type parameter n (either N_sig or N_rrsig) determines
the RR type. Each has its own type synonym (T_sig, T_rrsig)
and matching record pattern synonym (T_SIG, T_RRSIG) with
the corresponding field-name prefix (sig, rrsig). The
wire format is shared, but the type role of n is nominal:
a T_sig value cannot be used where a T_rrsig is expected.
This is deliberate — SIG(0) signs a single transaction while
RRSIG signs an RRSet, and conflating them at the type level
would be unsafe.
1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type Covered | Algorithm | Labels | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Original TTL | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Signature Expiration | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Signature Inception | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Key Tag | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Signer's Name + | / +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-/ / / / Signature / / / +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
As noted in
Section 3.1.5 of RFC 4034
the RRsig inception and expiration times use serial number arithmetic. As a
result these timestamps are not pure values, their meaning is
time-dependent! They depend on the present time and are both at most
approximately +/-68 years from the present. This ambiguity is not a
problem because cached RRSIG records should only persist a few days,
signature lifetimes should be *much* shorter than 68 years, and key rotation
should cause any misconstrued 136-year-old signatures to fail to validate.
This also means that the interpretation of a time that is exactly half-way
around the clock at now +/-0x80000000 is not important, the signature
should never be valid.
To avoid ambiguity, these *impure* relative values are converted to pure absolute times as they are received from from the network, and converted back to 32-bit values when encoding. Therefore, the constructor takes absolute 64-bit representations of the inception and expiration times.
The signer zone name is not subject to wire-form name
compression
(RFC 3597 section 4)
and canonicalises to lower case
(RFC 4034 section 6.2,
confirmed by
RFC 6840 section 5.1).
The Eq and Ord instances compare the signer name in
canonical wire form (via equalWireHost / compareWireHost),
giving stable comparison semantics for general use in ordered
collections. Canonical RR ordering is not a meaningful concept
for RRSIG records — they are never themselves signed — so the
canonical-ordering machinery from RFC 4034 §6.2 does not apply
to them in practice.
Constructors
| X_SIG | |
Fields
| |
Bundled Patterns
| pattern T_SIG | Record pattern synonym viewing the shared |
Fields
| |
| pattern T_RRSIG | Record pattern synonym viewing the shared |
Fields
| |
Instances
| KnownSymbol (XsigConName n) => Presentable (X_sig n) Source # | |||||
Defined in Net.DNSBase.RData.Dnssec Methods present :: X_sig n -> Builder -> Builder Source # presentLazy :: X_sig n -> ByteString -> ByteString Source # | |||||
| (Nat16 n, KnownSymbol (XsigConName n)) => KnownRData (X_sig n) Source # | |||||
Defined in Net.DNSBase.RData.Dnssec Associated Types
Methods rdataExtensionVal :: forall b -> b ~ X_sig n => RDataExtensionVal (X_sig n) Source # rdType :: forall b -> b ~ X_sig n => RRTYPE Source # rdTypePres :: forall b -> b ~ X_sig n => Builder -> Builder Source # rdDecode :: forall b -> b ~ X_sig n => RDataExtensionVal (X_sig n) -> Int -> SGet RData Source # | |||||
| (Nat16 n, KnownSymbol (XsigConName n)) => Show (X_sig n) Source # | |||||
| KnownSymbol (XsigConName n) => Eq (X_sig n) Source # | Equality of signer names is case-insensitive. | ||||
| KnownSymbol (XsigConName n) => Ord (X_sig n) Source # | Comparison of signer names is case-insensitive. | ||||
Defined in Net.DNSBase.RData.Dnssec | |||||
| type RDataExtensionVal (X_sig n) Source # | |||||
Defined in Net.DNSBase.RData.Dnssec | |||||
type family XsigConName (n :: Nat) :: Symbol where ... Source #
Equations
| XsigConName N_rrsig = "T_RRSIG" | |
| XsigConName N_sig = "T_SIG" | |
| XsigConName n = TypeError ('ShowType n ':<>: 'Text " is not a SIG or RRSIG RRTYPE") :: Symbol |
RRSIG fields
rrsigKeyAlg :: T_rrsig -> DNSKEYAlg Source #
rrsigNumLabels :: T_rrsig -> Word8 Source #
rrsigExpiration :: T_rrsig -> Int64 Source #
rrsigInception :: T_rrsig -> Int64 Source #
rrsigKeyTag :: T_rrsig -> Word16 Source #
rrsigValue :: T_rrsig -> ShortByteString Source #
SIG fields
sigNumLabels :: T_sig -> Word8 Source #
sigExpiration :: T_sig -> Int64 Source #
sigInception :: T_sig -> Int64 Source #
sigValue :: T_sig -> ShortByteString Source #
IPSECKEY resource records
data T_ipseckey where Source #
The IPSECKEY resource record
(RFC 4025 section 2.1)
— IPsec keying material for a host or subnet.
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | precedence | gateway type | algorithm | gateway | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+---------------+ + ~ gateway ~ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | / / public key / / / +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-|
The gateway type byte selects one of four defined gateway shapes (none, IPv4, IPv6, or FQDN); the gateway field carries the corresponding value, and the trailing public key holds the key bytes.
For future or otherwise unrecognised gateway types (any value
outside 0..3) the wire-form boundary between the gateway and the
public key is unknown to the parser, so both are kept together as
a single opaque blob inside IPSecKeyGWG, and the key component
below is then empty.
The constructors are not exported; the only public view is the
IPSecKey bidirectional pattern synonym, which exposes a uniform
five-argument tuple (precedence, gateway type, algorithm,
gateway, public key) regardless of the gateway shape.
Bundled Patterns
| pattern IPSecKey | Uniform five-argument view of an When matching against an existing record, gateway type and
gateway are always consistent (an When constructing a record, the gateway type and gateway
arguments must agree, and for unrecognised gateway types
(anything outside 0..3) the public key argument must be empty
(the parser cannot find the boundary, so the gateway-and-key
bytes live together inside the
Any other combination raises a runtime error. |
Fields
| |
Instances
| Presentable T_ipseckey Source # | |||||
Defined in Net.DNSBase.RData.Dnssec Methods present :: T_ipseckey -> Builder -> Builder Source # presentLazy :: T_ipseckey -> ByteString -> ByteString Source # | |||||
| KnownRData T_ipseckey Source # | |||||
Defined in Net.DNSBase.RData.Dnssec Associated Types
Methods rdataExtensionVal :: forall b -> b ~ T_ipseckey => RDataExtensionVal T_ipseckey Source # rdType :: forall b -> b ~ T_ipseckey => RRTYPE Source # rdTypePres :: forall b -> b ~ T_ipseckey => Builder -> Builder Source # rdDecode :: forall b -> b ~ T_ipseckey => RDataExtensionVal T_ipseckey -> Int -> SGet RData Source # | |||||
| Show T_ipseckey Source # | |||||
Defined in Net.DNSBase.RData.Dnssec Methods showsPrec :: Int -> T_ipseckey -> ShowS # show :: T_ipseckey -> String # showList :: [T_ipseckey] -> ShowS # | |||||
| Eq T_ipseckey Source # | |||||
Defined in Net.DNSBase.RData.Dnssec | |||||
| Ord T_ipseckey Source # | |||||
Defined in Net.DNSBase.RData.Dnssec Methods compare :: T_ipseckey -> T_ipseckey -> Ordering # (<) :: T_ipseckey -> T_ipseckey -> Bool # (<=) :: T_ipseckey -> T_ipseckey -> Bool # (>) :: T_ipseckey -> T_ipseckey -> Bool # (>=) :: T_ipseckey -> T_ipseckey -> Bool # max :: T_ipseckey -> T_ipseckey -> T_ipseckey # min :: T_ipseckey -> T_ipseckey -> T_ipseckey # | |||||
| type RDataExtensionVal T_ipseckey Source # | |||||
Defined in Net.DNSBase.RData.Dnssec | |||||
data IPSecKeyGateway Source #
Shape of an IPSECKEY record's gateway field. Four cases
match the four gateway types defined by RFC 4025; the catchall
IPSecKeyGWG covers any future or otherwise unrecognised gateway
type byte and holds the gateway and public-key bytes together as
a single opaque blob (the parser has no way to find the boundary
between them when the shape is unknown).
Constructors
| IPSecKeyGWX | No gateway (gateway type 0). |
| IPSecKeyGW4 IPv4 | IPv4 gateway address (gateway type 1). |
| IPSecKeyGW6 IPv6 | IPv6 gateway address (gateway type 2). |
| IPSecKeyGWD Domain | FQDN gateway (gateway type 3); not subject to name compression. |
| IPSecKeyGWG ShortByteString | Future or unrecognised gateway type (>3); opaque gateway-and-key blob. |
Instances
| Presentable IPSecKeyGateway Source # | |
Defined in Net.DNSBase.RData.Dnssec Methods present :: IPSecKeyGateway -> Builder -> Builder Source # presentLazy :: IPSecKeyGateway -> ByteString -> ByteString Source # | |
| Show IPSecKeyGateway Source # | |
Defined in Net.DNSBase.RData.Dnssec Methods showsPrec :: Int -> IPSecKeyGateway -> ShowS # show :: IPSecKeyGateway -> String # showList :: [IPSecKeyGateway] -> ShowS # | |
| Eq IPSecKeyGateway Source # | |
Defined in Net.DNSBase.RData.Dnssec Methods (==) :: IPSecKeyGateway -> IPSecKeyGateway -> Bool # (/=) :: IPSecKeyGateway -> IPSecKeyGateway -> Bool # | |
| Ord IPSecKeyGateway Source # | |
Defined in Net.DNSBase.RData.Dnssec Methods compare :: IPSecKeyGateway -> IPSecKeyGateway -> Ordering # (<) :: IPSecKeyGateway -> IPSecKeyGateway -> Bool # (<=) :: IPSecKeyGateway -> IPSecKeyGateway -> Bool # (>) :: IPSecKeyGateway -> IPSecKeyGateway -> Bool # (>=) :: IPSecKeyGateway -> IPSecKeyGateway -> Bool # max :: IPSecKeyGateway -> IPSecKeyGateway -> IPSecKeyGateway # min :: IPSecKeyGateway -> IPSecKeyGateway -> IPSecKeyGateway # | |
Zone digest
The ZONEMD resource record
(RFC 8976 section 2.2)
— a digest of the zone contents, used by recipients of zone
transfers to verify zone integrity end-to-end. Four fields:
a 32-bit serial number matching the SOA, an 8-bit scheme
selector, an 8-bit hash-algorithm selector, and the digest
bytes.
1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Serial | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Scheme |Hash Algorithm | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | Digest | / / / / +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
No embedded domain field, so derived Ord agrees with the
canonical wire-form octet ordering.
Constructors
| T_ZONEMD | |
Fields
| |
Instances
| Presentable T_zonemd Source # | |||||
Defined in Net.DNSBase.RData.Dnssec Methods present :: T_zonemd -> Builder -> Builder Source # presentLazy :: T_zonemd -> ByteString -> ByteString Source # | |||||
| KnownRData T_zonemd Source # | |||||
Defined in Net.DNSBase.RData.Dnssec Associated Types
Methods rdataExtensionVal :: forall b -> b ~ T_zonemd => RDataExtensionVal T_zonemd Source # rdType :: forall b -> b ~ T_zonemd => RRTYPE Source # rdTypePres :: forall b -> b ~ T_zonemd => Builder -> Builder Source # rdDecode :: forall b -> b ~ T_zonemd => RDataExtensionVal T_zonemd -> Int -> SGet RData Source # | |||||
| Show T_zonemd Source # | |||||
| Eq T_zonemd Source # | |||||
| Ord T_zonemd Source # | |||||
Defined in Net.DNSBase.RData.Dnssec | |||||
| type RDataExtensionVal T_zonemd Source # | |||||
Defined in Net.DNSBase.RData.Dnssec | |||||
module Net.DNSBase.RData.NSEC