Class Dnsruby::RR::NSEC3PARAM
In: lib/Dnsruby/resource/NSEC3PARAM.rb
Parent: RR
Message Update ResolvError EncodeError OtherResolvError ServFail FormErr DecodeError NXRRSet YXDomain NotImp NXDomain VerifyError NotAuth YXRRSet NotZone Refused TsigError CodeMapper Types MetaTypes QTypes Nsec3HashAlgorithms Algorithms OpCode Classes ExtendedRCode Modes RCode Comparable Name RRSet TsigNotSignedResponseError Resolver SingleResolver StandardError TimeoutError ResolvTimeout DNS Dnssec Hosts RR\n[lib/Dnsruby/resource/A.rb\nlib/Dnsruby/resource/AAAA.rb\nlib/Dnsruby/resource/AFSDB.rb\nlib/Dnsruby/resource/CERT.rb\nlib/Dnsruby/resource/DHCID.rb\nlib/Dnsruby/resource/DLV.rb\nlib/Dnsruby/resource/DNSKEY.rb\nlib/Dnsruby/resource/DS.rb\nlib/Dnsruby/resource/HINFO.rb\nlib/Dnsruby/resource/HIP.rb\nlib/Dnsruby/resource/IN.rb\nlib/Dnsruby/resource/IPSECKEY.rb\nlib/Dnsruby/resource/ISDN.rb\nlib/Dnsruby/resource/KX.rb\nlib/Dnsruby/resource/LOC.rb\nlib/Dnsruby/resource/MINFO.rb\nlib/Dnsruby/resource/MX.rb\nlib/Dnsruby/resource/NAPTR.rb\nlib/Dnsruby/resource/NSAP.rb\nlib/Dnsruby/resource/NSEC.rb\nlib/Dnsruby/resource/NSEC3.rb\nlib/Dnsruby/resource/NSEC3PARAM.rb\nlib/Dnsruby/resource/OPT.rb\nlib/Dnsruby/resource/PX.rb\nlib/Dnsruby/resource/RP.rb\nlib/Dnsruby/resource/RRSIG.rb\nlib/Dnsruby/resource/RT.rb\nlib/Dnsruby/resource/SOA.rb\nlib/Dnsruby/resource/SPF.rb\nlib/Dnsruby/resource/SRV.rb\nlib/Dnsruby/resource/SSHFP.rb\nlib/Dnsruby/resource/TKEY.rb\nlib/Dnsruby/resource/TSIG.rb\nlib/Dnsruby/resource/TXT.rb\nlib/Dnsruby/resource/X25.rb\nlib/Dnsruby/resource/domain_name.rb\nlib/Dnsruby/resource/generic.rb\nlib/Dnsruby/resource/resource.rb] Recursor IPv6 IPv4 ZoneTransfer MessageDecoder MessageEncoder Question Header TheLog ValidatorThread PacketSender ResolverRuby Config KeyCache Cache SingleVerifier SelectThread Resolv ZoneReader lib/Dnsruby/DNS.rb lib/Dnsruby/dnssec.rb lib/Dnsruby/Hosts.rb lib/Dnsruby/resource/generic.rb lib/Dnsruby/Recursor.rb lib/Dnsruby/update.rb lib/Dnsruby/ipv6.rb lib/Dnsruby/ipv4.rb lib/Dnsruby/code_mapper.rb lib/Dnsruby/zone_transfer.rb lib/Dnsruby/message.rb lib/Dnsruby/TheLog.rb lib/Dnsruby/resource/resource.rb lib/Dnsruby/validator_thread.rb lib/Dnsruby/PacketSender.rb lib/Dnsruby/Resolver.rb lib/Dnsruby/Config.rb lib/Dnsruby/key_cache.rb lib/Dnsruby/Cache.rb lib/Dnsruby/single_verifier.rb lib/Dnsruby/SingleResolver.rb lib/Dnsruby/select_thread.rb lib/Dnsruby/name.rb lib/dnsruby.rb lib/Dnsruby/resource/TKEY.rb lib/Dnsruby/zone_reader.rb Dnsruby dot/m_61_0.png

The NSEC3PARAM RR contains the NSEC3 parameters (hash algorithm, flags, iterations and salt) needed by authoritative servers to calculate hashed owner names. The presence of an NSEC3PARAM RR at a zone apex indicates that the specified parameters may be used by authoritative servers to choose an appropriate set of NSEC3 RRs for negative responses. The NSEC3PARAM RR is not used by validators or resolvers.

Methods

flags=   from_string   hash_alg=   salt   salt=   types=  

Constants

TypeValue = Types::NSEC3PARAM #:nodoc: all

Attributes

flags  [R]  The Flags field contains 8 one-bit flags that can be used to indicate different processing. All undefined flags must be zero. The only flag defined by the NSEC3 specification is the Opt-Out flag.
hash_alg  [R]  The Hash Algorithm field identifies the cryptographic hash algorithm used to construct the hash-value.
iterations  [RW]  The Iterations field defines the number of additional times the hash function has been performed.
salt_length  [R]  The Salt Length field defines the length of the Salt field in octets, ranging in value from 0 to 255.

Public Instance methods

[Source]

    # File lib/Dnsruby/resource/NSEC3PARAM.rb, line 72
72:       def flags=(f)
73:         if (f==0 || f==1)
74:           @flags=f
75:         else
76:           raise DecodeError.new("Unknown NSEC3 flags field - #{f}")
77:         end
78:       end

[Source]

     # File lib/Dnsruby/resource/NSEC3PARAM.rb, line 97
 97:       def from_string(input)
 98:         if (input.length > 0)
 99:           data = input.split(" ")
100:           self.hash_alg=(data[0]).to_i
101:           self.flags=(data[1]).to_i
102:           self.iterations=(data[2]).to_i
103:           self.salt=(data[3])
104:           #          self.salt_length=(data[3].length)

105:         end
106:       end

[Source]

    # File lib/Dnsruby/resource/NSEC3PARAM.rb, line 54
54:       def hash_alg=(a)
55:         if (a.instance_of?String)
56:           if (a.length == 1)
57:             a = a.to_i
58:           end
59:         end
60:         begin
61:           alg = Nsec3HashAlgorithms.new(a)
62:           @hash_alg = alg
63:         rescue ArgumentError => e
64:           raise DecodeError.new(e)
65:         end
66:       end

The Salt field is appended to the original owner name before hashing in order to defend against pre-calculated dictionary attacks.

[Source]

    # File lib/Dnsruby/resource/NSEC3PARAM.rb, line 45
45:       def salt
46:         return NSEC3.encode_salt(@salt)
47:       end

[Source]

    # File lib/Dnsruby/resource/NSEC3PARAM.rb, line 49
49:       def salt=(s)
50:         @salt = NSEC3.decode_salt(s)
51:         @salt_length = @salt.length
52:       end

[Source]

    # File lib/Dnsruby/resource/NSEC3PARAM.rb, line 68
68:       def types=(t)
69:         @types = NSEC.get_types(t)
70:       end

[Validate]