[ldns-users] Questions on ldns_dnssec_* functions
Ray Bellis
Ray.Bellis at nominet.org.uk
Mon Oct 13 15:41:54 UTC 2014
I have a number of advanced-level questions relating to use of ldns to create a dynamic zone signer:
1. Given an apparently valid ldns_dnssec_zone structure that has had keys added and subsequently signed, I'm using ldns_dnssec_zone_find_rrset() to look for RRs in that zone.
This works for normal RRs that do exist in the zone, but apparently not for RRs on a wildcard label. Do I have to handle those separately?
2. if the above call returns NULL I ideally need to return one or more NSEC records proving non-existence of the QTYPE (and/or QNAME). Pointers on functions that would assist in finding the right ones would be useful...
3. Is there a method by which I can add new RRs to an already signed zone and just have ldns update the RRSIGs and the NSEC chain for the new records? It's unclear whether the "special handling" in ldns_dnssec_zone_add_rr() covers this.
kind regards,
Ray
More information about the ldns-users
mailing list