The NSEC3PARAM RR contains the NSEC3 parameters (hash algorithm, flags, iterations and salt) needed by authoritative servers to calculate hashed owner names. The presence of an NSEC3PARAM RR at a zone apex indicates that the specified parameters may be used by authoritative servers to choose an appropriate set of NSEC3 RRs for negative responses. The NSEC3PARAM RR is not used by validators or resolvers.
The Hash Algorithm field identifies the cryptographic hash algorithm used to construct the hash-value.
The Flags field contains 8 one-bit flags that can be used to indicate different processing. All undefined flags must be zero. The only flag defined by the NSEC3 specification is the Opt-Out flag.
# File lib/Dnsruby/resource/NSEC3PARAM.rb, line 72 72: def flags=(f) 73: if (f==0 || f==1) 74: @flags=f 75: else 76: raise DecodeError.new("Unknown NSEC3 flags field - #{f}") 77: end 78: end
# File lib/Dnsruby/resource/NSEC3PARAM.rb, line 97 97: def from_string(input) 98: if (input.length > 0) 99: data = input.split(" ") 100: self.hash_alg=(data[0]).to_i 101: self.flags=(data[1]).to_i 102: self.iterations=(data[2]).to_i 103: self.salt=(data[3]) 104: # self.salt_length=(data[3].length) 105: end 106: end
# File lib/Dnsruby/resource/NSEC3PARAM.rb, line 54 54: def hash_alg=(a) 55: if (a.instance_of?String) 56: if (a.length == 1) 57: a = a.to_i 58: end 59: end 60: begin 61: alg = Nsec3HashAlgorithms.new(a) 62: @hash_alg = alg 63: rescue ArgumentError => e 64: raise DecodeError.new(e) 65: end 66: end
The Salt field is appended to the original owner name before hashing in order to defend against pre-calculated dictionary attacks.
# File lib/Dnsruby/resource/NSEC3PARAM.rb, line 45 45: def salt 46: return NSEC3.encode_salt(@salt) 47: end
Disabled; run with --debug to generate this.
Generated with the Darkfish Rdoc Generator 1.1.6.