diff -pruN 0.8+git20160720-3.2/aaaa.c 0.8+git20170804-0ubuntu3/aaaa.c --- 0.8+git20160720-3.2/aaaa.c 2016-02-04 14:14:15.000000000 +0000 +++ 0.8+git20170804-0ubuntu3/aaaa.c 2017-08-04 14:27:44.000000000 +0000 @@ -20,44 +20,44 @@ static struct rr *aaaa_parse(char *name, long ttl, int type, char *s) { - struct rr_aaaa *rr = getmem(sizeof(*rr)); + struct rr_aaaa *rr = getmem(sizeof(*rr)); - if (extract_ipv6(&s, "IPv6 address", &rr->address) <= 0) - return NULL; - if (*s) { - return bitch("garbage after valid AAAA data"); - } + if (extract_ipv6(&s, "IPv6 address", &rr->address) <= 0) + return NULL; + if (*s) { + return bitch("garbage after valid AAAA data"); + } - return store_record(type, name, ttl, rr); + return store_record(type, name, ttl, rr); } static char* aaaa_human(struct rr *rrv) { - RRCAST(aaaa); + RRCAST(aaaa); char s[1024]; - if (inet_ntop(AF_INET6, &rr->address, s, 1024)) - return quickstrdup_temp(s); - return "????"; + if (inet_ntop(AF_INET6, &rr->address, s, 1024)) + return quickstrdup_temp(s); + return "????"; } static struct binary_data aaaa_wirerdata(struct rr *rrv) { - RRCAST(aaaa); - struct binary_data r; + RRCAST(aaaa); + struct binary_data r; - r.length = sizeof(rr->address); - r.data = (void *)&rr->address; - return r; + r.length = sizeof(rr->address); + r.data = (void *)&rr->address; + return r; } static void* aaaa_validate_set(struct rr_set *rr_set) { - if (rr_set->named_rr->flags & NAME_FLAG_CONTAINS_SLASH) { - struct rr *rr = rr_set->tail; - return moan(rr->file_name, rr->line, "host name contains '/'"); - } - return NULL; + if (rr_set->named_rr->flags & NAME_FLAG_CONTAINS_SLASH) { + struct rr *rr = rr_set->tail; + return moan(rr->file_name, rr->line, "host name contains '/'"); + } + return NULL; } struct rr_methods aaaa_methods = { aaaa_parse, aaaa_human, aaaa_wirerdata, aaaa_validate_set, NULL }; diff -pruN 0.8+git20160720-3.2/a.c 0.8+git20170804-0ubuntu3/a.c --- 0.8+git20160720-3.2/a.c 2016-02-04 14:14:15.000000000 +0000 +++ 0.8+git20170804-0ubuntu3/a.c 2017-08-04 14:27:44.000000000 +0000 @@ -20,44 +20,44 @@ static struct rr *a_parse(char *name, long ttl, int type, char *s) { - struct rr_a *rr = getmem(sizeof(*rr)); + struct rr_a *rr = getmem(sizeof(*rr)); - if (extract_ipv4(&s, "IPv4 address", &rr->address) <= 0) - return NULL; - if (*s) { - return bitch("garbage after valid A data"); - } + if (extract_ipv4(&s, "IPv4 address", &rr->address) <= 0) + return NULL; + if (*s) { + return bitch("garbage after valid A data"); + } - return store_record(type, name, ttl, rr); + return store_record(type, name, ttl, rr); } static char* a_human(struct rr *rrv) { - RRCAST(a); - char s[1024]; + RRCAST(a); + char s[1024]; - if (inet_ntop(AF_INET, &rr->address, s, 1024)) - return quickstrdup_temp(s); - return "????"; + if (inet_ntop(AF_INET, &rr->address, s, 1024)) + return quickstrdup_temp(s); + return "????"; } static struct binary_data a_wirerdata(struct rr *rrv) { - RRCAST(a); - struct binary_data r; + RRCAST(a); + struct binary_data r; - r.length = sizeof(rr->address); - r.data = (void *)&rr->address; - return r; + r.length = sizeof(rr->address); + r.data = (void *)&rr->address; + return r; } static void* a_validate_set(struct rr_set *rr_set) { - if (rr_set->named_rr->flags & NAME_FLAG_CONTAINS_SLASH) { - struct rr *rr = rr_set->tail; - return moan(rr->file_name, rr->line, "host name contains '/'"); - } - return NULL; + if (rr_set->named_rr->flags & NAME_FLAG_CONTAINS_SLASH) { + struct rr *rr = rr_set->tail; + return moan(rr->file_name, rr->line, "host name contains '/'"); + } + return NULL; } struct rr_methods a_methods = { a_parse, a_human, a_wirerdata, a_validate_set, NULL }; diff -pruN 0.8+git20160720-3.2/afsdb.c 0.8+git20170804-0ubuntu3/afsdb.c --- 0.8+git20160720-3.2/afsdb.c 2016-02-04 14:14:15.000000000 +0000 +++ 0.8+git20170804-0ubuntu3/afsdb.c 2017-08-04 14:27:44.000000000 +0000 @@ -19,42 +19,42 @@ static struct rr *afsdb_parse(char *name, long ttl, int type, char *s) { - struct rr_afsdb *rr = getmem(sizeof(*rr)); + struct rr_afsdb *rr = getmem(sizeof(*rr)); - rr->subtype = extract_integer(&s, "AFSDB subtype", NULL); - if (rr->subtype < 0) - return NULL; + rr->subtype = extract_integer(&s, "AFSDB subtype", NULL); + if (rr->subtype < 0) + return NULL; - if (rr->subtype != 1 && rr->subtype != 2) - return bitch("unknown AFSDB subtype"); + if (rr->subtype != 1 && rr->subtype != 2) + return bitch("unknown AFSDB subtype"); - rr->hostname = extract_name(&s, "AFSDB hostname", 0); - if (!rr->hostname) - return NULL; + rr->hostname = extract_name(&s, "AFSDB hostname", 0); + if (!rr->hostname) + return NULL; - if (*s) { - return bitch("garbage after valid AFSDB data"); - } + if (*s) { + return bitch("garbage after valid AFSDB data"); + } - return store_record(type, name, ttl, rr); + return store_record(type, name, ttl, rr); } static char* afsdb_human(struct rr *rrv) { - RRCAST(afsdb); + RRCAST(afsdb); char s[1024]; snprintf(s, 1024, "%d %s", - rr->subtype, rr->hostname); + rr->subtype, rr->hostname); return quickstrdup_temp(s); } static struct binary_data afsdb_wirerdata(struct rr *rrv) { - RRCAST(afsdb); + RRCAST(afsdb); return compose_binary_data("2d", 1, - rr->subtype, name2wire_name(rr->hostname)); + rr->subtype, name2wire_name(rr->hostname)); } struct rr_methods afsdb_methods = { afsdb_parse, afsdb_human, afsdb_wirerdata, NULL, NULL }; diff -pruN 0.8+git20160720-3.2/base32hex.c 0.8+git20170804-0ubuntu3/base32hex.c --- 0.8+git20160720-3.2/base32hex.c 2016-02-04 14:14:15.000000000 +0000 +++ 0.8+git20170804-0ubuntu3/base32hex.c 2017-08-04 14:27:44.000000000 +0000 @@ -36,319 +36,319 @@ int decode_base32hex(void *dest, char *src, size_t dstsize) { - size_t processed = 0; - int full_bytes = 0; - unsigned char *dst = dest; - - while (*src) { - int v; - if (*src >= 'A' && *src <= 'V') - v = *src - 'A' + 10; - else if (*src >= 'a' && *src <= 'v') - v = *src - 'a' + 10; - else if (*src >= '0' && *src <= '9') - v = *src - '0'; - else if (isspace(*src) || *src == '=') { - src++; - continue; - } else { - /* any junk chars means input is corrupted */ - errno = EINVAL; - return -1; - } - src++; - if (processed % 8 == 0) { - if (dstsize <= 0) { - errno = EINVAL; - return -1; - } - dst[0] &= 0x07; - dst[0] |= (v << 3) & 0xF8; - processed++; - } else if (processed % 8 == 1) { - if (dstsize < 1) { - errno = EINVAL; - return -1; - } - dst[0] &= 0xF8; - dst[0] |= (v >> 2) & 0x07; - if (dstsize >= 2) { - dst[1] &= 0x3F; - dst[1] |= (v << 6) & 0xC0; - } - processed++; - full_bytes++; - } else if (processed % 8 == 2) { - if (dstsize < 2) { - errno = EINVAL; - return -1; - } - dst[1] &= 0xC1; - dst[1] |= (v << 1) & 0x3E; - processed++; - } else if (processed % 8 == 3) { - if (dstsize < 2) { - errno = EINVAL; - return -1; - } - dst[1] &= 0xFE; - dst[1] |= (v >> 4) & 0x01; - if (dstsize >= 3) { - dst[2] &= 0x0F; - dst[2] |= (v << 4) & 0xF0; - } - processed++; - full_bytes++; - } else if (processed % 8 == 4) { - if (dstsize < 3) { - errno = EINVAL; - return -1; - } - dst[2] &= 0xF0; - dst[2] |= (v >> 1) & 0x0F; - if (dstsize >= 4) { - dst[3] &= 0x7F; - dst[3] |= (v << 7) & 0x80; - } - processed++; - full_bytes++; - } else if (processed % 8 == 5) { - if (dstsize < 4) { - errno = EINVAL; - return -1; - } - dst[3] &= 0x83; - dst[3] |= (v << 2) & 0x7C; - processed++; - } else if (processed % 8 == 6) { - if (dstsize < 4) { - errno = EINVAL; - return -1; - } - dst[3] &= 0xFC; - dst[3] |= (v >> 3) & 0x03; - if (dstsize >= 5) { - dst[4] &= 0x1F; - dst[4] |= (v << 5) & 0xE0; - } - processed++; - full_bytes++; - } else { - if (dstsize < 5) { - errno = EINVAL; - return -1; - } - dst[4] &= 0xE0; - dst[4] |= v & 0x1F; - processed++; - dst += 5; - dstsize -= 5; - full_bytes++; - } - } - return full_bytes; + size_t processed = 0; + int full_bytes = 0; + unsigned char *dst = dest; + + while (*src) { + int v; + if (*src >= 'A' && *src <= 'V') + v = *src - 'A' + 10; + else if (*src >= 'a' && *src <= 'v') + v = *src - 'a' + 10; + else if (*src >= '0' && *src <= '9') + v = *src - '0'; + else if (isspace(*src) || *src == '=') { + src++; + continue; + } else { + /* any junk chars means input is corrupted */ + errno = EINVAL; + return -1; + } + src++; + if (processed % 8 == 0) { + if (dstsize <= 0) { + errno = EINVAL; + return -1; + } + dst[0] &= 0x07; + dst[0] |= (v << 3) & 0xF8; + processed++; + } else if (processed % 8 == 1) { + if (dstsize < 1) { + errno = EINVAL; + return -1; + } + dst[0] &= 0xF8; + dst[0] |= (v >> 2) & 0x07; + if (dstsize >= 2) { + dst[1] &= 0x3F; + dst[1] |= (v << 6) & 0xC0; + } + processed++; + full_bytes++; + } else if (processed % 8 == 2) { + if (dstsize < 2) { + errno = EINVAL; + return -1; + } + dst[1] &= 0xC1; + dst[1] |= (v << 1) & 0x3E; + processed++; + } else if (processed % 8 == 3) { + if (dstsize < 2) { + errno = EINVAL; + return -1; + } + dst[1] &= 0xFE; + dst[1] |= (v >> 4) & 0x01; + if (dstsize >= 3) { + dst[2] &= 0x0F; + dst[2] |= (v << 4) & 0xF0; + } + processed++; + full_bytes++; + } else if (processed % 8 == 4) { + if (dstsize < 3) { + errno = EINVAL; + return -1; + } + dst[2] &= 0xF0; + dst[2] |= (v >> 1) & 0x0F; + if (dstsize >= 4) { + dst[3] &= 0x7F; + dst[3] |= (v << 7) & 0x80; + } + processed++; + full_bytes++; + } else if (processed % 8 == 5) { + if (dstsize < 4) { + errno = EINVAL; + return -1; + } + dst[3] &= 0x83; + dst[3] |= (v << 2) & 0x7C; + processed++; + } else if (processed % 8 == 6) { + if (dstsize < 4) { + errno = EINVAL; + return -1; + } + dst[3] &= 0xFC; + dst[3] |= (v >> 3) & 0x03; + if (dstsize >= 5) { + dst[4] &= 0x1F; + dst[4] |= (v << 5) & 0xE0; + } + processed++; + full_bytes++; + } else { + if (dstsize < 5) { + errno = EINVAL; + return -1; + } + dst[4] &= 0xE0; + dst[4] |= v & 0x1F; + processed++; + dst += 5; + dstsize -= 5; + full_bytes++; + } + } + return full_bytes; } int encode_base32hex(void *dest, size_t dstsize, void *source, size_t srclength) { - size_t need_dstsize; - int byte = 0; - unsigned char *dst = dest; - unsigned char *src = source; - int i; - - need_dstsize = 8*(srclength / 5); - switch (srclength % 5) { - case 1: need_dstsize += 2; break; - case 2: need_dstsize += 4; break; - case 3: need_dstsize += 5; break; - case 4: need_dstsize += 7; break; - } - if (dstsize < need_dstsize) { - errno = EINVAL; - return -1; - } - while (srclength) { - switch (byte) { - case 0: - dst[0] = *src >> 3; - dst[1] = (*src & 0x07) << 2; - break; - case 1: - dst[1] |= (*src >> 6) & 0x03; - dst[2] = (*src >> 1) & 0x1f; - dst[3] = (*src & 0x01) << 4; - break; - case 2: - dst[3] |= (*src >> 4) & 0x0f; - dst[4] = (*src & 0x0f) << 1; - break; - case 3: - dst[4] |= (*src >> 7) & 0x01; - dst[5] = (*src >> 2) & 0x1f; - dst[6] = (*src & 0x03) << 3; - break; - case 4: - dst[6] |= (*src >> 5) & 0x07; - dst[7] = *src & 0x1f; - break; - } - - srclength--; - src++; - byte++; - if (byte == 5) { - dst += 8; - byte = 0; - } - } - dst = dest; - for (i = 0; i < need_dstsize; i++) { - if (*dst < 10) - *dst = *dst +'0'; - else if (*dst < 32) - *dst = *dst - 10 + 'a'; - else - *dst = '?'; - dst++; - } - return need_dstsize; + size_t need_dstsize; + int byte = 0; + unsigned char *dst = dest; + unsigned char *src = source; + int i; + + need_dstsize = 8*(srclength / 5); + switch (srclength % 5) { + case 1: need_dstsize += 2; break; + case 2: need_dstsize += 4; break; + case 3: need_dstsize += 5; break; + case 4: need_dstsize += 7; break; + } + if (dstsize < need_dstsize) { + errno = EINVAL; + return -1; + } + while (srclength) { + switch (byte) { + case 0: + dst[0] = *src >> 3; + dst[1] = (*src & 0x07) << 2; + break; + case 1: + dst[1] |= (*src >> 6) & 0x03; + dst[2] = (*src >> 1) & 0x1f; + dst[3] = (*src & 0x01) << 4; + break; + case 2: + dst[3] |= (*src >> 4) & 0x0f; + dst[4] = (*src & 0x0f) << 1; + break; + case 3: + dst[4] |= (*src >> 7) & 0x01; + dst[5] = (*src >> 2) & 0x1f; + dst[6] = (*src & 0x03) << 3; + break; + case 4: + dst[6] |= (*src >> 5) & 0x07; + dst[7] = *src & 0x1f; + break; + } + + srclength--; + src++; + byte++; + if (byte == 5) { + dst += 8; + byte = 0; + } + } + dst = dest; + for (i = 0; i < need_dstsize; i++) { + if (*dst < 10) + *dst = *dst +'0'; + else if (*dst < 32) + *dst = *dst - 10 + 'a'; + else + *dst = '?'; + dst++; + } + return need_dstsize; } #ifdef TEST_PROGRAM static int ok_string_test(int testnum, char *src, char *expect) { - unsigned char dstbuf[512]; - unsigned char reverse_buf[1024]; - int r, r0, i; - int expect_sz = strlen(expect); - int expect_reverse; - char *s, *d; - - if (expect_sz >= 512) { - printf("test %d: NOT OK: internal *test* error, buffer too small for proper testing, FIXME\n", testnum); - return 1; - } - memset(dstbuf, 0xAA, 512); - r = decode_base32hex(dstbuf, src, expect_sz); - if (r != expect_sz) { - printf("test %d: NOT OK: expect size %d, got %d\n", testnum, expect_sz, r); - return 1; - } else if (memcmp(dstbuf, expect, r) != 0) { - printf("test %d: NOT OK: unexpected buffer content\n", testnum); - return 1; - } - if (dstbuf[expect_sz] != 0xAA) { - printf("test %d: NOT OK: corrupts memory with \"just enough\" bufsize\n", testnum); - return 1; - } - r = encode_base32hex(reverse_buf, 1024, dstbuf, expect_sz); - s = src; d = (char*)dstbuf; - expect_reverse = 0; - while (*s) { - if (*s != ' ' && *s != '=') { - *d++ = tolower(*s); - expect_reverse++; - } - s++; - } - if (r != expect_reverse) { - printf("test %d: NOT OK: REVERSE: expect size %d, got %d\n", testnum, expect_reverse, r); - return 1; - } else if (memcmp(reverse_buf, dstbuf, r) != 0) { - printf("test %d: NOT OK: REVERSE: unexpected buffer content\n", testnum); - return 1; - } - memset(dstbuf, 0xAA, 512); - for (i = 0; i < expect_sz; i++) { - r0 = decode_base32hex(dstbuf, src, i); - if (r0 > 0) { - printf("test %d: NOT OK: buffer size %d should not be enough\n", testnum, i); - return 1; - } - if (dstbuf[i] != 0xAA) { - printf("test %d: NOT OK: corrupts memory with bufsize %d\n", testnum, i); - return 1; - } - } - printf("test %d: ok\n", testnum); - return 0; + unsigned char dstbuf[512]; + unsigned char reverse_buf[1024]; + int r, r0, i; + int expect_sz = strlen(expect); + int expect_reverse; + char *s, *d; + + if (expect_sz >= 512) { + printf("test %d: NOT OK: internal *test* error, buffer too small for proper testing, FIXME\n", testnum); + return 1; + } + memset(dstbuf, 0xAA, 512); + r = decode_base32hex(dstbuf, src, expect_sz); + if (r != expect_sz) { + printf("test %d: NOT OK: expect size %d, got %d\n", testnum, expect_sz, r); + return 1; + } else if (memcmp(dstbuf, expect, r) != 0) { + printf("test %d: NOT OK: unexpected buffer content\n", testnum); + return 1; + } + if (dstbuf[expect_sz] != 0xAA) { + printf("test %d: NOT OK: corrupts memory with \"just enough\" bufsize\n", testnum); + return 1; + } + r = encode_base32hex(reverse_buf, 1024, dstbuf, expect_sz); + s = src; d = (char*)dstbuf; + expect_reverse = 0; + while (*s) { + if (*s != ' ' && *s != '=') { + *d++ = tolower(*s); + expect_reverse++; + } + s++; + } + if (r != expect_reverse) { + printf("test %d: NOT OK: REVERSE: expect size %d, got %d\n", testnum, expect_reverse, r); + return 1; + } else if (memcmp(reverse_buf, dstbuf, r) != 0) { + printf("test %d: NOT OK: REVERSE: unexpected buffer content\n", testnum); + return 1; + } + memset(dstbuf, 0xAA, 512); + for (i = 0; i < expect_sz; i++) { + r0 = decode_base32hex(dstbuf, src, i); + if (r0 > 0) { + printf("test %d: NOT OK: buffer size %d should not be enough\n", testnum, i); + return 1; + } + if (dstbuf[i] != 0xAA) { + printf("test %d: NOT OK: corrupts memory with bufsize %d\n", testnum, i); + return 1; + } + } + printf("test %d: ok\n", testnum); + return 0; } static int expect_junk_error(int testnum, char *src) { - char *buf[20]; - int r; + char *buf[20]; + int r; - r = decode_base32hex(buf, src, 20); - if (r != -1) { - printf("test %d: NOT OK: junk input not recognized\n", testnum); - return 1; - } - printf("test %d: ok\n", testnum); - return 0; + r = decode_base32hex(buf, src, 20); + if (r != -1) { + printf("test %d: NOT OK: junk input not recognized\n", testnum); + return 1; + } + printf("test %d: ok\n", testnum); + return 0; } int main(void) { - int ret = 0; - int t = 1; + int ret = 0; + int t = 1; - /* from http://tools.ietf.org/html/rfc4648#section-10 */ - ret |= ok_string_test(t++, "", ""); - ret |= ok_string_test(t++, "CO======", "f"); - ret |= ok_string_test(t++, "Co=====", "f"); - ret |= ok_string_test(t++, "cO====", "f"); - ret |= ok_string_test(t++, "co===", "f"); - ret |= ok_string_test(t++, "CO==", "f"); - ret |= ok_string_test(t++, "CO=", "f"); - ret |= ok_string_test(t++, "CO", "f"); - - ret |= ok_string_test(t++, "CPNG====", "fo"); - ret |= ok_string_test(t++, "cPNG===", "fo"); - ret |= ok_string_test(t++, "cpNG==", "fo"); - ret |= ok_string_test(t++, "cpnG=", "fo"); - ret |= ok_string_test(t++, "cpng", "fo"); - - ret |= ok_string_test(t++, "CPNMU===", "foo"); - ret |= ok_string_test(t++, "CPnMU==", "foo"); - ret |= ok_string_test(t++, "CPnmu=", "foo"); - ret |= ok_string_test(t++, "cpNMU", "foo"); - - ret |= ok_string_test(t++, "CPNMUOG=", "foob"); - ret |= ok_string_test(t++, "CPNMUoG", "foob"); - - ret |= ok_string_test(t++, "CPNMUOJ1", "fooba"); - ret |= ok_string_test(t++, "cPnMuOj1", "fooba"); - ret |= ok_string_test(t++, "CpNmUoJ1", "fooba"); - ret |= ok_string_test(t++, "CpNm UoJ1", "fooba"); - - ret |= ok_string_test(t++, "CPNMUOJ1E8======", "foobar"); - ret |= ok_string_test(t++, "CPNMuOJ1E8=====", "foobar"); - ret |= ok_string_test(t++, "CpNMuOJ1E8====", "foobar"); - ret |= ok_string_test(t++, "CpNMuOJ1e8===", "foobar"); - ret |= ok_string_test(t++, "CpNmuOJ 1e8==", "foobar"); - ret |= ok_string_test(t++, "CpnmuOJ 1e8=", "foobar"); - ret |= ok_string_test(t++, "Cpn muOj 1e8", "foobar"); - - ret |= expect_junk_error(t++, "?m9vmF"); - ret |= expect_junk_error(t++, "%m9vmF"); - ret |= expect_junk_error(t++, "m&9vmF"); - ret |= expect_junk_error(t++, "m9-vmF"); - ret |= expect_junk_error(t++, "m9v*mF"); - ret |= expect_junk_error(t++, "m9v#mF"); - ret |= expect_junk_error(t++, "m9vm\x01F"); - ret |= expect_junk_error(t++, "m9vmF!"); - ret |= expect_junk_error(t++, "m9vmF."); - ret |= expect_junk_error(t++, "CpnmuOj/1e8x"); - ret |= expect_junk_error(t++, "CpnYmuOj1e8"); - ret |= expect_junk_error(t++, "CZpnmuOj1e8"); - ret |= expect_junk_error(t++, "CzpnmuOj1e8"); + /* from http://tools.ietf.org/html/rfc4648#section-10 */ + ret |= ok_string_test(t++, "", ""); + ret |= ok_string_test(t++, "CO======", "f"); + ret |= ok_string_test(t++, "Co=====", "f"); + ret |= ok_string_test(t++, "cO====", "f"); + ret |= ok_string_test(t++, "co===", "f"); + ret |= ok_string_test(t++, "CO==", "f"); + ret |= ok_string_test(t++, "CO=", "f"); + ret |= ok_string_test(t++, "CO", "f"); + + ret |= ok_string_test(t++, "CPNG====", "fo"); + ret |= ok_string_test(t++, "cPNG===", "fo"); + ret |= ok_string_test(t++, "cpNG==", "fo"); + ret |= ok_string_test(t++, "cpnG=", "fo"); + ret |= ok_string_test(t++, "cpng", "fo"); + + ret |= ok_string_test(t++, "CPNMU===", "foo"); + ret |= ok_string_test(t++, "CPnMU==", "foo"); + ret |= ok_string_test(t++, "CPnmu=", "foo"); + ret |= ok_string_test(t++, "cpNMU", "foo"); + + ret |= ok_string_test(t++, "CPNMUOG=", "foob"); + ret |= ok_string_test(t++, "CPNMUoG", "foob"); + + ret |= ok_string_test(t++, "CPNMUOJ1", "fooba"); + ret |= ok_string_test(t++, "cPnMuOj1", "fooba"); + ret |= ok_string_test(t++, "CpNmUoJ1", "fooba"); + ret |= ok_string_test(t++, "CpNm UoJ1", "fooba"); + + ret |= ok_string_test(t++, "CPNMUOJ1E8======", "foobar"); + ret |= ok_string_test(t++, "CPNMuOJ1E8=====", "foobar"); + ret |= ok_string_test(t++, "CpNMuOJ1E8====", "foobar"); + ret |= ok_string_test(t++, "CpNMuOJ1e8===", "foobar"); + ret |= ok_string_test(t++, "CpNmuOJ 1e8==", "foobar"); + ret |= ok_string_test(t++, "CpnmuOJ 1e8=", "foobar"); + ret |= ok_string_test(t++, "Cpn muOj 1e8", "foobar"); + + ret |= expect_junk_error(t++, "?m9vmF"); + ret |= expect_junk_error(t++, "%m9vmF"); + ret |= expect_junk_error(t++, "m&9vmF"); + ret |= expect_junk_error(t++, "m9-vmF"); + ret |= expect_junk_error(t++, "m9v*mF"); + ret |= expect_junk_error(t++, "m9v#mF"); + ret |= expect_junk_error(t++, "m9vm\x01F"); + ret |= expect_junk_error(t++, "m9vmF!"); + ret |= expect_junk_error(t++, "m9vmF."); + ret |= expect_junk_error(t++, "CpnmuOj/1e8x"); + ret |= expect_junk_error(t++, "CpnYmuOj1e8"); + ret |= expect_junk_error(t++, "CZpnmuOj1e8"); + ret |= expect_junk_error(t++, "CzpnmuOj1e8"); - ret |= ok_string_test(t++, "MEQIMI6FJE5NI47PJAHV5QIGU1LV3JLJ", "\xb3\xb5\x2b\x48\xcf\x9b\x8b\x79\x10\xf9\x9a\xa3\xf2\xea\x50\xf0\x6b\xf1\xce\xb3"); + ret |= ok_string_test(t++, "MEQIMI6FJE5NI47PJAHV5QIGU1LV3JLJ", "\xb3\xb5\x2b\x48\xcf\x9b\x8b\x79\x10\xf9\x9a\xa3\xf2\xea\x50\xf0\x6b\xf1\xce\xb3"); - return ret; + return ret; } #endif diff -pruN 0.8+git20160720-3.2/base64.c 0.8+git20170804-0ubuntu3/base64.c --- 0.8+git20160720-3.2/base64.c 2016-02-04 14:14:15.000000000 +0000 +++ 0.8+git20170804-0ubuntu3/base64.c 2017-08-04 14:27:44.000000000 +0000 @@ -23,180 +23,180 @@ int decode_base64(void *dest, char *src, size_t dstsize) { - size_t processed = 0; - int full_bytes = 0; - unsigned char *dst = dest; - - while (*src) { - int v; - if (*src >= 'A' && *src <= 'Z') - v = *src - 'A'; - else if (*src >= 'a' && *src <= 'z') - v = 26 + *src - 'a'; - else if (*src >= '0' && *src <= '9') - v = 52 + *src - '0'; - else if (*src == '+') - v = 62; - else if (*src == '/') - v = 63; - else if (isspace(*src) || *src == '=') { - src++; - continue; - } else { - /* any junk chars means input is corrupted */ - errno = EINVAL; - return -1; - } - src++; - if (processed % 4 == 0) { - if (dstsize <= 0) { - errno = EINVAL; - return -1; - } - dst[0] &= 0x03; - dst[0] |= (v << 2) & 0xFC; - processed++; - } else if (processed % 4 == 1) { - if (dstsize < 1) { - errno = EINVAL; - return -1; - } - dst[0] &= 0xFC; - dst[0] |= (v >> 4) & 0x03; - if (dstsize >= 2) { - dst[1] &= 0x0F; - dst[1] |= (v << 4) & 0xF0; - } - processed++; - full_bytes++; - } else if (processed % 4 == 2) { - if (dstsize < 2) { - errno = EINVAL; - return -1; - } - dst[1] &= 0xF0; - dst[1] |= (v >> 2) & 0x0F; - if (dstsize >= 3) { - dst[2] &= 0x3F; - dst[2] |= (v << 6) & 0xC0; - } - processed++; - full_bytes++; - } else { - if (dstsize <= 2) { - errno = EINVAL; - return -1; - } - dst[2] &= 0xC0; - dst[2] |= v & 0x3F; - processed++; - dst += 3; - dstsize -= 3; - full_bytes++; - } - } - return full_bytes; + size_t processed = 0; + int full_bytes = 0; + unsigned char *dst = dest; + + while (*src) { + int v; + if (*src >= 'A' && *src <= 'Z') + v = *src - 'A'; + else if (*src >= 'a' && *src <= 'z') + v = 26 + *src - 'a'; + else if (*src >= '0' && *src <= '9') + v = 52 + *src - '0'; + else if (*src == '+') + v = 62; + else if (*src == '/') + v = 63; + else if (isspace(*src) || *src == '=') { + src++; + continue; + } else { + /* any junk chars means input is corrupted */ + errno = EINVAL; + return -1; + } + src++; + if (processed % 4 == 0) { + if (dstsize <= 0) { + errno = EINVAL; + return -1; + } + dst[0] &= 0x03; + dst[0] |= (v << 2) & 0xFC; + processed++; + } else if (processed % 4 == 1) { + if (dstsize < 1) { + errno = EINVAL; + return -1; + } + dst[0] &= 0xFC; + dst[0] |= (v >> 4) & 0x03; + if (dstsize >= 2) { + dst[1] &= 0x0F; + dst[1] |= (v << 4) & 0xF0; + } + processed++; + full_bytes++; + } else if (processed % 4 == 2) { + if (dstsize < 2) { + errno = EINVAL; + return -1; + } + dst[1] &= 0xF0; + dst[1] |= (v >> 2) & 0x0F; + if (dstsize >= 3) { + dst[2] &= 0x3F; + dst[2] |= (v << 6) & 0xC0; + } + processed++; + full_bytes++; + } else { + if (dstsize <= 2) { + errno = EINVAL; + return -1; + } + dst[2] &= 0xC0; + dst[2] |= v & 0x3F; + processed++; + dst += 3; + dstsize -= 3; + full_bytes++; + } + } + return full_bytes; } #ifdef TEST_PROGRAM static int ok_string_test(int testnum, char *src, char *expect) { - unsigned char dstbuf[512]; - int r, r0, i; - int expect_sz = strlen(expect); - - if (expect_sz >= 512) { - printf("test %d: NOT OK: internal *test* error, buffer too small for proper testing, FIXME\n", testnum); - return 1; - } - memset(dstbuf, 0xAA, 512); - r = decode_base64(dstbuf, src, expect_sz); - if (r != expect_sz) { - printf("test %d: NOT OK: expect size %d, got %d\n", testnum, expect_sz, r); - return 1; - } else if (memcmp(dstbuf, expect, r) != 0) { - printf("test %d: NOT OK: unexpected buffer content\n", testnum); - return 1; - } - if (dstbuf[expect_sz] != 0xAA) { - printf("test %d: NOT OK: corrupts memory with \"just enough\" bufsize\n", testnum); - return 1; - } - memset(dstbuf, 0xAA, 512); - for (i = 0; i < expect_sz; i++) { - r0 = decode_base64(dstbuf, src, i); - if (r0 > 0) { - printf("test %d: NOT OK: buffer size %d should not be enough\n", testnum, i); - return 1; - } - if (dstbuf[i] != 0xAA) { - printf("test %d: NOT OK: corrupts memory with bufsize %d\n", testnum, i); - return 1; - } - } - printf("test %d: ok\n", testnum); - return 0; + unsigned char dstbuf[512]; + int r, r0, i; + int expect_sz = strlen(expect); + + if (expect_sz >= 512) { + printf("test %d: NOT OK: internal *test* error, buffer too small for proper testing, FIXME\n", testnum); + return 1; + } + memset(dstbuf, 0xAA, 512); + r = decode_base64(dstbuf, src, expect_sz); + if (r != expect_sz) { + printf("test %d: NOT OK: expect size %d, got %d\n", testnum, expect_sz, r); + return 1; + } else if (memcmp(dstbuf, expect, r) != 0) { + printf("test %d: NOT OK: unexpected buffer content\n", testnum); + return 1; + } + if (dstbuf[expect_sz] != 0xAA) { + printf("test %d: NOT OK: corrupts memory with \"just enough\" bufsize\n", testnum); + return 1; + } + memset(dstbuf, 0xAA, 512); + for (i = 0; i < expect_sz; i++) { + r0 = decode_base64(dstbuf, src, i); + if (r0 > 0) { + printf("test %d: NOT OK: buffer size %d should not be enough\n", testnum, i); + return 1; + } + if (dstbuf[i] != 0xAA) { + printf("test %d: NOT OK: corrupts memory with bufsize %d\n", testnum, i); + return 1; + } + } + printf("test %d: ok\n", testnum); + return 0; } static int expect_junk_error(int testnum, char *src) { - char *buf[20]; - int r; + char *buf[20]; + int r; - r = decode_base64(buf, src, 20); - if (r != -1) { - printf("test %d: NOT OK: junk input not recognized\n", testnum); - return 1; - } - printf("test %d: ok\n", testnum); - return 0; + r = decode_base64(buf, src, 20); + if (r != -1) { + printf("test %d: NOT OK: junk input not recognized\n", testnum); + return 1; + } + printf("test %d: ok\n", testnum); + return 0; } int main(void) { - int ret = 0; + int ret = 0; - /* from http://en.wikipedia.org/wiki/Base64 */ - ret |= ok_string_test(1, "bGVhc3VyZS4=", "leasure."); - ret |= ok_string_test(2, "bGVhc3VyZS4", "leasure."); - ret |= ok_string_test(3, "ZWFzdXJlLg==", "easure."); - ret |= ok_string_test(4, "ZWFzdXJlLg=", "easure."); - ret |= ok_string_test(5, "ZWFzdXJlLg", "easure."); - ret |= ok_string_test(6, "YXN1cmUu", "asure."); - ret |= ok_string_test(7, "c3VyZS4=", "sure."); - ret |= ok_string_test(8, "c3VyZS4", "sure."); - ret |= ok_string_test(9, "TWFuIGlzIGRpc3Rpbmd1aXNoZWQsIG5vdCBvbmx5IGJ5IGhpcyByZWFzb24sIGJ1dCBieSB0aGlz\n" - "IHNpbmd1bGFyIHBhc3Npb24gZnJvbSBvdGhlciBhbmltYWxzLCB3aGljaCBpcyBhIGx1c3Qgb2Yg\n" - "dGhlIG1pbmQsIHRoYXQgYnkgYSBwZXJzZXZlcmFuY2Ugb2YgZGVsaWdodCBpbiB0aGUgY29udGlu\n" - "dWVkIGFuZCBpbmRlZmF0aWdhYmxlIGdlbmVyYXRpb24gb2Yga25vd2xlZGdlLCBleGNlZWRzIHRo\n" - "ZSBzaG9ydCB2ZWhlbWVuY2Ugb2YgYW55IGNhcm5hbCBwbGVhc3VyZS4=", - "Man is distinguished, not only by his reason, but by this singular passion from other animals, which is a lust of the mind, that by a perseverance of delight in the continued and indefatigable generation of knowledge, exceeds the short vehemence of any carnal pleasure."); - /* from http://tools.ietf.org/html/rfc4648#section-10 */ - ret |= ok_string_test(10, "", ""); - ret |= ok_string_test(11, "Zg==", "f"); - ret |= ok_string_test(12, "Zg=", "f"); - ret |= ok_string_test(13, "Zg", "f"); - ret |= ok_string_test(14, "Zm8=", "fo"); - ret |= ok_string_test(15, "Zm8", "fo"); - ret |= ok_string_test(16, "Zm9v", "foo"); - ret |= ok_string_test(17, "Zm9vYg==", "foob"); - ret |= ok_string_test(18, "Zm9vYg=", "foob"); - ret |= ok_string_test(19, "Zm9vYg", "foob"); - ret |= ok_string_test(20, "Zm9vYmE=", "fooba"); - ret |= ok_string_test(21, "Zm9vYmE", "fooba"); - ret |= ok_string_test(22, "Zm9vYmFy", "foobar"); - - ret |= expect_junk_error(23, "?Zm9vYmFy"); - ret |= expect_junk_error(24, "Z%m9vYmFy"); - ret |= expect_junk_error(25, "Zm&9vYmFy"); - ret |= expect_junk_error(26, "Zm9-vYmFy"); - ret |= expect_junk_error(27, "Zm9v*YmFy"); - ret |= expect_junk_error(28, "Zm9vY#mFy"); - ret |= expect_junk_error(29, "Zm9vYm\x01Fy"); - ret |= expect_junk_error(30, "Zm9vYmF!y"); - ret |= expect_junk_error(31, "Zm9vYmFy."); + /* from http://en.wikipedia.org/wiki/Base64 */ + ret |= ok_string_test(1, "bGVhc3VyZS4=", "leasure."); + ret |= ok_string_test(2, "bGVhc3VyZS4", "leasure."); + ret |= ok_string_test(3, "ZWFzdXJlLg==", "easure."); + ret |= ok_string_test(4, "ZWFzdXJlLg=", "easure."); + ret |= ok_string_test(5, "ZWFzdXJlLg", "easure."); + ret |= ok_string_test(6, "YXN1cmUu", "asure."); + ret |= ok_string_test(7, "c3VyZS4=", "sure."); + ret |= ok_string_test(8, "c3VyZS4", "sure."); + ret |= ok_string_test(9, "TWFuIGlzIGRpc3Rpbmd1aXNoZWQsIG5vdCBvbmx5IGJ5IGhpcyByZWFzb24sIGJ1dCBieSB0aGlz\n" + "IHNpbmd1bGFyIHBhc3Npb24gZnJvbSBvdGhlciBhbmltYWxzLCB3aGljaCBpcyBhIGx1c3Qgb2Yg\n" + "dGhlIG1pbmQsIHRoYXQgYnkgYSBwZXJzZXZlcmFuY2Ugb2YgZGVsaWdodCBpbiB0aGUgY29udGlu\n" + "dWVkIGFuZCBpbmRlZmF0aWdhYmxlIGdlbmVyYXRpb24gb2Yga25vd2xlZGdlLCBleGNlZWRzIHRo\n" + "ZSBzaG9ydCB2ZWhlbWVuY2Ugb2YgYW55IGNhcm5hbCBwbGVhc3VyZS4=", + "Man is distinguished, not only by his reason, but by this singular passion from other animals, which is a lust of the mind, that by a perseverance of delight in the continued and indefatigable generation of knowledge, exceeds the short vehemence of any carnal pleasure."); + /* from http://tools.ietf.org/html/rfc4648#section-10 */ + ret |= ok_string_test(10, "", ""); + ret |= ok_string_test(11, "Zg==", "f"); + ret |= ok_string_test(12, "Zg=", "f"); + ret |= ok_string_test(13, "Zg", "f"); + ret |= ok_string_test(14, "Zm8=", "fo"); + ret |= ok_string_test(15, "Zm8", "fo"); + ret |= ok_string_test(16, "Zm9v", "foo"); + ret |= ok_string_test(17, "Zm9vYg==", "foob"); + ret |= ok_string_test(18, "Zm9vYg=", "foob"); + ret |= ok_string_test(19, "Zm9vYg", "foob"); + ret |= ok_string_test(20, "Zm9vYmE=", "fooba"); + ret |= ok_string_test(21, "Zm9vYmE", "fooba"); + ret |= ok_string_test(22, "Zm9vYmFy", "foobar"); + + ret |= expect_junk_error(23, "?Zm9vYmFy"); + ret |= expect_junk_error(24, "Z%m9vYmFy"); + ret |= expect_junk_error(25, "Zm&9vYmFy"); + ret |= expect_junk_error(26, "Zm9-vYmFy"); + ret |= expect_junk_error(27, "Zm9v*YmFy"); + ret |= expect_junk_error(28, "Zm9vY#mFy"); + ret |= expect_junk_error(29, "Zm9vYm\x01Fy"); + ret |= expect_junk_error(30, "Zm9vYmF!y"); + ret |= expect_junk_error(31, "Zm9vYmFy."); - return ret; + return ret; } #endif diff -pruN 0.8+git20160720-3.2/caa.c 0.8+git20170804-0ubuntu3/caa.c --- 0.8+git20160720-3.2/caa.c 1970-01-01 00:00:00.000000000 +0000 +++ 0.8+git20170804-0ubuntu3/caa.c 2017-08-04 14:27:44.000000000 +0000 @@ -0,0 +1,90 @@ +/* + * Part of DNS zone file validator `validns`. + * + * Copyright 2011-2017 Anton Berezin + * Modified BSD license. + * (See LICENSE file in the distribution.) + * + */ +#include +#include +#include +#include +#include + +#include "common.h" +#include "textparse.h" +#include "mempool.h" +#include "carp.h" +#include "rr.h" + +static struct rr* caa_parse(char *name, long ttl, int type, char *s) +{ + struct rr_caa *rr = getmem(sizeof(*rr)); + int flags; + char *str_tag; + + flags = extract_integer(&s, "CAA flags", NULL); + if (flags < 0) return NULL; + if (flags != 0 && flags != 128) + return bitch("CAA unrecognized flags value"); + rr->flags = flags; + + str_tag = extract_label(&s, "CAA tag", "temporary"); + if (!str_tag) return NULL; + + if (strcmp(str_tag, "issue") == 0) { + /* ok */ + } else if (strcmp(str_tag, "issuewild") == 0) { + /* ok */ + } else if (strcmp(str_tag, "iodef") == 0) { + /* ok */ + } else if (strcmp(str_tag, "auth") == 0) + return bitch("CAA reserved tag name"); + else if (strcmp(str_tag, "path") == 0) + return bitch("CAA reserved tag name"); + else if (strcmp(str_tag, "policy") == 0) + return bitch("CAA reserved tag name"); + else + return bitch("CAA unrecognized tag name"); + + rr->tag = compose_binary_data("s", 0, str_tag); + rr->value = extract_text(&s, "CAA tag value"); + if (rr->value.length <= 0) + return bitch("CAA missing tag value"); + + if (*s) { + return bitch("garbage after valid CAA data"); + } + return store_record(type, name, ttl, rr); +} + +static char* caa_human(struct rr *rrv) +{ + RRCAST(caa); + char ss[4096]; + char *s = ss; + int l; + + /* incomplete */ + l = snprintf(s, 4096, "%u", rr->flags); + s += l; + return quickstrdup_temp(ss); +} + +static struct binary_data caa_wirerdata(struct rr *rrv) +{ + RRCAST(caa); + + return compose_binary_data("1dd", 1, rr->flags, rr->tag, rr->value); +} + +/* +static void *caa_validate(struct rr *rrv) +{ + dump_binary_data(stderr, call_get_wired(rrv)); + return NULL; +} +*/ + +struct rr_methods caa_methods = { caa_parse, caa_human, caa_wirerdata, NULL, NULL }; diff -pruN 0.8+git20160720-3.2/carp.c 0.8+git20170804-0ubuntu3/carp.c --- 0.8+git20160720-3.2/carp.c 2016-02-04 14:14:15.000000000 +0000 +++ 0.8+git20170804-0ubuntu3/carp.c 2017-08-04 14:27:44.000000000 +0000 @@ -23,77 +23,77 @@ static void v(int is_croak, int is_x, in void croak(int exit_code, const char *fmt, ...) { - va_list ap; - va_start(ap, fmt); - v(1, errno, exit_code, fmt, ap); - va_end(ap); + va_list ap; + va_start(ap, fmt); + v(1, errno, exit_code, fmt, ap); + va_end(ap); } void croakx(int exit_code, const char *fmt, ...) { - va_list ap; - va_start(ap, fmt); - v(1, -1, exit_code, fmt, ap); - va_end(ap); + va_list ap; + va_start(ap, fmt); + v(1, -1, exit_code, fmt, ap); + va_end(ap); } void * bitch(const char *fmt, ...) { - va_list ap; - va_start(ap, fmt); - if (!G.opt.no_output) { - fprintf(stderr, "%s:%d: ", file_info->name, file_info->line); - if (fmt != NULL) { - vfprintf(stderr, fmt, ap); - } - fprintf(stderr, "\n"); - } - va_end(ap); - G.exit_code = 1; - G.stats.error_count++; - file_info->paren_mode = 0; - if (G.opt.die_on_first_error) - exit(1); - return NULL; + va_list ap; + va_start(ap, fmt); + if (!G.opt.no_output) { + fprintf(stderr, "%s:%d: ", file_info->name, file_info->line); + if (fmt != NULL) { + vfprintf(stderr, fmt, ap); + } + fprintf(stderr, "\n"); + } + va_end(ap); + G.exit_code = 1; + G.stats.error_count++; + file_info->paren_mode = 0; + if (G.opt.die_on_first_error) + exit(1); + return NULL; } void * moan(char *file_name, int line, const char *fmt, ...) { - va_list ap; - va_start(ap, fmt); - if (!G.opt.no_output) { - fprintf(stderr, "%s:%d: ", file_name, line); - if (fmt != NULL) { - vfprintf(stderr, fmt, ap); - } - fprintf(stderr, "\n"); - } - va_end(ap); - G.exit_code = 1; - G.stats.error_count++; - if (G.opt.die_on_first_error) - exit(1); - return NULL; + va_list ap; + va_start(ap, fmt); + if (!G.opt.no_output) { + fprintf(stderr, "%s:%d: ", file_name, line); + if (fmt != NULL) { + vfprintf(stderr, fmt, ap); + } + fprintf(stderr, "\n"); + } + va_end(ap); + G.exit_code = 1; + G.stats.error_count++; + if (G.opt.die_on_first_error) + exit(1); + return NULL; } void v(int is_croak, int use_errno, int exit_code, const char *fmt, va_list ap) { - fprintf(stderr, "%s: ", thisprogname()); - if (fmt != NULL) { - vfprintf(stderr, fmt, ap); - if (use_errno >= 0) - fprintf(stderr, ": "); - } - if (use_errno >= 0) - fprintf(stderr, "%s\n", strerror(use_errno)); - else - fprintf(stderr, "\n"); - if (is_croak) - exit(exit_code); + fprintf(stderr, "%s: ", thisprogname()); + if (fmt != NULL) { + vfprintf(stderr, fmt, ap); + if (use_errno >= 0) + fprintf(stderr, ": "); + } + if (use_errno >= 0) + fprintf(stderr, "%s\n", strerror(use_errno)); + else + fprintf(stderr, "\n"); + if (is_croak) + exit(exit_code); } #if defined(__linux__) @@ -103,15 +103,15 @@ static char proggy[MAXPATHLEN]; const char *thisprogname(void) { #if defined(__FreeBSD__) - return getprogname(); + return getprogname(); #elif defined(__APPLE__) - return getprogname(); + return getprogname(); #elif defined(__sun__) - return getexecname(); + return getexecname(); #elif defined(__linux__) - if (readlink("/proc/self/exe", proggy, MAXPATHLEN) != -1) - return proggy; - return ""; + if (readlink("/proc/self/exe", proggy, MAXPATHLEN) != -1) + return proggy; + return ""; #else #error "unsupported OS" #endif diff -pruN 0.8+git20160720-3.2/cbtree.c 0.8+git20170804-0ubuntu3/cbtree.c --- 0.8+git20160720-3.2/cbtree.c 2016-02-04 14:14:15.000000000 +0000 +++ 0.8+git20170804-0ubuntu3/cbtree.c 2017-08-04 14:27:44.000000000 +0000 @@ -24,10 +24,10 @@ struct node { struct pool { - struct pool *next; - size_t pool_size; - size_t free_index; - char mem[0]; + struct pool *next; + size_t pool_size; + size_t free_index; + char mem[0]; }; static struct pool *internal = NULL; @@ -35,35 +35,35 @@ static struct pool *external = NULL; static int new_pool(struct pool **root, size_t size) { - struct pool *pool; + struct pool *pool; - size = (size + sizeof(void *) - 1) / sizeof(void *); - size *= sizeof(void *); - pool = malloc(size + sizeof(struct pool)); - if (!pool) { - return 1; - } - pool->next = *root; - pool->free_index = 0; - pool->pool_size = size; - *root = pool; - return 0; + size = (size + sizeof(void *) - 1) / sizeof(void *); + size *= sizeof(void *); + pool = malloc(size + sizeof(struct pool)); + if (!pool) { + return 1; + } + pool->next = *root; + pool->free_index = 0; + pool->pool_size = size; + *root = pool; + return 0; } static void *alloc(struct pool **root, size_t size) { - void *ret; - size = (size + sizeof(void *) - 1) / sizeof(void *); - size *= sizeof(void *); - if (!*root) - if (new_pool(root, size > 256000 ? size : 256000) != 0) - return NULL; - if ((*root)->pool_size - (*root)->free_index < size) - if (new_pool(root, size > 256000 ? size : 256000) != 0) - return NULL; - ret = (*root)->mem + (*root)->free_index; - (*root)->free_index += size; - return ret; + void *ret; + size = (size + sizeof(void *) - 1) / sizeof(void *); + size *= sizeof(void *); + if (!*root) + if (new_pool(root, size > 256000 ? size : 256000) != 0) + return NULL; + if ((*root)->pool_size - (*root)->free_index < size) + if (new_pool(root, size > 256000 ? size : 256000) != 0) + return NULL; + ret = (*root)->mem + (*root)->free_index; + (*root)->free_index += size; + return ret; } /* main code */ @@ -75,318 +75,318 @@ cbtree_find(struct cbtree *t, const char const size_t ulen = strlen(u); uint8_t *p = t->root; - /* Test for empty tree */ - if (!p) return NULL; + /* Test for empty tree */ + if (!p) return NULL; /* Walk tree for best member */ - while (1 & (intptr_t) p) { - struct node *q = (void *)(p - 1); - /* Calculate direction */ - int direction; - uint8_t c = 0; - - if (q->byte < ulen) - c = ubytes[q->byte]; - direction = (1 + (q->otherbits | c)) >> 8; - - p = q->child[direction]; - } - - /* The leaves contain "[data ptr][string]" */ - if (strcmp(u, (const char *)(p + sizeof(intptr_t))) == 0) - return (intptr_t *)p; - return NULL; + while (1 & (intptr_t) p) { + struct node *q = (void *)(p - 1); + /* Calculate direction */ + int direction; + uint8_t c = 0; + + if (q->byte < ulen) + c = ubytes[q->byte]; + direction = (1 + (q->otherbits | c)) >> 8; + + p = q->child[direction]; + } + + /* The leaves contain "[data ptr][string]" */ + if (strcmp(u, (const char *)(p + sizeof(intptr_t))) == 0) + return (intptr_t *)p; + return NULL; } intptr_t* cbtree_insert(struct cbtree *t, const char *u) { - const uint8_t *const ubytes = (void *) u; - const size_t ulen = strlen(u); - uint8_t *p = t->root; - - /* Deal with inserting into an empty tree */ - if (!p) { - char *x = alloc(&external, ulen + 1 + sizeof(intptr_t)); - if (!x) - return NULL; - *((intptr_t *)x) = 0; - memcpy(x + sizeof(intptr_t), u, ulen + 1); - t->root = x; - return (intptr_t *)x; - } + const uint8_t *const ubytes = (void *) u; + const size_t ulen = strlen(u); + uint8_t *p = t->root; + + /* Deal with inserting into an empty tree */ + if (!p) { + char *x = alloc(&external, ulen + 1 + sizeof(intptr_t)); + if (!x) + return NULL; + *((intptr_t *)x) = 0; + memcpy(x + sizeof(intptr_t), u, ulen + 1); + t->root = x; + return (intptr_t *)x; + } /* Walk tree for best member */ - while (1 & (intptr_t) p) { - struct node *q = (void *)(p - 1); - /* Calculate direction */ - int direction; - uint8_t c = 0; - - if (q->byte < ulen) - c = ubytes[q->byte]; - direction = (1 + (q->otherbits | c)) >> 8; - - p = q->child[direction]; - } - - /* Find the critical bit */ - /* 1: Find differing byte */ - uint32_t newbyte; - uint32_t newotherbits; - - for (newbyte = 0; newbyte < ulen; ++newbyte) { - if (p[sizeof(intptr_t) + newbyte] != ubytes[newbyte]) { - newotherbits = p[sizeof(intptr_t) + newbyte] ^ ubytes[newbyte]; - goto different_byte_found; - } - } - - if (p[sizeof(intptr_t) + newbyte] != 0) { - newotherbits = p[sizeof(intptr_t) + newbyte]; - goto different_byte_found; - } - return (intptr_t *)p; + while (1 & (intptr_t) p) { + struct node *q = (void *)(p - 1); + /* Calculate direction */ + int direction; + uint8_t c = 0; + + if (q->byte < ulen) + c = ubytes[q->byte]; + direction = (1 + (q->otherbits | c)) >> 8; + + p = q->child[direction]; + } + + /* Find the critical bit */ + /* 1: Find differing byte */ + uint32_t newbyte; + uint32_t newotherbits; + + for (newbyte = 0; newbyte < ulen; ++newbyte) { + if (p[sizeof(intptr_t) + newbyte] != ubytes[newbyte]) { + newotherbits = p[sizeof(intptr_t) + newbyte] ^ ubytes[newbyte]; + goto different_byte_found; + } + } + + if (p[sizeof(intptr_t) + newbyte] != 0) { + newotherbits = p[sizeof(intptr_t) + newbyte]; + goto different_byte_found; + } + return (intptr_t *)p; different_byte_found: - /* 2: Find differing bit */ - newotherbits |= newotherbits >> 1; - newotherbits |= newotherbits >> 2; - newotherbits |= newotherbits >> 4; - newotherbits = (newotherbits & ~(newotherbits >> 1)) ^ 255; - uint8_t c = p[sizeof(intptr_t) + newbyte]; - int newdirection = (1 + (newotherbits | c)) >> 8; - - /* Insert new string */ - - /* 1: Allocate new node structure */ - struct node *newnode; - - newnode = alloc(&internal, sizeof(struct node)); - if (!newnode) - return NULL; - - char *x = alloc(&external, ulen + 1 + sizeof(intptr_t)); - if (!x) - return NULL; - *((intptr_t *)x) = 0; - memcpy(x + sizeof(intptr_t), ubytes, ulen + 1); - - newnode->byte = newbyte; - newnode->otherbits = newotherbits; - newnode->child[1 - newdirection] = x; - - /* 2: Insert new node */ - void **wherep = &t->root; - for (;;) { - uint8_t *p = *wherep; - if (!(1 & (intptr_t) p)) break; - struct node *q = (void *) (p - 1); - if (q->byte > newbyte) break; - if (q->byte == newbyte && q->otherbits > newotherbits) break; - uint8_t c = 0; - if (q->byte < ulen) c = ubytes[q->byte]; - const int direction = (1 + (q->otherbits | c)) >> 8; - wherep = q->child + direction; - } + /* 2: Find differing bit */ + newotherbits |= newotherbits >> 1; + newotherbits |= newotherbits >> 2; + newotherbits |= newotherbits >> 4; + newotherbits = (newotherbits & ~(newotherbits >> 1)) ^ 255; + uint8_t c = p[sizeof(intptr_t) + newbyte]; + int newdirection = (1 + (newotherbits | c)) >> 8; + + /* Insert new string */ + + /* 1: Allocate new node structure */ + struct node *newnode; + + newnode = alloc(&internal, sizeof(struct node)); + if (!newnode) + return NULL; + + char *x = alloc(&external, ulen + 1 + sizeof(intptr_t)); + if (!x) + return NULL; + *((intptr_t *)x) = 0; + memcpy(x + sizeof(intptr_t), ubytes, ulen + 1); + + newnode->byte = newbyte; + newnode->otherbits = newotherbits; + newnode->child[1 - newdirection] = x; + + /* 2: Insert new node */ + void **wherep = &t->root; + for (;;) { + uint8_t *p = *wherep; + if (!(1 & (intptr_t) p)) break; + struct node *q = (void *) (p - 1); + if (q->byte > newbyte) break; + if (q->byte == newbyte && q->otherbits > newotherbits) break; + uint8_t c = 0; + if (q->byte < ulen) c = ubytes[q->byte]; + const int direction = (1 + (q->otherbits | c)) >> 8; + wherep = q->child + direction; + } - newnode->child[newdirection] = *wherep; - *wherep = (void *) (1 + (char *) newnode); + newnode->child[newdirection] = *wherep; + *wherep = (void *) (1 + (char *) newnode); - return (intptr_t *)x; + return (intptr_t *)x; } intptr_t cbtree_delete(struct cbtree *t, const char *u) { - const uint8_t *ubytes = (void *) u; - const size_t ulen = strlen(u); - uint8_t *p = t->root; - void **wherep = &t->root; - void **whereq = 0; - struct node *q = 0; - int direction = 0; - intptr_t ret; - - /* Deal with deleting from an empty tree */ - if (!p) return 0; - - /* Walk the tree for the best match */ - while (1 & (intptr_t) p) { - whereq = wherep; - q = (void *) (p - 1); - uint8_t c = 0; - if (q->byte < ulen) c = ubytes[q->byte]; - direction = (1 + (q->otherbits | c)) >> 8; - wherep = q->child + direction; - p = *wherep; - } - - /* Check the best match */ - if (0 != strcmp(u, (const char *)(p + sizeof(intptr_t)))) - return 0; - ret = *((intptr_t *)p); - - /* Remove the element and/or node */ - if (!whereq) { - t->root = 0; - return ret; - } + const uint8_t *ubytes = (void *) u; + const size_t ulen = strlen(u); + uint8_t *p = t->root; + void **wherep = &t->root; + void **whereq = 0; + struct node *q = 0; + int direction = 0; + intptr_t ret; + + /* Deal with deleting from an empty tree */ + if (!p) return 0; + + /* Walk the tree for the best match */ + while (1 & (intptr_t) p) { + whereq = wherep; + q = (void *) (p - 1); + uint8_t c = 0; + if (q->byte < ulen) c = ubytes[q->byte]; + direction = (1 + (q->otherbits | c)) >> 8; + wherep = q->child + direction; + p = *wherep; + } + + /* Check the best match */ + if (0 != strcmp(u, (const char *)(p + sizeof(intptr_t)))) + return 0; + ret = *((intptr_t *)p); + + /* Remove the element and/or node */ + if (!whereq) { + t->root = 0; + return ret; + } - *whereq = q->child[1 - direction]; - // free(q); + *whereq = q->child[1 - direction]; + // free(q); - return ret; + return ret; } static void traverse(void *top) { - uint8_t *p = top; + uint8_t *p = top; - if (1 & (intptr_t) p) { - struct node *q = (void *) (p - 1); - traverse(q->child[0]); - traverse(q->child[1]); - // free(q); - } else { - // free(p); - } + if (1 & (intptr_t) p) { + struct node *q = (void *) (p - 1); + traverse(q->child[0]); + traverse(q->child[1]); + // free(q); + } else { + // free(p); + } } void cbtree_clear(struct cbtree *t) { - if (t->root) traverse(t->root); - t->root = NULL; + if (t->root) traverse(t->root); + t->root = NULL; } static int allprefixed_traverse(uint8_t *top, int (*handle)(const char *, intptr_t *, void *), void *arg) { - int direction; + int direction; - /* Deal with an internal node */ - if (1 & (intptr_t) top) { - struct node *q = (void *) (top - 1); - for (direction = 0; direction < 2; ++direction) - switch(allprefixed_traverse(q->child[direction], handle, arg)) { - case 1: break; - case 0: return 0; - default: return -1; - } - return 1; - } + /* Deal with an internal node */ + if (1 & (intptr_t) top) { + struct node *q = (void *) (top - 1); + for (direction = 0; direction < 2; ++direction) + switch(allprefixed_traverse(q->child[direction], handle, arg)) { + case 1: break; + case 0: return 0; + default: return -1; + } + return 1; + } - /* Deal with an external node */ - return handle((const char *)(top + sizeof(intptr_t)), (intptr_t *)top, arg); + /* Deal with an external node */ + return handle((const char *)(top + sizeof(intptr_t)), (intptr_t *)top, arg); } int cbtree_allprefixed(struct cbtree *t, const char *prefix, - int (*handle)(const char *, intptr_t *, void *), - void *arg) + int (*handle)(const char *, intptr_t *, void *), + void *arg) { - const uint8_t *ubytes = (void *) prefix; - const size_t ulen = strlen(prefix); - uint8_t *p = t->root; - uint8_t *top = p; - int i; - - if (!p) return 1; /* S = $\emptyset$ */ - - /* Walk tree, maintaining top pointer */ - while (1 & (intptr_t) p) { - struct node *q = (void *) (p - 1); - uint8_t c = 0; - if (q->byte < ulen) c = ubytes[q->byte]; - const int direction = (1 + (q->otherbits | c)) >> 8; - p = q->child[direction]; - if (q->byte < ulen) top = p; - } - - /* Check prefix */ - for (i = 0; i < ulen; ++i) { - if (p[i+sizeof(intptr_t)] != ubytes[i]) return 1; - } + const uint8_t *ubytes = (void *) prefix; + const size_t ulen = strlen(prefix); + uint8_t *p = t->root; + uint8_t *top = p; + int i; - return allprefixed_traverse(top, handle, arg); + if (!p) return 1; /* S = $\emptyset$ */ + + /* Walk tree, maintaining top pointer */ + while (1 & (intptr_t) p) { + struct node *q = (void *) (p - 1); + uint8_t c = 0; + if (q->byte < ulen) c = ubytes[q->byte]; + const int direction = (1 + (q->otherbits | c)) >> 8; + p = q->child[direction]; + if (q->byte < ulen) top = p; + } + + /* Check prefix */ + for (i = 0; i < ulen; ++i) { + if (p[i+sizeof(intptr_t)] != ubytes[i]) return 1; + } + + return allprefixed_traverse(top, handle, arg); } static const char *byte_to_binary(int x) { - static char b[9]; - int z; + static char b[9]; + int z; - b[0] = '\0'; - for (z = 128; z > 0; z >>= 1) - strcat(b, ((x & z) == z) ? "1" : "0"); + b[0] = '\0'; + for (z = 128; z > 0; z >>= 1) + strcat(b, ((x & z) == z) ? "1" : "0"); - return b; + return b; } static void traverse_dump(void *top, int level, int byte) { - uint8_t *p = top; - int i; + uint8_t *p = top; + int i; - for (i = 0; i < level; i++) printf(" "); - if (1 & (intptr_t) p) { - struct node *q = (void *) (p - 1); - printf("[byte(%d),otherbits(%s)]\n", q->byte, byte_to_binary(q->otherbits)); - traverse_dump(q->child[0], level + 1, q->byte); - traverse_dump(q->child[1], level + 1, q->byte); - } else { - const size_t ulen = strlen((char *)(p + sizeof(intptr_t))); - int c = byte < ulen ? p[sizeof(intptr_t) + byte] : 0; - printf("\"%s\" (%s)\n", p + sizeof(intptr_t), byte_to_binary(c)); - } + for (i = 0; i < level; i++) printf(" "); + if (1 & (intptr_t) p) { + struct node *q = (void *) (p - 1); + printf("[byte(%d),otherbits(%s)]\n", q->byte, byte_to_binary(q->otherbits)); + traverse_dump(q->child[0], level + 1, q->byte); + traverse_dump(q->child[1], level + 1, q->byte); + } else { + const size_t ulen = strlen((char *)(p + sizeof(intptr_t))); + int c = byte < ulen ? p[sizeof(intptr_t) + byte] : 0; + printf("\"%s\" (%s)\n", p + sizeof(intptr_t), byte_to_binary(c)); + } } void cbtree_dump(struct cbtree *t) { - if (t->root) - traverse_dump(t->root, 0, 0); - printf("\n"); + if (t->root) + traverse_dump(t->root, 0, 0); + printf("\n"); } char* cbtree_next(struct cbtree *t, const char *u, intptr_t *data) { - const uint8_t *ubytes = (void *) u; - const size_t ulen = strlen(u); - uint8_t *p = t->root; - uint8_t *branch = NULL; - - if (!p) return NULL; - - /* Walk tree, maintaining top pointer */ - while (1 & (intptr_t) p) { - struct node *q = (void *) (p - 1); - uint8_t c = 0; - if (q->byte < ulen) c = ubytes[q->byte]; - const int direction = (1 + (q->otherbits | c)) >> 8; - if (direction == 0) - branch = q->child[1]; - p = q->child[direction]; - } - - /* check whether what we found is what we are looking for already */ - if (strcmp((char *)(p + sizeof(intptr_t)), u) > 0) { - if (data) *data = *((intptr_t *)p); - return (char *)(p + sizeof(intptr_t)); - } - - if (!branch) return NULL; - - /* select the lowest value on the branch */ - p = branch; - while (1 & (intptr_t) p) { - struct node *q = (void *) (p - 1); - p = q->child[0]; - } - if (data) *data = *((intptr_t *)p); - return (char *)(p + sizeof(intptr_t)); + const uint8_t *ubytes = (void *) u; + const size_t ulen = strlen(u); + uint8_t *p = t->root; + uint8_t *branch = NULL; + + if (!p) return NULL; + + /* Walk tree, maintaining top pointer */ + while (1 & (intptr_t) p) { + struct node *q = (void *) (p - 1); + uint8_t c = 0; + if (q->byte < ulen) c = ubytes[q->byte]; + const int direction = (1 + (q->otherbits | c)) >> 8; + if (direction == 0) + branch = q->child[1]; + p = q->child[direction]; + } + + /* check whether what we found is what we are looking for already */ + if (strcmp((char *)(p + sizeof(intptr_t)), u) > 0) { + if (data) *data = *((intptr_t *)p); + return (char *)(p + sizeof(intptr_t)); + } + + if (!branch) return NULL; + + /* select the lowest value on the branch */ + p = branch; + while (1 & (intptr_t) p) { + struct node *q = (void *) (p - 1); + p = q->child[0]; + } + if (data) *data = *((intptr_t *)p); + return (char *)(p + sizeof(intptr_t)); } diff -pruN 0.8+git20160720-3.2/cbtree.h 0.8+git20170804-0ubuntu3/cbtree.h --- 0.8+git20160720-3.2/cbtree.h 2016-02-04 14:14:15.000000000 +0000 +++ 0.8+git20170804-0ubuntu3/cbtree.h 2017-08-04 14:27:44.000000000 +0000 @@ -47,8 +47,8 @@ intptr_t cbtree_delete(struct cbtree *t, void cbtree_clear(struct cbtree *t); int cbtree_allprefixed(struct cbtree *t, const char *prefix, - int (*handle)(const char *, intptr_t *, void *), - void *arg); + int (*handle)(const char *, intptr_t *, void *), + void *arg); void cbtree_dump(struct cbtree *t); diff -pruN 0.8+git20160720-3.2/cert.c 0.8+git20170804-0ubuntu3/cert.c --- 0.8+git20160720-3.2/cert.c 2016-02-04 14:14:15.000000000 +0000 +++ 0.8+git20170804-0ubuntu3/cert.c 2017-08-04 14:27:44.000000000 +0000 @@ -26,115 +26,115 @@ static int extract_certificate_type(char **s, char *what) { - int type; - char *str_type; + int type; + char *str_type; - if (isdigit(**s)) { - type = extract_integer(s, what, NULL); - if (type >= 1 && type <= 8) - return type; - if (type == 253 || type == 254) - return type; - if (type >= 65280 && type <= 65534) - return type; - if (type < 0 || type > 65535) { - bitch("bad certificate type %d", type); - return -1; - } - if (type == 0 || type == 255 || type == 65535) { - bitch("certificate type %d is reserved by IANA", type); - return -1; - } - bitch("certificate type %d is unassigned", type); - return -1; - } else { - str_type = extract_label(s, what, "temporary"); - if (!str_type) return -1; - if (strcmp(str_type, "pkix") == 0) - return 1; - if (strcmp(str_type, "spki") == 0) - return 2; - if (strcmp(str_type, "pgp") == 0) - return 3; - if (strcmp(str_type, "ipkix") == 0) - return 4; - if (strcmp(str_type, "ispki") == 0) - return 5; - if (strcmp(str_type, "ipgp") == 0) - return 6; - if (strcmp(str_type, "acpkix") == 0) - return 7; - if (strcmp(str_type, "iacpkix") == 0) - return 8; - if (strcmp(str_type, "uri") == 0) - return 253; - if (strcmp(str_type, "oid") == 0) - return 254; - bitch("bad certificate type %s", str_type); - return -1; - } + if (isdigit(**s)) { + type = extract_integer(s, what, NULL); + if (type >= 1 && type <= 8) + return type; + if (type == 253 || type == 254) + return type; + if (type >= 65280 && type <= 65534) + return type; + if (type < 0 || type > 65535) { + bitch("bad certificate type %d", type); + return -1; + } + if (type == 0 || type == 255 || type == 65535) { + bitch("certificate type %d is reserved by IANA", type); + return -1; + } + bitch("certificate type %d is unassigned", type); + return -1; + } else { + str_type = extract_label(s, what, "temporary"); + if (!str_type) return -1; + if (strcmp(str_type, "pkix") == 0) + return 1; + if (strcmp(str_type, "spki") == 0) + return 2; + if (strcmp(str_type, "pgp") == 0) + return 3; + if (strcmp(str_type, "ipkix") == 0) + return 4; + if (strcmp(str_type, "ispki") == 0) + return 5; + if (strcmp(str_type, "ipgp") == 0) + return 6; + if (strcmp(str_type, "acpkix") == 0) + return 7; + if (strcmp(str_type, "iacpkix") == 0) + return 8; + if (strcmp(str_type, "uri") == 0) + return 253; + if (strcmp(str_type, "oid") == 0) + return 254; + bitch("bad certificate type %s", str_type); + return -1; + } } static struct rr* cert_parse(char *name, long ttl, int type, char *s) { - struct rr_cert *rr = getmem(sizeof(*rr)); - int cert_type, key_tag, alg; + struct rr_cert *rr = getmem(sizeof(*rr)); + int cert_type, key_tag, alg; - cert_type = extract_certificate_type(&s, "certificate type"); - if (cert_type < 0) return NULL; - rr->type = cert_type; - - key_tag = extract_integer(&s, "key tag", NULL); - if (key_tag < 0) return NULL; - if (key_tag > 65535) - return bitch("bad key tag"); - rr->key_tag = key_tag; - - if (isdigit(*s)) { - alg = extract_integer(&s, "algorithm", NULL); - if (alg < 0) return NULL; - if (alg > 255) return bitch("bad algorithm"); - if (alg != 0) { /* 0 is just fine */ - if (algorithm_type(alg) == ALG_UNSUPPORTED) - return bitch("bad algorithm %d", alg); - } - } else { - alg = extract_algorithm(&s, "algorithm"); - if (alg == ALG_UNSUPPORTED) return NULL; - } - rr->algorithm = alg; - - if (alg == 0 && key_tag != 0) { - /* we might want to bitch here, but RFC says "SHOULD", so we don't */ - } - - rr->certificate = extract_base64_binary_data(&s, "certificate"); - if (rr->certificate.length < 0) return NULL; - /* TODO validate cert length based on algorithm */ - - if (*s) { - return bitch("garbage after valid CERT data"); - } - return store_record(type, name, ttl, rr); + cert_type = extract_certificate_type(&s, "certificate type"); + if (cert_type < 0) return NULL; + rr->type = cert_type; + + key_tag = extract_integer(&s, "key tag", NULL); + if (key_tag < 0) return NULL; + if (key_tag > 65535) + return bitch("bad key tag"); + rr->key_tag = key_tag; + + if (isdigit(*s)) { + alg = extract_integer(&s, "algorithm", NULL); + if (alg < 0) return NULL; + if (alg > 255) return bitch("bad algorithm"); + if (alg != 0) { /* 0 is just fine */ + if (algorithm_type(alg) == ALG_UNSUPPORTED) + return bitch("bad algorithm %d", alg); + } + } else { + alg = extract_algorithm(&s, "algorithm"); + if (alg == ALG_UNSUPPORTED) return NULL; + } + rr->algorithm = alg; + + if (alg == 0 && key_tag != 0) { + /* we might want to bitch here, but RFC says "SHOULD", so we don't */ + } + + rr->certificate = extract_base64_binary_data(&s, "certificate"); + if (rr->certificate.length < 0) return NULL; + /* TODO validate cert length based on algorithm */ + + if (*s) { + return bitch("garbage after valid CERT data"); + } + return store_record(type, name, ttl, rr); } static char* cert_human(struct rr *rrv) { - RRCAST(cert); + RRCAST(cert); char s[1024]; snprintf(s, 1024, "%d %d %d ...", - rr->type, rr->key_tag, rr->algorithm); + rr->type, rr->key_tag, rr->algorithm); return quickstrdup_temp(s); } static struct binary_data cert_wirerdata(struct rr *rrv) { - RRCAST(cert); + RRCAST(cert); - return compose_binary_data("221d", 1, - rr->type, rr->key_tag, rr->algorithm, - rr->certificate); + return compose_binary_data("221d", 1, + rr->type, rr->key_tag, rr->algorithm, + rr->certificate); } struct rr_methods cert_methods = { cert_parse, cert_human, cert_wirerdata, NULL, NULL }; diff -pruN 0.8+git20160720-3.2/cname.c 0.8+git20170804-0ubuntu3/cname.c --- 0.8+git20160720-3.2/cname.c 2016-02-04 14:14:15.000000000 +0000 +++ 0.8+git20170804-0ubuntu3/cname.c 2017-08-04 14:27:44.000000000 +0000 @@ -19,58 +19,58 @@ static struct rr *cname_parse(char *name, long ttl, int type, char *s) { - struct rr_cname *rr = getmem(sizeof(*rr)); + struct rr_cname *rr = getmem(sizeof(*rr)); - rr->cname = extract_name(&s, "cname", 0); - if (!rr->cname) - return NULL; - if (*s) { - return bitch("garbage after valid CNAME data"); - } + rr->cname = extract_name(&s, "cname", 0); + if (!rr->cname) + return NULL; + if (*s) { + return bitch("garbage after valid CNAME data"); + } - return store_record(type, name, ttl, rr); + return store_record(type, name, ttl, rr); } static char* cname_human(struct rr *rrv) { - RRCAST(cname); + RRCAST(cname); return rr->cname; } static struct binary_data cname_wirerdata(struct rr *rrv) { - RRCAST(cname); - return name2wire_name(rr->cname); + RRCAST(cname); + return name2wire_name(rr->cname); } static void* cname_validate_set(struct rr_set *rr_set) { - struct rr *rr; - struct rr_set *another_set; - struct named_rr *named_rr; - int count; - - if (G.opt.policy_checks[POLICY_CNAME_OTHER_DATA]) { - if (rr_set->count > 1) { - rr = rr_set->tail; - return moan(rr->file_name, rr->line, "CNAME and other data"); - } - named_rr = rr_set->named_rr; - count = get_rr_set_count(named_rr); - if (count > 1) { - another_set = find_rr_set_in_named_rr(named_rr, T_RRSIG); - if (another_set) - count -= another_set->count; - another_set = find_rr_set_in_named_rr(named_rr, T_NSEC); - if (another_set) - count -= another_set->count; - if (count > 1) { - rr = rr_set->tail; - return moan(rr->file_name, rr->line, "CNAME and other data"); - } - } - } - return NULL; + struct rr *rr; + struct rr_set *another_set; + struct named_rr *named_rr; + int count; + + if (G.opt.policy_checks[POLICY_CNAME_OTHER_DATA]) { + if (rr_set->count > 1) { + rr = rr_set->tail; + return moan(rr->file_name, rr->line, "CNAME and other data"); + } + named_rr = rr_set->named_rr; + count = get_rr_set_count(named_rr); + if (count > 1) { + another_set = find_rr_set_in_named_rr(named_rr, T_RRSIG); + if (another_set) + count -= another_set->count; + another_set = find_rr_set_in_named_rr(named_rr, T_NSEC); + if (another_set) + count -= another_set->count; + if (count > 1) { + rr = rr_set->tail; + return moan(rr->file_name, rr->line, "CNAME and other data"); + } + } + } + return NULL; } struct rr_methods cname_methods = { cname_parse, cname_human, cname_wirerdata, cname_validate_set, NULL }; diff -pruN 0.8+git20160720-3.2/common.h 0.8+git20170804-0ubuntu3/common.h --- 0.8+git20160720-3.2/common.h 2016-02-04 14:14:15.000000000 +0000 +++ 0.8+git20170804-0ubuntu3/common.h 2017-08-04 14:27:44.000000000 +0000 @@ -12,34 +12,34 @@ struct generate_template_piece; struct generate_template_piece { - char *constant_string; - struct generate_template_piece *next; + char *constant_string; + struct generate_template_piece *next; }; #define LINEBUFSZ 2048 struct file_info { - struct file_info *next; - FILE *file; - int line; - int paren_mode; - char buf[LINEBUFSZ]; - char *current_origin; - - int generate_cur; - int generate_lim; - char *generate_type; - struct generate_template_piece *generate_lhs; - struct generate_template_piece *generate_rhs; + struct file_info *next; + FILE *file; + int line; + int paren_mode; + char buf[LINEBUFSZ]; + char *current_origin; + + int generate_cur; + int generate_lim; + char *generate_type; + struct generate_template_piece *generate_lhs; + struct generate_template_piece *generate_rhs; - /* must be last struct member */ - char name[0]; + /* must be last struct member */ + char name[0]; }; extern struct file_info *file_info; -#define N_POLICY_CHECKS 10 +#define N_POLICY_CHECKS 11 #define POLICY_SINGLE_NS 0 #define POLICY_CNAME_OTHER_DATA 1 @@ -51,42 +51,43 @@ extern struct file_info *file_info; #define POLICY_DNSKEY 7 #define POLICY_TLSA_HOST 8 #define POLICY_KSK_EXISTS 9 +#define POLICY_SMIMEA_HOST 10 #define MAX_TIMES_TO_CHECK 32 struct globals { - struct stats { - int names_count; - int rr_count; - int rrset_count; - int error_count; - int skipped_dup_rr_count; - int soa_rr_count; - int signatures_verified; - int delegations; - int not_authoritative; - int nsec3_count; - } stats; - struct command_line_options - { - int die_on_first_error; - int no_output; - int summary; - int verbose; - char *include_path; - int include_path_specified; - char *first_origin; - int n_times_to_check; - uint32_t times_to_check[MAX_TIMES_TO_CHECK]; - char policy_checks[N_POLICY_CHECKS]; - int n_threads; - int soa_minttl_as_default_ttl; - } opt; - int exit_code; - long default_ttl; - int nsec3_present; - int nsec3_opt_out_present; - int dnssec_active; + struct stats { + int names_count; + int rr_count; + int rrset_count; + int error_count; + int skipped_dup_rr_count; + int soa_rr_count; + int signatures_verified; + int delegations; + int not_authoritative; + int nsec3_count; + } stats; + struct command_line_options + { + int die_on_first_error; + int no_output; + int summary; + int verbose; + char *include_path; + int include_path_specified; + char *first_origin; + int n_times_to_check; + uint32_t times_to_check[MAX_TIMES_TO_CHECK]; + char policy_checks[N_POLICY_CHECKS]; + int n_threads; + int soa_minttl_as_default_ttl; + } opt; + int exit_code; + long default_ttl; + int nsec3_present; + int nsec3_opt_out_present; + int dnssec_active; }; extern struct globals G; diff -pruN 0.8+git20160720-3.2/debian/changelog 0.8+git20170804-0ubuntu3/debian/changelog --- 0.8+git20160720-3.2/debian/changelog 2022-06-23 16:48:15.000000000 +0000 +++ 0.8+git20170804-0ubuntu3/debian/changelog 2022-02-02 23:34:33.000000000 +0000 @@ -1,18 +1,22 @@ -validns (0.8+git20160720-3.2) unstable; urgency=medium +validns (0.8+git20170804-0ubuntu3) jammy; urgency=medium - * Non-maintainer upload. - * Get it compiled against OpenSSL 3.0+ (Closes: #1006583). + * Update test for changed error output on failed rsa signature check + (LP: #1959855) - -- Sebastian Andrzej Siewior Thu, 23 Jun 2022 18:48:15 +0200 + -- Dan Bungert Wed, 02 Feb 2022 16:34:33 -0700 -validns (0.8+git20160720-3.1) unstable; urgency=medium +validns (0.8+git20170804-0ubuntu2) jammy; urgency=medium - * Non-maintainer upload. - * Avoid a warning regarding string truncation (Closes: #897882). - * Get it compiled against OpenSSL 1.1+ (Closes: #859784). - * Use priority optional instead of extra. + * No-change rebuild against openssl3 - -- Sebastian Andrzej Siewior Fri, 22 Feb 2019 23:52:58 +0100 + -- Simon Chopin Mon, 29 Nov 2021 15:57:39 +0100 + +validns (0.8+git20170804-0ubuntu1) disco; urgency=medium + + * New upstream release + * Cherrypick upstream pull request for openssl 1.1.x compat. + + -- Dimitri John Ledkov Tue, 05 Feb 2019 23:42:06 +0000 validns (0.8+git20160720-3) unstable; urgency=medium diff -pruN 0.8+git20160720-3.2/debian/control 0.8+git20170804-0ubuntu3/debian/control --- 0.8+git20160720-3.2/debian/control 2019-02-22 22:52:58.000000000 +0000 +++ 0.8+git20170804-0ubuntu3/debian/control 2019-02-05 23:42:06.000000000 +0000 @@ -1,7 +1,8 @@ Source: validns Section: net -Priority: optional -Maintainer: Casper Gielen +Priority: extra +Maintainer: Ubuntu Developers +XSBC-Original-Maintainer: Casper Gielen Uploaders: Joost van Baal-Ilić Build-Depends: debhelper (>= 9), libssl-dev, libjudy-dev, libtest-command-simple-perl, dpkg-dev (>= 1.16.1~) Standards-Version: 3.9.8 diff -pruN 0.8+git20160720-3.2/debian/patches/912013aae9e03cca4a08632c2f77b2392cc25638.patch 0.8+git20170804-0ubuntu3/debian/patches/912013aae9e03cca4a08632c2f77b2392cc25638.patch --- 0.8+git20160720-3.2/debian/patches/912013aae9e03cca4a08632c2f77b2392cc25638.patch 1970-01-01 00:00:00.000000000 +0000 +++ 0.8+git20170804-0ubuntu3/debian/patches/912013aae9e03cca4a08632c2f77b2392cc25638.patch 2019-02-05 23:42:06.000000000 +0000 @@ -0,0 +1,222 @@ +From 912013aae9e03cca4a08632c2f77b2392cc25638 Mon Sep 17 00:00:00 2001 +From: "Chris West (Faux)" +Date: Wed, 28 Jun 2017 12:54:10 +0000 +Subject: [PATCH] fix compilation on openssl 1.1 + +--- + dnskey.c | 6 ++++-- + nsec3checks.c | 23 ++++++++++++----------- + rrsig.c | 44 ++++++++++++++++++++++++-------------------- + 3 files changed, 40 insertions(+), 33 deletions(-) + +Index: validns-0.8+git20170804/dnskey.c +=================================================================== +--- validns-0.8+git20170804.orig/dnskey.c ++++ validns-0.8+git20170804/dnskey.c +@@ -157,6 +157,7 @@ int dnskey_build_pkey(struct rr_dnskey * + unsigned int e_bytes; + unsigned char *pk; + int l; ++ BIGNUM *n, *e; + + rsa = RSA_new(); + if (!rsa) +@@ -177,11 +178,12 @@ int dnskey_build_pkey(struct rr_dnskey * + if (l < e_bytes) /* public key is too short */ + goto done; + +- rsa->e = BN_bin2bn(pk, e_bytes, NULL); ++ e = BN_bin2bn(pk, e_bytes, NULL); + pk += e_bytes; + l -= e_bytes; + +- rsa->n = BN_bin2bn(pk, l, NULL); ++ n = BN_bin2bn(pk, l, NULL); ++ RSA_set0_key(rsa, n, e, NULL); + + pkey = EVP_PKEY_new(); + if (!pkey) +Index: validns-0.8+git20170804/nsec3checks.c +=================================================================== +--- validns-0.8+git20170804.orig/nsec3checks.c ++++ validns-0.8+git20170804/nsec3checks.c +@@ -28,7 +28,7 @@ + static struct binary_data name2hash(char *name, struct rr *param) + { + struct rr_nsec3param *p = (struct rr_nsec3param *)param; +- EVP_MD_CTX ctx; ++ EVP_MD_CTX *ctx; + unsigned char md0[EVP_MAX_MD_SIZE]; + unsigned char md1[EVP_MAX_MD_SIZE]; + unsigned char *md[2]; +@@ -45,22 +45,23 @@ static struct binary_data name2hash(char + + /* XXX Maybe use Init_ex and Final_ex for speed? */ + +- EVP_MD_CTX_init(&ctx); +- if (EVP_DigestInit(&ctx, EVP_sha1()) != 1) ++ ctx = EVP_MD_CTX_new(); ++ if (EVP_DigestInit(ctx, EVP_sha1()) != 1) + return r; +- digest_size = EVP_MD_CTX_size(&ctx); +- EVP_DigestUpdate(&ctx, wire_name.data, wire_name.length); +- EVP_DigestUpdate(&ctx, p->salt.data, p->salt.length); +- EVP_DigestFinal(&ctx, md[mdi], NULL); ++ digest_size = EVP_MD_CTX_size(ctx); ++ EVP_DigestUpdate(ctx, wire_name.data, wire_name.length); ++ EVP_DigestUpdate(ctx, p->salt.data, p->salt.length); ++ EVP_DigestFinal(ctx, md[mdi], NULL); + + for (i = 0; i < p->iterations; i++) { +- if (EVP_DigestInit(&ctx, EVP_sha1()) != 1) ++ if (EVP_DigestInit(ctx, EVP_sha1()) != 1) + return r; +- EVP_DigestUpdate(&ctx, md[mdi], digest_size); ++ EVP_DigestUpdate(ctx, md[mdi], digest_size); + mdi = (mdi + 1) % 2; +- EVP_DigestUpdate(&ctx, p->salt.data, p->salt.length); +- EVP_DigestFinal(&ctx, md[mdi], NULL); ++ EVP_DigestUpdate(ctx, p->salt.data, p->salt.length); ++ EVP_DigestFinal(ctx, md[mdi], NULL); + } ++ EVP_MD_CTX_free(ctx); + + r.length = digest_size; + r.data = getmem(digest_size); +Index: validns-0.8+git20170804/rrsig.c +=================================================================== +--- validns-0.8+git20170804.orig/rrsig.c ++++ validns-0.8+git20170804/rrsig.c +@@ -27,7 +27,7 @@ + struct verification_data + { + struct verification_data *next; +- EVP_MD_CTX ctx; ++ EVP_MD_CTX *ctx; + struct rr_dnskey *key; + struct rr_rrsig *rr; + int ok; +@@ -97,10 +97,13 @@ static struct rr* rrsig_parse(char *name + * representation (r || s) into OpenSSL ASN.1 DER format + */ + ECDSA_SIG *ecdsa_sig = ECDSA_SIG_new(); ++ BIGNUM *r, *s; + int l = sig.length / 2; +- if ((BN_bin2bn((unsigned char *)sig.data, l, ecdsa_sig->r) == NULL) || +- (BN_bin2bn(((unsigned char *)sig.data) + l, l, ecdsa_sig->s) == NULL)) ++ r = BN_bin2bn((unsigned char *)sig.data, l, NULL); ++ s = BN_bin2bn((unsigned char *)sig.data + l, l, NULL); ++ if ((r == NULL) || (s == NULL)) + return NULL; ++ ECDSA_SIG_set0(ecdsa_sig, r, s); + sig.length = i2d_ECDSA_SIG(ecdsa_sig, NULL); + sig.data = getmem(sig.length); /* reallocate larger mempool chunk */ + unsigned char *sig_ptr = (unsigned char *)sig.data; +@@ -197,7 +200,7 @@ void *verification_thread(void *dummy) + if (d) { + int r; + d->next = NULL; +- r = EVP_VerifyFinal(&d->ctx, (unsigned char *)d->rr->signature.data, d->rr->signature.length, d->key->pkey); ++ r = EVP_VerifyFinal(d->ctx, (unsigned char *)d->rr->signature.data, d->rr->signature.length, d->key->pkey); + if (r == 1) { + d->ok = 1; + } else { +@@ -249,7 +252,7 @@ static void schedule_verification(struct + } else { + int r; + G.stats.signatures_verified++; +- r = EVP_VerifyFinal(&d->ctx, (unsigned char *)d->rr->signature.data, d->rr->signature.length, d->key->pkey); ++ r = EVP_VerifyFinal(d->ctx, (unsigned char *)d->rr->signature.data, d->rr->signature.length, d->key->pkey); + if (r == 1) { + d->ok = 1; + } else { +@@ -267,29 +270,29 @@ static int verify_signature(struct verif + struct rr *signed_rr; + int i; + +- EVP_MD_CTX_init(&d->ctx); ++ d->ctx = EVP_MD_CTX_new(); + switch (d->rr->algorithm) { + case ALG_DSA: + case ALG_RSASHA1: + case ALG_DSA_NSEC3_SHA1: + case ALG_RSASHA1_NSEC3_SHA1: +- if (EVP_VerifyInit(&d->ctx, EVP_sha1()) != 1) ++ if (EVP_VerifyInit(d->ctx, EVP_sha1()) != 1) + return 0; + break; + case ALG_RSASHA256: +- if (EVP_VerifyInit(&d->ctx, EVP_sha256()) != 1) ++ if (EVP_VerifyInit(d->ctx, EVP_sha256()) != 1) + return 0; + break; + case ALG_RSASHA512: +- if (EVP_VerifyInit(&d->ctx, EVP_sha512()) != 1) ++ if (EVP_VerifyInit(d->ctx, EVP_sha512()) != 1) + return 0; + break; + case ALG_ECDSAP256SHA256: +- if (EVP_VerifyInit(&d->ctx, EVP_sha256()) != 1) ++ if (EVP_VerifyInit(d->ctx, EVP_sha256()) != 1) + return 0; + break; + case ALG_ECDSAP384SHA384: +- if (EVP_VerifyInit(&d->ctx, EVP_sha384()) != 1) ++ if (EVP_VerifyInit(d->ctx, EVP_sha384()) != 1) + return 0; + break; + default: +@@ -299,7 +302,7 @@ static int verify_signature(struct verif + chunk = rrsig_wirerdata_ex(&d->rr->rr, 0); + if (chunk.length < 0) + return 0; +- EVP_VerifyUpdate(&d->ctx, chunk.data, chunk.length); ++ EVP_VerifyUpdate(d->ctx, chunk.data, chunk.length); + + set = getmem_temp(sizeof(*set) * signed_set->count); + +@@ -319,12 +322,12 @@ static int verify_signature(struct verif + chunk = name2wire_name(signed_set->named_rr->name); + if (chunk.length < 0) + return 0; +- EVP_VerifyUpdate(&d->ctx, chunk.data, chunk.length); +- b2 = htons(set[i].rr->rdtype); EVP_VerifyUpdate(&d->ctx, &b2, 2); +- b2 = htons(1); /* class IN */ EVP_VerifyUpdate(&d->ctx, &b2, 2); +- b4 = htonl(set[i].rr->ttl); EVP_VerifyUpdate(&d->ctx, &b4, 4); +- b2 = htons(set[i].wired.length); EVP_VerifyUpdate(&d->ctx, &b2, 2); +- EVP_VerifyUpdate(&d->ctx, set[i].wired.data, set[i].wired.length); ++ EVP_VerifyUpdate(d->ctx, chunk.data, chunk.length); ++ b2 = htons(set[i].rr->rdtype); EVP_VerifyUpdate(d->ctx, &b2, 2); ++ b2 = htons(1); /* class IN */ EVP_VerifyUpdate(d->ctx, &b2, 2); ++ b4 = htonl(set[i].rr->ttl); EVP_VerifyUpdate(d->ctx, &b4, 4); ++ b2 = htons(set[i].wired.length); EVP_VerifyUpdate(d->ctx, &b2, 2); ++ EVP_VerifyUpdate(d->ctx, set[i].wired.data, set[i].wired.length); + } + + schedule_verification(d); +@@ -399,7 +402,7 @@ static void *rrsig_validate(struct rr *r + static pthread_mutex_t *lock_cs; + static long *lock_count; + +-static unsigned long pthreads_thread_id(void) ++unsigned long pthreads_thread_id(void) + { + unsigned long ret; + +@@ -407,7 +410,7 @@ static unsigned long pthreads_thread_id( + return(ret); + } + +-static void pthreads_locking_callback(int mode, int type, char *file, int line) ++void pthreads_locking_callback(int mode, int type, char *file, int line) + { + if (mode & CRYPTO_LOCK) { + pthread_mutex_lock(&(lock_cs[type])); +@@ -471,6 +474,7 @@ void verify_all_keys(void) + if (k->to_verify[i].openssl_error != 0) + e = k->to_verify[i].openssl_error; + } ++ EVP_MD_CTX_free(k->to_verify[i].ctx); + } + if (!ok) { + struct named_rr *named_rr; diff -pruN 0.8+git20160720-3.2/debian/patches/dnskey-Avoid-using-RSA_new-on-OpenSSL-3.0.patch 0.8+git20170804-0ubuntu3/debian/patches/dnskey-Avoid-using-RSA_new-on-OpenSSL-3.0.patch --- 0.8+git20160720-3.2/debian/patches/dnskey-Avoid-using-RSA_new-on-OpenSSL-3.0.patch 2022-06-23 16:48:15.000000000 +0000 +++ 0.8+git20170804-0ubuntu3/debian/patches/dnskey-Avoid-using-RSA_new-on-OpenSSL-3.0.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,193 +0,0 @@ -From: Sebastian Andrzej Siewior -Date: Thu, 23 Jun 2022 18:30:14 +0200 -Subject: [PATCH] dnskey: Avoid using RSA_new() on OpenSSL 3.0 - -Use BLD/ param and EVP_PKEY_fromdata() to build a RSA which avoids -RSA_new() function which is deprecated in OpenSSL 3.0. - -Signed-off-by: Sebastian Andrzej Siewior ---- - dnskey.c | 140 +++++++++++++++++++++++++++++++++++++++++++++---------- - 1 file changed, 116 insertions(+), 24 deletions(-) - -diff --git a/dnskey.c b/dnskey.c -index fda220c14d08..2b82b209deab 100644 ---- a/dnskey.c -+++ b/dnskey.c -@@ -13,6 +13,11 @@ - #include - #include - #include -+#if (OPENSSL_VERSION_NUMBER >= 0x30000000L) -+#include -+#include -+#include -+#endif - - #include "common.h" - #include "textparse.h" -@@ -141,6 +146,115 @@ static void *dnskey_validate(struct rr *rrv) - - struct rr_methods dnskey_methods = { dnskey_parse, dnskey_human, dnskey_wirerdata, NULL, dnskey_validate }; - -+static int dnskey_build_pkey_n_e(struct rr_dnskey *rr, BIGNUM **_n, BIGNUM **_e) -+{ -+ unsigned int e_bytes; -+ unsigned char *pk; -+ BIGNUM *n, *e; -+ int l; -+ -+ n = NULL; -+ e = NULL; -+ pk = (unsigned char *)rr->pubkey.data; -+ l = rr->pubkey.length; -+ -+ e_bytes = *pk++; -+ l--; -+ if (e_bytes == 0) { -+ if (l < 2) /* public key is too short */ -+ goto err; -+ e_bytes = (*pk++) << 8; -+ e_bytes += *pk++; -+ l -= 2; -+ } -+ if (l < e_bytes) /* public key is too short */ -+ goto err; -+ -+ e = BN_bin2bn(pk, e_bytes, NULL); -+ pk += e_bytes; -+ l -= e_bytes; -+ -+ n = BN_bin2bn(pk, l, NULL); -+ if (!e || !n) -+ goto err; -+ -+ *_n = n; -+ *_e = e; -+ return 0; -+err: -+ BN_clear_free(n); -+ BN_clear_free(e); -+ return -1; -+} -+ -+#if (OPENSSL_VERSION_NUMBER >= 0x30000000L) -+ -+int dnskey_build_pkey(struct rr_dnskey *rr) -+{ -+ BIGNUM *n = NULL, *e = NULL; -+ EVP_PKEY *pkey = NULL; -+ EVP_PKEY_CTX *key_ctx = NULL; -+ OSSL_PARAM_BLD *param_bld = NULL; -+ OSSL_PARAM *params = NULL; -+ -+ if (rr->pkey_built) -+ return rr->pkey ? 1 : 0; -+ -+ rr->pkey_built = 1; -+ -+ if (algorithm_type(rr->algorithm) == ALG_RSA_FAMILY) { -+ int ret; -+ -+ ret = dnskey_build_pkey_n_e(rr, &n, &e); -+ if (ret < 0) -+ goto err; -+ -+ param_bld = OSSL_PARAM_BLD_new(); -+ if (!param_bld) -+ goto err; -+ -+ if (!OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_RSA_N, n)) -+ goto err; -+ if (!OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_RSA_E, e)) -+ goto err; -+ -+ params = OSSL_PARAM_BLD_to_param(param_bld); -+ -+ key_ctx = EVP_PKEY_CTX_new_from_name(NULL, "RSA", NULL); -+ if (!key_ctx) -+ goto err; -+ -+ ret = EVP_PKEY_fromdata_init(key_ctx); -+ if (ret <= 0) -+ goto err; -+ -+ ret = EVP_PKEY_fromdata(key_ctx, &pkey, EVP_PKEY_KEYPAIR, params); -+ if (ret <= 0) { -+ goto err; -+ } -+ EVP_PKEY_CTX_free(key_ctx); -+ OSSL_PARAM_BLD_free(param_bld); -+ OSSL_PARAM_free(params); -+ BN_clear_free(n); -+ BN_clear_free(e); -+ rr->pkey = pkey; -+ } -+ if (!rr->pkey) -+ goto err; -+ return 1; -+ -+err: -+ EVP_PKEY_CTX_free(key_ctx); -+ OSSL_PARAM_BLD_free(param_bld); -+ OSSL_PARAM_free(params); -+ BN_clear_free(n); -+ BN_clear_free(e); -+ moan(rr->rr.file_name, rr->rr.line, "error building pkey"); -+ return 0; -+} -+ -+#else -+ - int dnskey_build_pkey(struct rr_dnskey *rr) - { - if (rr->pkey_built) -@@ -151,36 +265,13 @@ int dnskey_build_pkey(struct rr_dnskey *rr) - if (algorithm_type(rr->algorithm) == ALG_RSA_FAMILY) { - RSA *rsa; - EVP_PKEY *pkey; -- unsigned int e_bytes; -- unsigned char *pk; -- int l; - BIGNUM *n, *e; - - rsa = RSA_new(); - if (!rsa) - goto done; - -- pk = (unsigned char *)rr->pubkey.data; -- l = rr->pubkey.length; -- -- e_bytes = *pk++; -- l--; -- if (e_bytes == 0) { -- if (l < 2) /* public key is too short */ -- goto done; -- e_bytes = (*pk++) << 8; -- e_bytes += *pk++; -- l -= 2; -- } -- if (l < e_bytes) /* public key is too short */ -- goto done; -- -- e = BN_bin2bn(pk, e_bytes, NULL); -- pk += e_bytes; -- l -= e_bytes; -- -- n = BN_bin2bn(pk, l, NULL); -- if (!e || !n) -+ if (dnskey_build_pkey_n_e(rr, &n, &e) < 0) - goto done; - - RSA_set0_key(rsa, n, e, NULL); -@@ -200,6 +291,7 @@ int dnskey_build_pkey(struct rr_dnskey *rr) - } - return rr->pkey ? 1 : 0; - } -+#endif - - void - dnskey_ksk_policy_check(void) --- -2.36.1 - diff -pruN 0.8+git20160720-3.2/debian/patches/fix-compilation-on-openssl-1.1.patch 0.8+git20170804-0ubuntu3/debian/patches/fix-compilation-on-openssl-1.1.patch --- 0.8+git20160720-3.2/debian/patches/fix-compilation-on-openssl-1.1.patch 2019-02-22 22:50:11.000000000 +0000 +++ 0.8+git20170804-0ubuntu3/debian/patches/fix-compilation-on-openssl-1.1.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,248 +0,0 @@ -From: Author: "Chris West (Faux)" -Date: Fri, 22 Feb 2019 23:39:34 +0100 -Subject: [PATCH] fix compilation on openssl 1.1 - -BTS: https://bugs.debian.org/859784 -bigeasy: drop locking, check for OOM during allocation. -Signed-off-by: Sebastian Andrzej Siewior ---- - dnskey.c | 9 +++++-- - nsec3checks.c | 29 +++++++++++++--------- - rrsig.c | 69 ++++++++++++++------------------------------------- - 3 files changed, 42 insertions(+), 65 deletions(-) - -diff --git a/dnskey.c b/dnskey.c -index fecc62abfd21..fda220c14d08 100644 ---- a/dnskey.c -+++ b/dnskey.c -@@ -154,6 +154,7 @@ int dnskey_build_pkey(struct rr_dnskey *rr) - unsigned int e_bytes; - unsigned char *pk; - int l; -+ BIGNUM *n, *e; - - rsa = RSA_new(); - if (!rsa) -@@ -174,11 +175,15 @@ int dnskey_build_pkey(struct rr_dnskey *rr) - if (l < e_bytes) /* public key is too short */ - goto done; - -- rsa->e = BN_bin2bn(pk, e_bytes, NULL); -+ e = BN_bin2bn(pk, e_bytes, NULL); - pk += e_bytes; - l -= e_bytes; - -- rsa->n = BN_bin2bn(pk, l, NULL); -+ n = BN_bin2bn(pk, l, NULL); -+ if (!e || !n) -+ goto done; -+ -+ RSA_set0_key(rsa, n, e, NULL); - - pkey = EVP_PKEY_new(); - if (!pkey) -diff --git a/nsec3checks.c b/nsec3checks.c -index 69c655345bad..2abac9efa1bf 100644 ---- a/nsec3checks.c -+++ b/nsec3checks.c -@@ -28,7 +28,7 @@ - static struct binary_data name2hash(char *name, struct rr *param) - { - struct rr_nsec3param *p = (struct rr_nsec3param *)param; -- EVP_MD_CTX ctx; -+ EVP_MD_CTX *ctx; - unsigned char md0[EVP_MAX_MD_SIZE]; - unsigned char md1[EVP_MAX_MD_SIZE]; - unsigned char *md[2]; -@@ -45,26 +45,31 @@ static struct binary_data name2hash(char *name, struct rr *param) - - /* XXX Maybe use Init_ex and Final_ex for speed? */ - -- EVP_MD_CTX_init(&ctx); -- if (EVP_DigestInit(&ctx, EVP_sha1()) != 1) -+ ctx = EVP_MD_CTX_new(); -+ if (ctx == NULL) - return r; -- digest_size = EVP_MD_CTX_size(&ctx); -- EVP_DigestUpdate(&ctx, wire_name.data, wire_name.length); -- EVP_DigestUpdate(&ctx, p->salt.data, p->salt.length); -- EVP_DigestFinal(&ctx, md[mdi], NULL); -+ if (EVP_DigestInit(ctx, EVP_sha1()) != 1) -+ goto out; -+ digest_size = EVP_MD_CTX_size(ctx); -+ EVP_DigestUpdate(ctx, wire_name.data, wire_name.length); -+ EVP_DigestUpdate(ctx, p->salt.data, p->salt.length); -+ EVP_DigestFinal(ctx, md[mdi], NULL); - - for (i = 0; i < p->iterations; i++) { -- if (EVP_DigestInit(&ctx, EVP_sha1()) != 1) -- return r; -- EVP_DigestUpdate(&ctx, md[mdi], digest_size); -+ if (EVP_DigestInit(ctx, EVP_sha1()) != 1) -+ goto out; -+ -+ EVP_DigestUpdate(ctx, md[mdi], digest_size); - mdi = (mdi + 1) % 2; -- EVP_DigestUpdate(&ctx, p->salt.data, p->salt.length); -- EVP_DigestFinal(&ctx, md[mdi], NULL); -+ EVP_DigestUpdate(ctx, p->salt.data, p->salt.length); -+ EVP_DigestFinal(ctx, md[mdi], NULL); - } - - r.length = digest_size; - r.data = getmem(digest_size); - memcpy(r.data, md[mdi], digest_size); -+out: -+ EVP_MD_CTX_free(ctx); - return r; - } - -diff --git a/rrsig.c b/rrsig.c -index 81f24b4c49da..0a9e864285d0 100644 ---- a/rrsig.c -+++ b/rrsig.c -@@ -26,7 +26,7 @@ - struct verification_data - { - struct verification_data *next; -- EVP_MD_CTX ctx; -+ EVP_MD_CTX *ctx; - struct rr_dnskey *key; - struct rr_rrsig *rr; - int ok; -@@ -180,7 +180,7 @@ void *verification_thread(void *dummy) - if (d) { - int r; - d->next = NULL; -- r = EVP_VerifyFinal(&d->ctx, (unsigned char *)d->rr->signature.data, d->rr->signature.length, d->key->pkey); -+ r = EVP_VerifyFinal(d->ctx, (unsigned char *)d->rr->signature.data, d->rr->signature.length, d->key->pkey); - if (r == 1) { - d->ok = 1; - } else { -@@ -232,7 +232,7 @@ static void schedule_verification(struct verification_data *d) - } else { - int r; - G.stats.signatures_verified++; -- r = EVP_VerifyFinal(&d->ctx, (unsigned char *)d->rr->signature.data, d->rr->signature.length, d->key->pkey); -+ r = EVP_VerifyFinal(d->ctx, (unsigned char *)d->rr->signature.data, d->rr->signature.length, d->key->pkey); - if (r == 1) { - d->ok = 1; - } else { -@@ -250,21 +250,24 @@ static int verify_signature(struct verification_data *d, struct rr_set *signed_s - struct rr *signed_rr; - int i; - -- EVP_MD_CTX_init(&d->ctx); -+ d->ctx = EVP_MD_CTX_new(); -+ if (!d->ctx) -+ return 0; -+ - switch (d->rr->algorithm) { - case ALG_DSA: - case ALG_RSASHA1: - case ALG_DSA_NSEC3_SHA1: - case ALG_RSASHA1_NSEC3_SHA1: -- if (EVP_VerifyInit(&d->ctx, EVP_sha1()) != 1) -+ if (EVP_VerifyInit(d->ctx, EVP_sha1()) != 1) - return 0; - break; - case ALG_RSASHA256: -- if (EVP_VerifyInit(&d->ctx, EVP_sha256()) != 1) -+ if (EVP_VerifyInit(d->ctx, EVP_sha256()) != 1) - return 0; - break; - case ALG_RSASHA512: -- if (EVP_VerifyInit(&d->ctx, EVP_sha512()) != 1) -+ if (EVP_VerifyInit(d->ctx, EVP_sha512()) != 1) - return 0; - break; - default: -@@ -274,7 +277,7 @@ static int verify_signature(struct verification_data *d, struct rr_set *signed_s - chunk = rrsig_wirerdata_ex(&d->rr->rr, 0); - if (chunk.length < 0) - return 0; -- EVP_VerifyUpdate(&d->ctx, chunk.data, chunk.length); -+ EVP_VerifyUpdate(d->ctx, chunk.data, chunk.length); - - set = getmem_temp(sizeof(*set) * signed_set->count); - -@@ -294,12 +297,12 @@ static int verify_signature(struct verification_data *d, struct rr_set *signed_s - chunk = name2wire_name(signed_set->named_rr->name); - if (chunk.length < 0) - return 0; -- EVP_VerifyUpdate(&d->ctx, chunk.data, chunk.length); -- b2 = htons(set[i].rr->rdtype); EVP_VerifyUpdate(&d->ctx, &b2, 2); -- b2 = htons(1); /* class IN */ EVP_VerifyUpdate(&d->ctx, &b2, 2); -- b4 = htonl(set[i].rr->ttl); EVP_VerifyUpdate(&d->ctx, &b4, 4); -- b2 = htons(set[i].wired.length); EVP_VerifyUpdate(&d->ctx, &b2, 2); -- EVP_VerifyUpdate(&d->ctx, set[i].wired.data, set[i].wired.length); -+ EVP_VerifyUpdate(d->ctx, chunk.data, chunk.length); -+ b2 = htons(set[i].rr->rdtype); EVP_VerifyUpdate(d->ctx, &b2, 2); -+ b2 = htons(1); /* class IN */ EVP_VerifyUpdate(d->ctx, &b2, 2); -+ b4 = htonl(set[i].rr->ttl); EVP_VerifyUpdate(d->ctx, &b4, 4); -+ b2 = htons(set[i].wired.length); EVP_VerifyUpdate(d->ctx, &b2, 2); -+ EVP_VerifyUpdate(d->ctx, set[i].wired.data, set[i].wired.length); - } - - schedule_verification(d); -@@ -371,49 +374,12 @@ static void *rrsig_validate(struct rr *rrv) - return rr; - } - --static pthread_mutex_t *lock_cs; --static long *lock_count; -- --static unsigned long pthreads_thread_id(void) --{ -- unsigned long ret; -- -- ret=(unsigned long)pthread_self(); -- return(ret); --} -- --static void pthreads_locking_callback(int mode, int type, char *file, int line) --{ -- if (mode & CRYPTO_LOCK) { -- pthread_mutex_lock(&(lock_cs[type])); -- lock_count[type]++; -- } else { -- pthread_mutex_unlock(&(lock_cs[type])); -- } --} -- - void verify_all_keys(void) - { - struct keys_to_verify *k = all_keys_to_verify; - int i; - struct timespec sleep_time; - -- ERR_load_crypto_strings(); -- if (G.opt.n_threads > 1) { -- lock_cs = OPENSSL_malloc(CRYPTO_num_locks() * sizeof(pthread_mutex_t)); -- lock_count = OPENSSL_malloc(CRYPTO_num_locks() * sizeof(long)); -- for (i = 0; i < CRYPTO_num_locks(); i++) { -- lock_count[i] = 0; -- pthread_mutex_init(&lock_cs[i],NULL); -- } -- -- CRYPTO_set_id_callback((unsigned long (*)())pthreads_thread_id); -- CRYPTO_set_locking_callback((void (*)())pthreads_locking_callback); -- -- if (pthread_mutex_init(&queue_lock, NULL) != 0) -- croak(1, "pthread_mutex_init"); -- } -- - while (k) { - freeall_temp(); - for (i = 0; i < k->n_keys; i++) { -@@ -446,6 +412,7 @@ void verify_all_keys(void) - if (k->to_verify[i].openssl_error != 0) - e = k->to_verify[i].openssl_error; - } -+ EVP_MD_CTX_free(k->to_verify[i].ctx); - } - if (!ok) { - struct named_rr *named_rr; --- -2.20.1 - diff -pruN 0.8+git20160720-3.2/debian/patches/fix-dont-overwrite-cflags.patch 0.8+git20170804-0ubuntu3/debian/patches/fix-dont-overwrite-cflags.patch --- 0.8+git20160720-3.2/debian/patches/fix-dont-overwrite-cflags.patch 2016-12-14 15:01:55.000000000 +0000 +++ 0.8+git20170804-0ubuntu3/debian/patches/fix-dont-overwrite-cflags.patch 2019-02-05 23:42:06.000000000 +0000 @@ -1,8 +1,10 @@ Don't override CFLAGS and CPPFLAGS from the environment (needed for http://wiki.debian.org/Hardening). Also respect LDFLAGS. ---- a/Makefile -+++ b/Makefile +Index: validns-0.8+git20170804/Makefile +=================================================================== +--- validns-0.8+git20170804.orig/Makefile ++++ validns-0.8+git20170804/Makefile @@ -1,7 +1,7 @@ # The following options seem to work fine on Linux, FreeBSD, and Darwin -OPTIMIZE=-O2 -g @@ -14,16 +16,16 @@ Also respect LDFLAGS. CC?=cc # These additional options work on Solaris/gcc to which I have an access -@@ -28,7 +28,7 @@ +@@ -28,7 +28,7 @@ validns: main.o carp.o mempool.o textpar ipseckey.o cbtree.o mb.o mg.o mr.o minfo.o \ afsdb.o x25.o isdn.o rt.o px.o kx.o \ - dlv.o dhcid.o nsap.o + dlv.o dhcid.o nsap.o caa.o - $(CC) $(CFLAGS) $(OPTIMIZE) -o validns \ + $(CC) $(LDFLAGS) $(CPPFLAGS) $(CFLAGS) $(OPTIMIZE) -o validns \ main.o carp.o mempool.o textparse.o base64.o base32hex.o \ rr.o soa.o a.o cname.o mx.o ns.o \ rrsig.o nsec.o dnskey.o txt.o aaaa.o \ -@@ -58,160 +58,160 @@ +@@ -59,163 +59,163 @@ clean: @echo ':-)' main.o: main.c common.h carp.h mempool.h textparse.h rr.h @@ -186,6 +188,10 @@ Also respect LDFLAGS. - $(CC) $(CFLAGS) $(OPTIMIZE) -c -o sshfp.o sshfp.c $(INCPATH) + $(CC) $(CPPFLAGS) $(CFLAGS) $(OPTIMIZE) -c -o sshfp.o sshfp.c $(INCPATH) + caa.o: caa.c common.h textparse.h mempool.h carp.h rr.h +- $(CC) $(CFLAGS) $(OPTIMIZE) -c -o caa.o caa.c $(INCPATH) ++ $(CC) $(CPPFLAGS) $(CFLAGS) $(OPTIMIZE) -c -o caa.o caa.c $(INCPATH) + rp.o: rp.c common.h textparse.h mempool.h carp.h rr.h - $(CC) $(CFLAGS) $(OPTIMIZE) -c -o rp.o rp.c $(INCPATH) + $(CC) $(CPPFLAGS) $(CFLAGS) $(OPTIMIZE) -c -o rp.o rp.c $(INCPATH) @@ -236,7 +242,7 @@ Also respect LDFLAGS. test: validns perl -MTest::Harness -e 'runtests("t/test.pl")' -@@ -220,9 +220,9 @@ +@@ -224,9 +224,9 @@ test-details: validns perl t/test.pl test64: diff -pruN 0.8+git20160720-3.2/debian/patches/fix-makefile-clean.patch 0.8+git20170804-0ubuntu3/debian/patches/fix-makefile-clean.patch --- 0.8+git20160720-3.2/debian/patches/fix-makefile-clean.patch 2016-12-14 15:01:55.000000000 +0000 +++ 0.8+git20170804-0ubuntu3/debian/patches/fix-makefile-clean.patch 2019-02-05 23:42:06.000000000 +0000 @@ -1,8 +1,10 @@ ---- a/Makefile -+++ b/Makefile -@@ -55,6 +55,7 @@ +Index: validns-0.8+git20170804/Makefile +=================================================================== +--- validns-0.8+git20170804.orig/Makefile ++++ validns-0.8+git20170804/Makefile +@@ -55,6 +55,7 @@ clean: -rm -f afsdb.o x25.o isdn.o rt.o px.o kx.o - -rm -f dlv.o dhcid.o nsap.o + -rm -f dlv.o dhcid.o nsap.o caa.o -rm -f validns.core core + -rm -f base32hex-test base64-test @echo ':-)' diff -pruN 0.8+git20160720-3.2/debian/patches/ipseckey-address-possible-string-truncation-warning.patch 0.8+git20170804-0ubuntu3/debian/patches/ipseckey-address-possible-string-truncation-warning.patch --- 0.8+git20160720-3.2/debian/patches/ipseckey-address-possible-string-truncation-warning.patch 2019-02-22 22:52:07.000000000 +0000 +++ 0.8+git20170804-0ubuntu3/debian/patches/ipseckey-address-possible-string-truncation-warning.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,44 +0,0 @@ -From: Sebastian Andrzej Siewior -Date: Fri, 22 Feb 2019 23:36:17 +0100 -Subject: [PATCH] ipseckey: address possible string truncation warning - -gcc-8 creates this: -|ipseckey.c: In function 'ipseckey_human': -|ipseckey.c:114:35: error: '%s' directive output may be truncated writing up to 1023 bytes into a region of size between 1010 and 1016 [-Werror=format-truncation=] - -Avoid the warning by limiting the length of the string. - -BTS: https://bugs.debian.org/897882 -Signed-off-by: Sebastian Andrzej Siewior ---- - ipseckey.c | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/ipseckey.c b/ipseckey.c -index c5bdf947fad2..0b7946a15432 100644 ---- a/ipseckey.c -+++ b/ipseckey.c -@@ -93,17 +93,17 @@ static struct rr *ipseckey_parse(char *name, long ttl, int type, char *s) - static char* ipseckey_human(struct rr *rrv) - { - RRCAST(ipseckey); -- char s[1024], gw[1024]; -+ char s[1024], gw[1000]; - - switch (rr->gateway_type) { - case 0: - strcpy(gw, rr->gateway.gateway_none); - break; - case 1: -- inet_ntop(AF_INET, &rr->gateway.gateway_ipv4, gw, 1024); -+ inet_ntop(AF_INET, &rr->gateway.gateway_ipv4, gw, sizeof(gw)); - break; - case 2: -- inet_ntop(AF_INET6, &rr->gateway.gateway_ipv6, gw, 1024); -+ inet_ntop(AF_INET6, &rr->gateway.gateway_ipv6, gw, sizeof(gw)); - break; - case 3: - strcpy(gw, rr->gateway.gateway_name); --- -2.20.1 - diff -pruN 0.8+git20160720-3.2/debian/patches/no-werror.patch 0.8+git20170804-0ubuntu3/debian/patches/no-werror.patch --- 0.8+git20160720-3.2/debian/patches/no-werror.patch 1970-01-01 00:00:00.000000000 +0000 +++ 0.8+git20170804-0ubuntu3/debian/patches/no-werror.patch 2019-02-05 23:42:06.000000000 +0000 @@ -0,0 +1,12 @@ +Description: disable Werror + +--- validns-0.8+git20170804.orig/Makefile ++++ validns-0.8+git20170804/Makefile +@@ -1,6 +1,6 @@ + # The following options seem to work fine on Linux, FreeBSD, and Darwin + OPTIMIZE+=-O2 -g +-CFLAGS+=-Wall -Werror -pthread -fno-strict-aliasing ++CFLAGS+=-Wall -pthread -fno-strict-aliasing + INCPATH+=-I/usr/local/include -I/opt/local/include -I/usr/local/ssl/include + CC?=cc + diff -pruN 0.8+git20160720-3.2/debian/patches/openssl3.patch 0.8+git20170804-0ubuntu3/debian/patches/openssl3.patch --- 0.8+git20160720-3.2/debian/patches/openssl3.patch 1970-01-01 00:00:00.000000000 +0000 +++ 0.8+git20170804-0ubuntu3/debian/patches/openssl3.patch 2022-02-02 23:34:33.000000000 +0000 @@ -0,0 +1,18 @@ +Description: Adjust error string matcher for openssl3 +Author: Daniel Bungert +Bug-Ubuntu: https://launchpad.net/bugs/1959855 +Forwarded: https://github.com/tobez/validns/pull/77 +Last-Update: 2022-02-02 +--- a/t/test.pl ++++ b/t/test.pl +@@ -167,8 +167,8 @@ + like(shift @e, qr/NSEC says ns2.example.sec. comes after ns1.example.sec., but ns122.example.sec. does/, "NSEC chain error"); + like(shift @e, qr/NSEC says www.example.sec. is the last name, but zzz.example.sec. exists/, "NSEC chain not the last"); + like(shift @e, qr/NSEC says zzzz.example.sec. comes after zzz.example.sec., but nothing does/, "NSEC chain unexpected last"); +-like(shift @e, qr/RRSIG\(NSEC\): bad signature/, "NSEC incomplete fallout") for 1..4; +-like(shift @e, qr/RRSIG\(NSEC\): bad signature/, "NSEC lists too much fallout") for 1..4; ++like(shift @e, qr/RRSIG\(NSEC\): (bad signature|RSA lib)/, "NSEC incomplete fallout") for 1..4; ++like(shift @e, qr/RRSIG\(NSEC\): (bad signature|RSA lib)/, "NSEC lists too much fallout") for 1..4; + + is(+@e, 0, "no unaccounted errors"); + diff -pruN 0.8+git20160720-3.2/debian/patches/series 0.8+git20170804-0ubuntu3/debian/patches/series --- 0.8+git20160720-3.2/debian/patches/series 2022-06-23 16:48:15.000000000 +0000 +++ 0.8+git20170804-0ubuntu3/debian/patches/series 2022-02-02 23:34:33.000000000 +0000 @@ -1,7 +1,6 @@ fix-makefile-clean.patch fix-dont-overwrite-cflags.patch ignoreQuilt.patch -ipseckey-address-possible-string-truncation-warning.patch -fix-compilation-on-openssl-1.1.patch -test-accept-openssl-3-error-messages.patch -dnskey-Avoid-using-RSA_new-on-OpenSSL-3.0.patch +912013aae9e03cca4a08632c2f77b2392cc25638.patch +no-werror.patch +openssl3.patch diff -pruN 0.8+git20160720-3.2/debian/patches/test-accept-openssl-3-error-messages.patch 0.8+git20170804-0ubuntu3/debian/patches/test-accept-openssl-3-error-messages.patch --- 0.8+git20160720-3.2/debian/patches/test-accept-openssl-3-error-messages.patch 2022-06-23 16:48:15.000000000 +0000 +++ 0.8+git20170804-0ubuntu3/debian/patches/test-accept-openssl-3-error-messages.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,28 +0,0 @@ -From: Dan Bungert -Date: Wed, 2 Feb 2022 16:14:22 -0700 -Subject: [PATCH] test: accept openssl 3 error messages - -The 'bad signature' error messages appear to have changed. Adjust test -to accept both old anew new style openssl error strings. ---- - t/test.pl | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/t/test.pl b/t/test.pl -index f54781d635dd2..4bb1b73429bbd 100644 ---- a/t/test.pl -+++ b/t/test.pl -@@ -144,8 +144,8 @@ like(shift @e, qr/NSEC says ns1.example.sec. comes after mail.example.sec., but - like(shift @e, qr/NSEC says ns2.example.sec. comes after ns1.example.sec., but ns122.example.sec. does/, "NSEC chain error"); - like(shift @e, qr/NSEC says www.example.sec. is the last name, but zzz.example.sec. exists/, "NSEC chain not the last"); - like(shift @e, qr/NSEC says zzzz.example.sec. comes after zzz.example.sec., but nothing does/, "NSEC chain unexpected last"); --like(shift @e, qr/RRSIG\(NSEC\): bad signature/, "NSEC incomplete fallout") for 1..4; --like(shift @e, qr/RRSIG\(NSEC\): bad signature/, "NSEC lists too much fallout") for 1..4; -+like(shift @e, qr/RRSIG\(NSEC\): (bad signature|RSA lib)/, "NSEC incomplete fallout") for 1..4; -+like(shift @e, qr/RRSIG\(NSEC\): (bad signature|RSA lib)/, "NSEC lists too much fallout") for 1..4; - - is(+@e, 0, "no unaccounted errors"); - --- -2.36.1 - diff -pruN 0.8+git20160720-3.2/dhcid.c 0.8+git20170804-0ubuntu3/dhcid.c --- 0.8+git20160720-3.2/dhcid.c 2016-02-04 14:14:15.000000000 +0000 +++ 0.8+git20170804-0ubuntu3/dhcid.c 2017-08-04 14:27:44.000000000 +0000 @@ -21,35 +21,35 @@ static struct rr* dhcid_parse(char *name, long ttl, int type, char *s) { - struct rr_dhcid *rr = getmem(sizeof(*rr)); - struct binary_data data; + struct rr_dhcid *rr = getmem(sizeof(*rr)); + struct binary_data data; - data = extract_base64_binary_data(&s, "rdata"); - if (data.length < 0) return NULL; + data = extract_base64_binary_data(&s, "rdata"); + if (data.length < 0) return NULL; - if (data.length < 3) - return bitch("rdata too short"); + if (data.length < 3) + return bitch("rdata too short"); - rr->id_type = data.data[0]*256 + data.data[1]; - if (rr->id_type > 2) - return bitch("unsupported identifier type %s", rr->id_type); - - rr->digest_type = data.data[2]; - if (rr->digest_type != 1) - return bitch("unsupported digest type %s", rr->digest_type); - - if (data.length != 35) - return bitch("wrong digest length, must be 32 for SHA-256"); - - /* let's cheat a bit */ - data.length -= 3; - data.data += 3; - rr->digest = data; - - if (*s) { - return bitch("garbage after valid DHCID data"); - } - return store_record(type, name, ttl, rr); + rr->id_type = data.data[0]*256 + data.data[1]; + if (rr->id_type > 2) + return bitch("unsupported identifier type %s", rr->id_type); + + rr->digest_type = data.data[2]; + if (rr->digest_type != 1) + return bitch("unsupported digest type %s", rr->digest_type); + + if (data.length != 35) + return bitch("wrong digest length, must be 32 for SHA-256"); + + /* let's cheat a bit */ + data.length -= 3; + data.data += 3; + rr->digest = data; + + if (*s) { + return bitch("garbage after valid DHCID data"); + } + return store_record(type, name, ttl, rr); } static char* dhcid_human(struct rr *rrv) @@ -59,10 +59,10 @@ static char* dhcid_human(struct rr *rrv) static struct binary_data dhcid_wirerdata(struct rr *rrv) { - RRCAST(dhcid); + RRCAST(dhcid); - return compose_binary_data("21d", 1, - rr->id_type, rr->digest_type, rr->digest); + return compose_binary_data("21d", 1, + rr->id_type, rr->digest_type, rr->digest); } struct rr_methods dhcid_methods = { dhcid_parse, dhcid_human, dhcid_wirerdata, NULL, NULL }; diff -pruN 0.8+git20160720-3.2/dlv.c 0.8+git20170804-0ubuntu3/dlv.c --- 0.8+git20160720-3.2/dlv.c 2016-02-04 14:14:15.000000000 +0000 +++ 0.8+git20170804-0ubuntu3/dlv.c 2017-08-04 14:27:44.000000000 +0000 @@ -19,80 +19,80 @@ static struct rr* dlv_parse(char *name, long ttl, int type, char *s) { - struct rr_dlv *rr = getmem(sizeof(*rr)); - int key_tag, algorithm, digest_type; + struct rr_dlv *rr = getmem(sizeof(*rr)); + int key_tag, algorithm, digest_type; - key_tag = extract_integer(&s, "key tag", NULL); - if (key_tag < 0) return NULL; - rr->key_tag = key_tag; - - algorithm = extract_algorithm(&s, "algorithm"); - if (algorithm == ALG_UNSUPPORTED) return NULL; - rr->algorithm = algorithm; - - digest_type = extract_integer(&s, "digest type", NULL); - if (digest_type < 0) return NULL; - rr->digest_type = digest_type; - - rr->digest = extract_hex_binary_data(&s, "digest", EXTRACT_EAT_WHITESPACE); - if (rr->digest.length < 0) return NULL; - - switch (digest_type) { - case 1: - if (rr->digest.length != SHA1_BYTES) { - return bitch("wrong SHA-1 digest length: %d bytes found, %d bytes expected", rr->digest.length, SHA1_BYTES); - } - break; - case 2: - if (rr->digest.length != SHA256_BYTES) { - return bitch("wrong SHA-256 digest length: %d bytes found, %d bytes expected", rr->digest.length, SHA256_BYTES); - } - break; - case 3: - if (rr->digest.length != GOST_BYTES) { - return bitch("wrong GOST R 34.11-94 digest length: %d bytes found, %d bytes expected", rr->digest.length, GOST_BYTES); - } - break; - case 4: - if (rr->digest.length != SHA384_BYTES) { - return bitch("wrong SHA-384 digest length: %d bytes found, %d bytes expected", rr->digest.length, SHA384_BYTES); - } - break; - default: - return bitch("bad or unsupported digest type %d", digest_type); - } - - if (*s) { - return bitch("garbage after valid DLV data"); - } - G.dnssec_active = 1; - return store_record(type, name, ttl, rr); + key_tag = extract_integer(&s, "key tag", NULL); + if (key_tag < 0) return NULL; + rr->key_tag = key_tag; + + algorithm = extract_algorithm(&s, "algorithm"); + if (algorithm == ALG_UNSUPPORTED) return NULL; + rr->algorithm = algorithm; + + digest_type = extract_integer(&s, "digest type", NULL); + if (digest_type < 0) return NULL; + rr->digest_type = digest_type; + + rr->digest = extract_hex_binary_data(&s, "digest", EXTRACT_EAT_WHITESPACE); + if (rr->digest.length < 0) return NULL; + + switch (digest_type) { + case 1: + if (rr->digest.length != SHA1_BYTES) { + return bitch("wrong SHA-1 digest length: %d bytes found, %d bytes expected", rr->digest.length, SHA1_BYTES); + } + break; + case 2: + if (rr->digest.length != SHA256_BYTES) { + return bitch("wrong SHA-256 digest length: %d bytes found, %d bytes expected", rr->digest.length, SHA256_BYTES); + } + break; + case 3: + if (rr->digest.length != GOST_BYTES) { + return bitch("wrong GOST R 34.11-94 digest length: %d bytes found, %d bytes expected", rr->digest.length, GOST_BYTES); + } + break; + case 4: + if (rr->digest.length != SHA384_BYTES) { + return bitch("wrong SHA-384 digest length: %d bytes found, %d bytes expected", rr->digest.length, SHA384_BYTES); + } + break; + default: + return bitch("bad or unsupported digest type %d", digest_type); + } + + if (*s) { + return bitch("garbage after valid DLV data"); + } + G.dnssec_active = 1; + return store_record(type, name, ttl, rr); } static char* dlv_human(struct rr *rrv) { - RRCAST(dlv); + RRCAST(dlv); char ss[4096]; - char *s = ss; - int l; - int i; + char *s = ss; + int l; + int i; l = snprintf(s, 4096, "%u %u %u ", rr->key_tag, rr->algorithm, rr->digest_type); - s += l; - for (i = 0; i < rr->digest.length; i++) { - l = snprintf(s, 4096-(s-ss), "%02X", (unsigned char)rr->digest.data[i]); - s += l; - } + s += l; + for (i = 0; i < rr->digest.length; i++) { + l = snprintf(s, 4096-(s-ss), "%02X", (unsigned char)rr->digest.data[i]); + s += l; + } return quickstrdup_temp(ss); } static struct binary_data dlv_wirerdata(struct rr *rrv) { - RRCAST(dlv); + RRCAST(dlv); - return compose_binary_data("211d", 1, - rr->key_tag, rr->algorithm, rr->digest_type, - rr->digest); + return compose_binary_data("211d", 1, + rr->key_tag, rr->algorithm, rr->digest_type, + rr->digest); } struct rr_methods dlv_methods = { dlv_parse, dlv_human, dlv_wirerdata, NULL, NULL }; diff -pruN 0.8+git20160720-3.2/dname.c 0.8+git20170804-0ubuntu3/dname.c --- 0.8+git20160720-3.2/dname.c 2016-02-04 14:14:15.000000000 +0000 +++ 0.8+git20170804-0ubuntu3/dname.c 2017-08-04 14:27:44.000000000 +0000 @@ -21,66 +21,66 @@ static struct rr *dname_parse(char *name, long ttl, int type, char *s) { - struct rr_dname *rr = getmem(sizeof(*rr)); + struct rr_dname *rr = getmem(sizeof(*rr)); - rr->target = extract_name(&s, "dname target", 0); - if (!rr->target) - return NULL; - if (*s) { - return bitch("garbage after valid DNAME data"); - } + rr->target = extract_name(&s, "dname target", 0); + if (!rr->target) + return NULL; + if (*s) { + return bitch("garbage after valid DNAME data"); + } - return store_record(type, name, ttl, rr); + return store_record(type, name, ttl, rr); } static char* dname_human(struct rr *rrv) { - RRCAST(dname); + RRCAST(dname); return rr->target; } static struct binary_data dname_wirerdata(struct rr *rrv) { - RRCAST(dname); - return name2wire_name(rr->target); + RRCAST(dname); + return name2wire_name(rr->target); } static void* dname_validate_set(struct rr_set *rr_set) { - struct rr *rr; - struct rr_set *suspect; - int count; - struct named_rr *named_rr, *next_named_rr; - - if (G.opt.policy_checks[POLICY_DNAME]) { - named_rr = rr_set->named_rr; - rr = rr_set->tail; - if (rr_set->count > 1) - return moan(rr->file_name, rr->line, "multiple DNAMEs"); - /* This check is already handled by "CNAME and other data" in cname.c * - another_set = find_rr_set_in_named_rr(named_rr, T_CNAME); - if (another_set) - return moan(rr->file_name, rr->line, "DNAME cannot co-exist with a CNAME"); - */ - next_named_rr = find_next_named_rr(named_rr); - /* handle http://tools.ietf.org/html/rfc5155#section-10.2 case */ - if (next_named_rr && next_named_rr->parent == named_rr && (named_rr->flags & NAME_FLAG_APEX)) { - count = get_rr_set_count(next_named_rr); - if (count > 0) { - suspect = find_rr_set_in_named_rr(next_named_rr, T_RRSIG); - if (suspect) count--; - suspect = find_rr_set_in_named_rr(next_named_rr, T_NSEC3); - if (suspect) count--; - if (count == 0) - next_named_rr = find_next_named_rr(next_named_rr); - } - } - if (next_named_rr && next_named_rr->parent == named_rr) - return moan(rr->file_name, rr->line, - "DNAME must not have any children (but %s exists)", - next_named_rr->name); - } - return NULL; + struct rr *rr; + struct rr_set *suspect; + int count; + struct named_rr *named_rr, *next_named_rr; + + if (G.opt.policy_checks[POLICY_DNAME]) { + named_rr = rr_set->named_rr; + rr = rr_set->tail; + if (rr_set->count > 1) + return moan(rr->file_name, rr->line, "multiple DNAMEs"); + /* This check is already handled by "CNAME and other data" in cname.c * + another_set = find_rr_set_in_named_rr(named_rr, T_CNAME); + if (another_set) + return moan(rr->file_name, rr->line, "DNAME cannot co-exist with a CNAME"); + */ + next_named_rr = find_next_named_rr(named_rr); + /* handle http://tools.ietf.org/html/rfc5155#section-10.2 case */ + if (next_named_rr && next_named_rr->parent == named_rr && (named_rr->flags & NAME_FLAG_APEX)) { + count = get_rr_set_count(next_named_rr); + if (count > 0) { + suspect = find_rr_set_in_named_rr(next_named_rr, T_RRSIG); + if (suspect) count--; + suspect = find_rr_set_in_named_rr(next_named_rr, T_NSEC3); + if (suspect) count--; + if (count == 0) + next_named_rr = find_next_named_rr(next_named_rr); + } + } + if (next_named_rr && next_named_rr->parent == named_rr) + return moan(rr->file_name, rr->line, + "DNAME must not have any children (but %s exists)", + next_named_rr->name); + } + return NULL; } struct rr_methods dname_methods = { dname_parse, dname_human, dname_wirerdata, dname_validate_set, NULL }; diff -pruN 0.8+git20160720-3.2/dnskey.c 0.8+git20170804-0ubuntu3/dnskey.c --- 0.8+git20160720-3.2/dnskey.c 2016-02-04 14:14:15.000000000 +0000 +++ 0.8+git20170804-0ubuntu3/dnskey.c 2017-08-04 14:27:44.000000000 +0000 @@ -13,6 +13,8 @@ #include #include #include +#include +#include #include "common.h" #include "textparse.h" @@ -22,192 +24,235 @@ static struct rr_dnskey *all_dns_keys = NULL; -static struct rr* dnskey_parse(char *name, long ttl, int type, char *s) +static struct rr* dnskey_cdnskey_parse(char *name, long ttl, int type, char *s) { - struct rr_dnskey *rr = getmem(sizeof(*rr)); - struct binary_data key; - int flags, proto, algorithm; - unsigned int ac; - int i; - static struct rr *result; - - flags = extract_integer(&s, "flags", NULL); - if (flags < 0) return NULL; - if (flags & 0xfe7e) - return bitch("reserved flags bits are set"); - if (flags & 0x0001 && !(flags & 0x0100)) - return bitch("SEP bit is set but Zone Key bit is unset"); - rr->flags = flags; - - /* TODO validate that `name` is the name of the zone if flags have Zone Key bit set */ - - proto = extract_integer(&s, "protocol", NULL); - if (proto < 0) return NULL; - if (proto != 3) - return bitch("bad protocol value"); - rr->protocol = proto; - - algorithm = extract_algorithm(&s, "algorithm"); - if (algorithm == ALG_UNSUPPORTED) return NULL; - if (algorithm == ALG_PRIVATEDNS || algorithm == ALG_PRIVATEOID) { - return bitch("private algorithms are not supported in DNSKEY"); - } - rr->algorithm = algorithm; - - key = extract_base64_binary_data(&s, "public key"); - if (key.length < 0) return NULL; - /* TODO validate key length based on algorithm */ - rr->pubkey = key; - - ac = 0; - ac += rr->flags; - ac += rr->protocol << 8; - ac += rr->algorithm; - for (i = 0; i < rr->pubkey.length; i++) { - ac += (i & 1) ? (unsigned char)rr->pubkey.data[i] : ((unsigned char)rr->pubkey.data[i]) << 8; - } - ac += (ac >> 16) & 0xFFFF; - rr->key_tag = ac & 0xFFFF; - - rr->pkey_built = 0; - rr->pkey = NULL; - rr->key_type = KEY_TYPE_UNUSED; - - if (*s) { - return bitch("garbage after valid DNSKEY data"); - } - result = store_record(type, name, ttl, rr); - if (result) { - rr->next_key = all_dns_keys; - all_dns_keys = rr; - } - return result; + struct rr_dnskey *rr = getmem(sizeof(*rr)); + struct binary_data key; + int flags, proto, algorithm; + unsigned int ac; + int i; + static struct rr *result; + + flags = extract_integer(&s, "flags", NULL); + if (flags < 0) return NULL; + if (flags & 0xfe7e) + return bitch("reserved flags bits are set"); + if (flags & 0x0001 && !(flags & 0x0100)) + return bitch("SEP bit is set but Zone Key bit is unset"); + rr->flags = flags; + + /* TODO validate that `name` is the name of the zone if flags have Zone Key bit set */ + + proto = extract_integer(&s, "protocol", NULL); + if (proto < 0) return NULL; + if (proto != 3) + return bitch("bad protocol value"); + rr->protocol = proto; + + algorithm = extract_algorithm(&s, "algorithm"); + if (algorithm == ALG_UNSUPPORTED) return NULL; + if (algorithm == ALG_PRIVATEDNS || algorithm == ALG_PRIVATEOID) { + return bitch("private algorithms are not supported in %s", type == T_CDNSKEY ? "CDNSKEY" : "DNSKEY"); + } + rr->algorithm = algorithm; + + key = extract_base64_binary_data(&s, "public key"); + if (key.length < 0) return NULL; + /* TODO validate key length based on algorithm */ + rr->pubkey = key; + + ac = 0; + ac += rr->flags; + ac += rr->protocol << 8; + ac += rr->algorithm; + for (i = 0; i < rr->pubkey.length; i++) { + ac += (i & 1) ? (unsigned char)rr->pubkey.data[i] : ((unsigned char)rr->pubkey.data[i]) << 8; + } + ac += (ac >> 16) & 0xFFFF; + rr->key_tag = ac & 0xFFFF; + + rr->pkey_built = 0; + rr->pkey = NULL; + rr->key_type = KEY_TYPE_UNUSED; + + if (*s) { + return bitch("garbage after valid %s data", type == T_CDNSKEY ? "CDNSKEY" : "DNSKEY"); + } + result = store_record(type, name, ttl, rr); + if (result && type == T_DNSKEY) { + rr->next_key = all_dns_keys; + all_dns_keys = rr; + } + return result; } -static char* dnskey_human(struct rr *rrv) +static char* dnskey_cdnskey_human(struct rr *rrv) { - RRCAST(dnskey); + RRCAST(dnskey); char s[1024]; snprintf(s, 1024, "%hu %d %d XXX ; key id = %hu", - rr->flags, rr->protocol, rr->algorithm, rr->key_tag); + rr->flags, rr->protocol, rr->algorithm, rr->key_tag); return quickstrdup_temp(s); } -static struct binary_data dnskey_wirerdata(struct rr *rrv) +static struct binary_data dnskey_cdnskey_wirerdata(struct rr *rrv) { - RRCAST(dnskey); + RRCAST(dnskey); - return compose_binary_data("211d", 1, - rr->flags, rr->protocol, rr->algorithm, - rr->pubkey); -} - -static void *dnskey_validate(struct rr *rrv) -{ - RRCAST(dnskey); - - if (G.opt.policy_checks[POLICY_DNSKEY]) { - if (algorithm_type(rr->algorithm) == ALG_RSA_FAMILY) { - unsigned int e_bytes; - unsigned char *pk; - int l; - - pk = (unsigned char *)rr->pubkey.data; - l = rr->pubkey.length; - - e_bytes = *pk++; - l--; - if (e_bytes == 0) { - if (l < 2) - return moan(rr->rr.file_name, rr->rr.line, "public key is too short"); - e_bytes = (*pk++) << 8; - e_bytes += *pk++; - l -= 2; - } - if (l < e_bytes) - return moan(rr->rr.file_name, rr->rr.line, "public key is too short"); - - if (*pk == 0) - return moan(rr->rr.file_name, rr->rr.line, "leading zero octets in public key exponent"); - pk += e_bytes; - l -= e_bytes; - if (l > 0 && *pk == 0) - return moan(rr->rr.file_name, rr->rr.line, "leading zero octets in key modulus"); - } - } - return NULL; + return compose_binary_data("211d", 1, + rr->flags, rr->protocol, rr->algorithm, + rr->pubkey); +} + +static void *dnskey_cdnskey_validate(struct rr *rrv) +{ + RRCAST(dnskey); + + if (G.opt.policy_checks[POLICY_DNSKEY]) { + if (algorithm_type(rr->algorithm) == ALG_RSA_FAMILY) { + unsigned int e_bytes; + unsigned char *pk; + int l; + + pk = (unsigned char *)rr->pubkey.data; + l = rr->pubkey.length; + + e_bytes = *pk++; + l--; + if (e_bytes == 0) { + if (l < 2) + return moan(rr->rr.file_name, rr->rr.line, "public key is too short"); + e_bytes = (*pk++) << 8; + e_bytes += *pk++; + l -= 2; + } + if (l < e_bytes) + return moan(rr->rr.file_name, rr->rr.line, "public key is too short"); + + if (*pk == 0) + return moan(rr->rr.file_name, rr->rr.line, "leading zero octets in public key exponent"); + pk += e_bytes; + l -= e_bytes; + if (l > 0 && *pk == 0) + return moan(rr->rr.file_name, rr->rr.line, "leading zero octets in key modulus"); + } + } + return NULL; } -struct rr_methods dnskey_methods = { dnskey_parse, dnskey_human, dnskey_wirerdata, NULL, dnskey_validate }; +struct rr_methods dnskey_methods = { dnskey_cdnskey_parse, dnskey_cdnskey_human, dnskey_cdnskey_wirerdata, NULL, dnskey_cdnskey_validate }; +struct rr_methods cdnskey_methods = { dnskey_cdnskey_parse, dnskey_cdnskey_human, dnskey_cdnskey_wirerdata, NULL, dnskey_cdnskey_validate }; int dnskey_build_pkey(struct rr_dnskey *rr) { - if (rr->pkey_built) - return rr->pkey ? 1 : 0; + if (rr->pkey_built) + return rr->pkey ? 1 : 0; - rr->pkey_built = 1; + rr->pkey_built = 1; - if (algorithm_type(rr->algorithm) == ALG_RSA_FAMILY) { - RSA *rsa; - EVP_PKEY *pkey; - unsigned int e_bytes; - unsigned char *pk; - int l; - - rsa = RSA_new(); - if (!rsa) - goto done; - - pk = (unsigned char *)rr->pubkey.data; - l = rr->pubkey.length; - - e_bytes = *pk++; - l--; - if (e_bytes == 0) { - if (l < 2) /* public key is too short */ - goto done; - e_bytes = (*pk++) << 8; - e_bytes += *pk++; - l -= 2; - } - if (l < e_bytes) /* public key is too short */ - goto done; - - rsa->e = BN_bin2bn(pk, e_bytes, NULL); - pk += e_bytes; - l -= e_bytes; - - rsa->n = BN_bin2bn(pk, l, NULL); - - pkey = EVP_PKEY_new(); - if (!pkey) - goto done; + if (algorithm_type(rr->algorithm) == ALG_RSA_FAMILY) { + RSA *rsa; + EVP_PKEY *pkey; + unsigned int e_bytes; + unsigned char *pk; + int l; + + rsa = RSA_new(); + if (!rsa) + goto done; + + pk = (unsigned char *)rr->pubkey.data; + l = rr->pubkey.length; + + e_bytes = *pk++; + l--; + if (e_bytes == 0) { + if (l < 2) /* public key is too short */ + goto done; + e_bytes = (*pk++) << 8; + e_bytes += *pk++; + l -= 2; + } + if (l < e_bytes) /* public key is too short */ + goto done; + + rsa->e = BN_bin2bn(pk, e_bytes, NULL); + pk += e_bytes; + l -= e_bytes; + + rsa->n = BN_bin2bn(pk, l, NULL); + + pkey = EVP_PKEY_new(); + if (!pkey) + goto done; + + if (!EVP_PKEY_set1_RSA(pkey, rsa)) + goto done; + + rr->pkey = pkey; + } else if (algorithm_type(rr->algorithm) == ALG_ECC_FAMILY) { + EC_KEY *pubeckey; + EVP_PKEY *pkey; + unsigned char *pk; + int l; + BIGNUM *bn_x = NULL; + BIGNUM *bn_y = NULL; + + if (rr->algorithm == ALG_ECDSAP256SHA256) { + l = SHA256_DIGEST_LENGTH; + pubeckey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); + } else if (rr->algorithm == ALG_ECDSAP384SHA384) { + l = SHA384_DIGEST_LENGTH; + pubeckey = EC_KEY_new_by_curve_name(NID_secp384r1); + } else { + goto done; + } + + if (!pubeckey) + goto done; + + if (rr->pubkey.length != 2*l) { + goto done; + } + + pk = (unsigned char *)rr->pubkey.data; + + bn_x = BN_bin2bn(pk, l, NULL); + bn_y = BN_bin2bn(&pk[l], l, NULL); + + if (1 != EC_KEY_set_public_key_affine_coordinates(pubeckey, bn_x, bn_y)) { + goto done; + } + + pkey = EVP_PKEY_new(); + if (!pkey) + goto done; - if (!EVP_PKEY_set1_RSA(pkey, rsa)) - goto done; + if (!EVP_PKEY_assign_EC_KEY(pkey, pubeckey)) + goto done; - rr->pkey = pkey; - } + rr->pkey = pkey; + } done: - if (!rr->pkey) { - moan(rr->rr.file_name, rr->rr.line, "error building pkey"); - } - return rr->pkey ? 1 : 0; + if (!rr->pkey) { + moan(rr->rr.file_name, rr->rr.line, "error building pkey"); + } + return rr->pkey ? 1 : 0; } void dnskey_ksk_policy_check(void) { - struct rr_dnskey *rr = all_dns_keys; - int ksk_found = 0; + struct rr_dnskey *rr = all_dns_keys; + int ksk_found = 0; - while (rr) { - if (rr->key_type == KEY_TYPE_KSK) - ksk_found = 1; - rr = rr->next_key; - } - if (!ksk_found) - moan(all_dns_keys->rr.file_name, all_dns_keys->rr.line, "No KSK found"); + while (rr) { + if (rr->key_type == KEY_TYPE_KSK) + ksk_found = 1; + rr = rr->next_key; + } + if (!ksk_found) + moan(all_dns_keys->rr.file_name, all_dns_keys->rr.line, "No KSK found"); } diff -pruN 0.8+git20160720-3.2/ds.c 0.8+git20170804-0ubuntu3/ds.c --- 0.8+git20160720-3.2/ds.c 2016-02-04 14:14:15.000000000 +0000 +++ 0.8+git20170804-0ubuntu3/ds.c 2017-08-04 14:27:44.000000000 +0000 @@ -17,83 +17,84 @@ #include "carp.h" #include "rr.h" -static struct rr* ds_parse(char *name, long ttl, int type, char *s) +static struct rr* ds_cds_parse(char *name, long ttl, int type, char *s) { - struct rr_ds *rr = getmem(sizeof(*rr)); - int key_tag, algorithm, digest_type; + struct rr_ds *rr = getmem(sizeof(*rr)); + int key_tag, algorithm, digest_type; - key_tag = extract_integer(&s, "key tag", NULL); - if (key_tag < 0) return NULL; - rr->key_tag = key_tag; - - algorithm = extract_algorithm(&s, "algorithm"); - if (algorithm == ALG_UNSUPPORTED) return NULL; - rr->algorithm = algorithm; - - digest_type = extract_integer(&s, "digest type", NULL); - if (digest_type < 0) return NULL; - rr->digest_type = digest_type; - - rr->digest = extract_hex_binary_data(&s, "digest", EXTRACT_EAT_WHITESPACE); - if (rr->digest.length < 0) return NULL; - - /* See http://www.iana.org/assignments/ds-rr-types/ds-rr-types.xml - * for valid digest types. */ - switch (digest_type) { - case 1: - if (rr->digest.length != SHA1_BYTES) { - return bitch("wrong SHA-1 digest length: %d bytes found, %d bytes expected", rr->digest.length, SHA1_BYTES); - } - break; - case 2: - if (rr->digest.length != SHA256_BYTES) { - return bitch("wrong SHA-256 digest length: %d bytes found, %d bytes expected", rr->digest.length, SHA256_BYTES); - } - break; - case 3: - if (rr->digest.length != GOST_BYTES) { - return bitch("wrong GOST R 34.11-94 digest length: %d bytes found, %d bytes expected", rr->digest.length, GOST_BYTES); - } - break; - case 4: - if (rr->digest.length != SHA384_BYTES) { - return bitch("wrong SHA-384 digest length: %d bytes found, %d bytes expected", rr->digest.length, SHA384_BYTES); - } - break; - default: - return bitch("bad or unsupported digest type %d", digest_type); - } - - if (*s) { - return bitch("garbage after valid DS data"); - } - return store_record(type, name, ttl, rr); + key_tag = extract_integer(&s, "key tag", NULL); + if (key_tag < 0) return NULL; + rr->key_tag = key_tag; + + algorithm = extract_algorithm(&s, "algorithm"); + if (algorithm == ALG_UNSUPPORTED) return NULL; + rr->algorithm = algorithm; + + digest_type = extract_integer(&s, "digest type", NULL); + if (digest_type < 0) return NULL; + rr->digest_type = digest_type; + + rr->digest = extract_hex_binary_data(&s, "digest", EXTRACT_EAT_WHITESPACE); + if (rr->digest.length < 0) return NULL; + + /* See http://www.iana.org/assignments/ds-rr-types/ds-rr-types.xml + * for valid digest types. */ + switch (digest_type) { + case 1: + if (rr->digest.length != SHA1_BYTES) { + return bitch("wrong SHA-1 digest length: %d bytes found, %d bytes expected", rr->digest.length, SHA1_BYTES); + } + break; + case 2: + if (rr->digest.length != SHA256_BYTES) { + return bitch("wrong SHA-256 digest length: %d bytes found, %d bytes expected", rr->digest.length, SHA256_BYTES); + } + break; + case 3: + if (rr->digest.length != GOST_BYTES) { + return bitch("wrong GOST R 34.11-94 digest length: %d bytes found, %d bytes expected", rr->digest.length, GOST_BYTES); + } + break; + case 4: + if (rr->digest.length != SHA384_BYTES) { + return bitch("wrong SHA-384 digest length: %d bytes found, %d bytes expected", rr->digest.length, SHA384_BYTES); + } + break; + default: + return bitch("bad or unsupported digest type %d", digest_type); + } + + if (*s) { + return bitch("garbage after valid %s data", type == T_CDS ? "CDS" : "DS"); + } + return store_record(type, name, ttl, rr); } -static char* ds_human(struct rr *rrv) +static char* ds_cds_human(struct rr *rrv) { - RRCAST(ds); + RRCAST(ds); char ss[4096]; - char *s = ss; - int l; - int i; + char *s = ss; + int l; + int i; l = snprintf(s, 4096, "%u %u %u ", rr->key_tag, rr->algorithm, rr->digest_type); - s += l; - for (i = 0; i < rr->digest.length; i++) { - l = snprintf(s, 4096-(s-ss), "%02X", (unsigned char)rr->digest.data[i]); - s += l; - } + s += l; + for (i = 0; i < rr->digest.length; i++) { + l = snprintf(s, 4096-(s-ss), "%02X", (unsigned char)rr->digest.data[i]); + s += l; + } return quickstrdup_temp(ss); } -static struct binary_data ds_wirerdata(struct rr *rrv) +static struct binary_data ds_cds_wirerdata(struct rr *rrv) { - RRCAST(ds); + RRCAST(ds); - return compose_binary_data("211d", 1, - rr->key_tag, rr->algorithm, rr->digest_type, - rr->digest); + return compose_binary_data("211d", 1, + rr->key_tag, rr->algorithm, rr->digest_type, + rr->digest); } -struct rr_methods ds_methods = { ds_parse, ds_human, ds_wirerdata, NULL, NULL }; +struct rr_methods ds_methods = { ds_cds_parse, ds_cds_human, ds_cds_wirerdata, NULL, NULL }; +struct rr_methods cds_methods = { ds_cds_parse, ds_cds_human, ds_cds_wirerdata, NULL, NULL }; diff -pruN 0.8+git20160720-3.2/hinfo.c 0.8+git20170804-0ubuntu3/hinfo.c --- 0.8+git20160720-3.2/hinfo.c 2016-02-04 14:14:15.000000000 +0000 +++ 0.8+git20170804-0ubuntu3/hinfo.c 2017-08-04 14:27:44.000000000 +0000 @@ -20,30 +20,30 @@ static struct rr *hinfo_parse(char *name, long ttl, int type, char *s) { - struct rr_hinfo *rr = getmem(sizeof(*rr)); + struct rr_hinfo *rr = getmem(sizeof(*rr)); - rr->cpu = extract_text(&s, "CPU"); - if (rr->cpu.length < 0) - return NULL; - if (rr->cpu.length > 255) - return bitch("CPU string is too long"); - - rr->os = extract_text(&s, "OS"); - if (rr->os.length < 0) - return NULL; - if (rr->os.length > 255) - return bitch("OS string is too long"); - - if (*s) { - return bitch("garbage after valid HINFO data"); - } + rr->cpu = extract_text(&s, "CPU"); + if (rr->cpu.length < 0) + return NULL; + if (rr->cpu.length > 255) + return bitch("CPU string is too long"); + + rr->os = extract_text(&s, "OS"); + if (rr->os.length < 0) + return NULL; + if (rr->os.length > 255) + return bitch("OS string is too long"); + + if (*s) { + return bitch("garbage after valid HINFO data"); + } - return store_record(type, name, ttl, rr); + return store_record(type, name, ttl, rr); } static char* hinfo_human(struct rr *rrv) { - RRCAST(hinfo); + RRCAST(hinfo); char s[1024]; snprintf(s, 1024, "\"%s\" \"%s\"", rr->cpu.data, rr->os.data); @@ -52,7 +52,7 @@ static char* hinfo_human(struct rr *rrv) static struct binary_data hinfo_wirerdata(struct rr *rrv) { - RRCAST(hinfo); + RRCAST(hinfo); return compose_binary_data("bb", 1, rr->cpu, rr->os); } diff -pruN 0.8+git20160720-3.2/ipseckey.c 0.8+git20170804-0ubuntu3/ipseckey.c --- 0.8+git20160720-3.2/ipseckey.c 2016-02-04 14:14:15.000000000 +0000 +++ 0.8+git20170804-0ubuntu3/ipseckey.c 2017-08-04 14:27:44.000000000 +0000 @@ -21,157 +21,157 @@ static struct rr *ipseckey_parse(char *name, long ttl, int type, char *s) { - struct rr_ipseckey *rr = getmem(sizeof(*rr)); - int i; + struct rr_ipseckey *rr = getmem(sizeof(*rr)); + int i; - rr->precedence = i = extract_integer(&s, "precedence", NULL); - if (i < 0) return NULL; - if (i >= 256) return bitch("precedence range is not valid"); - - rr->gateway_type = i = extract_integer(&s, "gateway type", NULL); - if (i < 0) return NULL; - if (i > 3) return bitch("gateway type is not valid"); - - rr->algorithm = i = extract_integer(&s, "algorithm", NULL); - if (i < 0) return NULL; - if (i > 2) return bitch("algorithm is not valid"); - - switch (rr->gateway_type) { - case 0: - rr->gateway.gateway_none = extract_name(&s, "gateway/.", KEEP_CAPITALIZATION); - if (!rr->gateway.gateway_none) return NULL; - if (strcmp(rr->gateway.gateway_none, ".") != 0) - return bitch("gateway must be \".\" for gateway type 0"); - break; - case 1: - if (extract_ipv4(&s, "gateway/IPv4", &rr->gateway.gateway_ipv4) <= 0) - return NULL; - break; - case 2: - if (extract_ipv6(&s, "gateway/IPv6", &rr->gateway.gateway_ipv6) <= 0) - return NULL; - break; - case 3: - rr->gateway.gateway_name = extract_name(&s, "gateway/name", KEEP_CAPITALIZATION); - if (!rr->gateway.gateway_name) return NULL; - break; - default: - croakx(7, "assertion failed: gateway type %d not within range", rr->gateway_type); - } - - /* My reading of http://tools.ietf.org/html/rfc4025 is fuzzy on: - * - * - whether it is possible to have algorithm 0 and non-empty key; - * - whether it is possible to have empty key and algorithm != 0. - * - * Here I assume "not possible" for both. - */ - switch (rr->algorithm) { - case 0: - break; - case 1: - /* DSA key */ - rr->public_key = extract_base64_binary_data(&s, "public key"); - if (rr->public_key.length < 0) return NULL; - break; - case 2: - /* RSA key */ - rr->public_key = extract_base64_binary_data(&s, "public key"); - if (rr->public_key.length < 0) return NULL; - break; - default: - croakx(7, "assertion failed: algorithm %d not within range", rr->algorithm); - } - - if (*s) { - return bitch("garbage after valid IPSECKEY data"); - } + rr->precedence = i = extract_integer(&s, "precedence", NULL); + if (i < 0) return NULL; + if (i >= 256) return bitch("precedence range is not valid"); + + rr->gateway_type = i = extract_integer(&s, "gateway type", NULL); + if (i < 0) return NULL; + if (i > 3) return bitch("gateway type is not valid"); + + rr->algorithm = i = extract_integer(&s, "algorithm", NULL); + if (i < 0) return NULL; + if (i > 2) return bitch("algorithm is not valid"); + + switch (rr->gateway_type) { + case 0: + rr->gateway.gateway_none = extract_name(&s, "gateway/.", KEEP_CAPITALIZATION); + if (!rr->gateway.gateway_none) return NULL; + if (strcmp(rr->gateway.gateway_none, ".") != 0) + return bitch("gateway must be \".\" for gateway type 0"); + break; + case 1: + if (extract_ipv4(&s, "gateway/IPv4", &rr->gateway.gateway_ipv4) <= 0) + return NULL; + break; + case 2: + if (extract_ipv6(&s, "gateway/IPv6", &rr->gateway.gateway_ipv6) <= 0) + return NULL; + break; + case 3: + rr->gateway.gateway_name = extract_name(&s, "gateway/name", KEEP_CAPITALIZATION); + if (!rr->gateway.gateway_name) return NULL; + break; + default: + croakx(7, "assertion failed: gateway type %d not within range", rr->gateway_type); + } + + /* My reading of http://tools.ietf.org/html/rfc4025 is fuzzy on: + * + * - whether it is possible to have algorithm 0 and non-empty key; + * - whether it is possible to have empty key and algorithm != 0. + * + * Here I assume "not possible" for both. + */ + switch (rr->algorithm) { + case 0: + break; + case 1: + /* DSA key */ + rr->public_key = extract_base64_binary_data(&s, "public key"); + if (rr->public_key.length < 0) return NULL; + break; + case 2: + /* RSA key */ + rr->public_key = extract_base64_binary_data(&s, "public key"); + if (rr->public_key.length < 0) return NULL; + break; + default: + croakx(7, "assertion failed: algorithm %d not within range", rr->algorithm); + } + + if (*s) { + return bitch("garbage after valid IPSECKEY data"); + } - return store_record(type, name, ttl, rr); + return store_record(type, name, ttl, rr); } static char* ipseckey_human(struct rr *rrv) { - RRCAST(ipseckey); + RRCAST(ipseckey); char s[1024], gw[1024]; - switch (rr->gateway_type) { - case 0: - strcpy(gw, rr->gateway.gateway_none); - break; - case 1: - inet_ntop(AF_INET, &rr->gateway.gateway_ipv4, gw, 1024); - break; - case 2: - inet_ntop(AF_INET6, &rr->gateway.gateway_ipv6, gw, 1024); - break; - case 3: - strcpy(gw, rr->gateway.gateway_name); - break; - default: - strcpy(gw, "??"); - } + switch (rr->gateway_type) { + case 0: + strcpy(gw, rr->gateway.gateway_none); + break; + case 1: + inet_ntop(AF_INET, &rr->gateway.gateway_ipv4, gw, 1024); + break; + case 2: + inet_ntop(AF_INET6, &rr->gateway.gateway_ipv6, gw, 1024); + break; + case 3: + strcpy(gw, rr->gateway.gateway_name); + break; + default: + strcpy(gw, "??"); + } snprintf(s, 1024, "( %d %d %d %s ... )", - rr->precedence, rr->gateway_type, rr->algorithm, gw); + rr->precedence, rr->gateway_type, rr->algorithm, gw); return quickstrdup_temp(s); } static struct binary_data ipseckey_wirerdata(struct rr *rrv) { - RRCAST(ipseckey); - struct binary_data helper; + RRCAST(ipseckey); + struct binary_data helper; - switch (rr->gateway_type) { - case 0: - if (rr->algorithm != 0) - return compose_binary_data("111d", 1, - rr->precedence, rr->gateway_type, rr->algorithm, - rr->public_key); - else - return compose_binary_data("111", 1, - rr->precedence, rr->gateway_type, rr->algorithm); - break; - case 1: - helper.length = sizeof(rr->gateway.gateway_ipv4); - helper.data = (void *)&rr->gateway.gateway_ipv4; - - if (rr->algorithm != 0) - return compose_binary_data("111dd", 1, - rr->precedence, rr->gateway_type, rr->algorithm, - helper, - rr->public_key); - else - return compose_binary_data("111d", 1, - rr->precedence, rr->gateway_type, rr->algorithm, - helper); - break; - case 2: - - helper.length = sizeof(rr->gateway.gateway_ipv6); - helper.data = (void *)&rr->gateway.gateway_ipv6; - - if (rr->algorithm != 0) - return compose_binary_data("111dd", 1, - rr->precedence, rr->gateway_type, rr->algorithm, - helper, - rr->public_key); - else - return compose_binary_data("111d", 1, - rr->precedence, rr->gateway_type, rr->algorithm, - helper); - break; - case 3: - if (rr->algorithm != 0) - return compose_binary_data("111dd", 1, - rr->precedence, rr->gateway_type, rr->algorithm, - name2wire_name(rr->gateway.gateway_name), - rr->public_key); - else - return compose_binary_data("111d", 1, - rr->precedence, rr->gateway_type, rr->algorithm, - name2wire_name(rr->gateway.gateway_name)); - break; - } + switch (rr->gateway_type) { + case 0: + if (rr->algorithm != 0) + return compose_binary_data("111d", 1, + rr->precedence, rr->gateway_type, rr->algorithm, + rr->public_key); + else + return compose_binary_data("111", 1, + rr->precedence, rr->gateway_type, rr->algorithm); + break; + case 1: + helper.length = sizeof(rr->gateway.gateway_ipv4); + helper.data = (void *)&rr->gateway.gateway_ipv4; + + if (rr->algorithm != 0) + return compose_binary_data("111dd", 1, + rr->precedence, rr->gateway_type, rr->algorithm, + helper, + rr->public_key); + else + return compose_binary_data("111d", 1, + rr->precedence, rr->gateway_type, rr->algorithm, + helper); + break; + case 2: + + helper.length = sizeof(rr->gateway.gateway_ipv6); + helper.data = (void *)&rr->gateway.gateway_ipv6; + + if (rr->algorithm != 0) + return compose_binary_data("111dd", 1, + rr->precedence, rr->gateway_type, rr->algorithm, + helper, + rr->public_key); + else + return compose_binary_data("111d", 1, + rr->precedence, rr->gateway_type, rr->algorithm, + helper); + break; + case 3: + if (rr->algorithm != 0) + return compose_binary_data("111dd", 1, + rr->precedence, rr->gateway_type, rr->algorithm, + name2wire_name(rr->gateway.gateway_name), + rr->public_key); + else + return compose_binary_data("111d", 1, + rr->precedence, rr->gateway_type, rr->algorithm, + name2wire_name(rr->gateway.gateway_name)); + break; + } return bad_binary_data(); } diff -pruN 0.8+git20160720-3.2/isdn.c 0.8+git20170804-0ubuntu3/isdn.c --- 0.8+git20160720-3.2/isdn.c 2016-02-04 14:14:15.000000000 +0000 +++ 0.8+git20170804-0ubuntu3/isdn.c 2017-08-04 14:27:44.000000000 +0000 @@ -23,52 +23,52 @@ static struct rr *isdn_parse(char *name, long ttl, int type, char *s) { - struct rr_isdn *rr = getmem(sizeof(*rr)); + struct rr_isdn *rr = getmem(sizeof(*rr)); - rr->isdn_address = extract_text(&s, "ISDN-address"); - if (rr->isdn_address.length < 0) - return NULL; - if (rr->isdn_address.length > 255) - return bitch("ISDN-address too long"); - - rr->sa_present = 0; - if (*s) { - rr->sa = extract_text(&s, "subaddress"); - if (rr->sa.length < 0) - return NULL; - if (rr->sa.length > 255) - return bitch("subaddress too long"); - rr->sa_present = 1; - } - - if (*s) { - return bitch("garbage after valid ISDN data"); - } + rr->isdn_address = extract_text(&s, "ISDN-address"); + if (rr->isdn_address.length < 0) + return NULL; + if (rr->isdn_address.length > 255) + return bitch("ISDN-address too long"); + + rr->sa_present = 0; + if (*s) { + rr->sa = extract_text(&s, "subaddress"); + if (rr->sa.length < 0) + return NULL; + if (rr->sa.length > 255) + return bitch("subaddress too long"); + rr->sa_present = 1; + } + + if (*s) { + return bitch("garbage after valid ISDN data"); + } - return store_record(type, name, ttl, rr); + return store_record(type, name, ttl, rr); } static char* isdn_human(struct rr *rrv) { - RRCAST(isdn); + RRCAST(isdn); return rr->isdn_address.data; } static struct binary_data isdn_wirerdata(struct rr *rrv) { - RRCAST(isdn); - struct binary_data r, t; + RRCAST(isdn); + struct binary_data r, t; - r = bad_binary_data(); - t.length = 0; - t.data = NULL; - r = compose_binary_data("db", 1, t, rr->isdn_address); - t = r; - if (rr->sa_present) { - r = compose_binary_data("db", 1, t, rr->sa); - t = r; - } + r = bad_binary_data(); + t.length = 0; + t.data = NULL; + r = compose_binary_data("db", 1, t, rr->isdn_address); + t = r; + if (rr->sa_present) { + r = compose_binary_data("db", 1, t, rr->sa); + t = r; + } return r; } diff -pruN 0.8+git20160720-3.2/kx.c 0.8+git20170804-0ubuntu3/kx.c --- 0.8+git20160720-3.2/kx.c 2016-02-04 14:14:15.000000000 +0000 +++ 0.8+git20170804-0ubuntu3/kx.c 2017-08-04 14:27:44.000000000 +0000 @@ -19,40 +19,40 @@ static struct rr *kx_parse(char *name, long ttl, int type, char *s) { - struct rr_kx *rr = getmem(sizeof(*rr)); + struct rr_kx *rr = getmem(sizeof(*rr)); - rr->preference = extract_integer(&s, "KX preference", NULL); - if (rr->preference < 0) - return NULL; + rr->preference = extract_integer(&s, "KX preference", NULL); + if (rr->preference < 0) + return NULL; - rr->exchanger = extract_name(&s, "KX exchanger", 0); - if (!rr->exchanger) - return NULL; + rr->exchanger = extract_name(&s, "KX exchanger", 0); + if (!rr->exchanger) + return NULL; - if (*s) { - return bitch("garbage after valid KX data"); - } + if (*s) { + return bitch("garbage after valid KX data"); + } - return store_record(type, name, ttl, rr); + return store_record(type, name, ttl, rr); } static char* kx_human(struct rr *rrv) { - RRCAST(kx); + RRCAST(kx); char s[1024]; snprintf(s, 1024, "%d %s", - rr->preference, rr->exchanger); + rr->preference, rr->exchanger); return quickstrdup_temp(s); } static struct binary_data kx_wirerdata(struct rr *rrv) { - RRCAST(kx); + RRCAST(kx); return compose_binary_data("2d", 1, - rr->preference, - name2wire_name(rr->exchanger)); + rr->preference, + name2wire_name(rr->exchanger)); } struct rr_methods kx_methods = { kx_parse, kx_human, kx_wirerdata, NULL, NULL }; diff -pruN 0.8+git20160720-3.2/l32.c 0.8+git20170804-0ubuntu3/l32.c --- 0.8+git20160720-3.2/l32.c 2016-02-04 14:14:15.000000000 +0000 +++ 0.8+git20170804-0ubuntu3/l32.c 2017-08-04 14:27:44.000000000 +0000 @@ -19,41 +19,41 @@ static struct rr *l32_parse(char *name, long ttl, int type, char *s) { - struct rr_l32 *rr = getmem(sizeof(*rr)); - struct in_addr ipv4_like; - int preference; - - rr->preference = preference = extract_integer(&s, "L32 preference", NULL); - if (preference < 0) - return NULL; - if (extract_ipv4(&s, "Locator32", &ipv4_like) <= 0) - return NULL; - rr->locator32 = ipv4_like.s_addr; - - if (*s) { - return bitch("garbage after valid L32 data"); - } + struct rr_l32 *rr = getmem(sizeof(*rr)); + struct in_addr ipv4_like; + int preference; + + rr->preference = preference = extract_integer(&s, "L32 preference", NULL); + if (preference < 0) + return NULL; + if (extract_ipv4(&s, "Locator32", &ipv4_like) <= 0) + return NULL; + rr->locator32 = ipv4_like.s_addr; + + if (*s) { + return bitch("garbage after valid L32 data"); + } - return store_record(type, name, ttl, rr); + return store_record(type, name, ttl, rr); } static char* l32_human(struct rr *rrv) { - RRCAST(l32); + RRCAST(l32); char s[1024]; snprintf(s, 1024, "%d %d.%d.%d.%d", - rr->preference, - (rr->locator32 >> 24) & 0xff, - (rr->locator32 >> 16) & 0xff, - (rr->locator32 >> 8) & 0xff, - (rr->locator32 >> 0) & 0xff); + rr->preference, + (rr->locator32 >> 24) & 0xff, + (rr->locator32 >> 16) & 0xff, + (rr->locator32 >> 8) & 0xff, + (rr->locator32 >> 0) & 0xff); return quickstrdup_temp(s); } static struct binary_data l32_wirerdata(struct rr *rrv) { - RRCAST(l32); + RRCAST(l32); return compose_binary_data("24", 1, rr->preference, rr->locator32); } diff -pruN 0.8+git20160720-3.2/l64.c 0.8+git20170804-0ubuntu3/l64.c --- 0.8+git20160720-3.2/l64.c 2016-02-04 14:14:15.000000000 +0000 +++ 0.8+git20170804-0ubuntu3/l64.c 2017-08-04 14:27:44.000000000 +0000 @@ -19,39 +19,39 @@ static struct rr *l64_parse(char *name, long ttl, int type, char *s) { - struct rr_l64 *rr = getmem(sizeof(*rr)); - int preference; + struct rr_l64 *rr = getmem(sizeof(*rr)); + int preference; - rr->preference = preference = extract_integer(&s, "L64 preference", NULL); - if (preference < 0) - return NULL; - if (extract_u64(&s, "Locator64", &rr->locator64) < 0) - return NULL; - - if (*s) { - return bitch("garbage after valid L64 data"); - } + rr->preference = preference = extract_integer(&s, "L64 preference", NULL); + if (preference < 0) + return NULL; + if (extract_u64(&s, "Locator64", &rr->locator64) < 0) + return NULL; + + if (*s) { + return bitch("garbage after valid L64 data"); + } - return store_record(type, name, ttl, rr); + return store_record(type, name, ttl, rr); } static char* l64_human(struct rr *rrv) { - RRCAST(l64); + RRCAST(l64); char s[1024]; snprintf(s, 1024, "%d %x:%x:%x:%x", - rr->preference, - (unsigned)(rr->locator64 >> 48) & 0xffff, - (unsigned)(rr->locator64 >> 32) & 0xffff, - (unsigned)(rr->locator64 >> 16) & 0xffff, - (unsigned)(rr->locator64 >> 0) & 0xffff); + rr->preference, + (unsigned)(rr->locator64 >> 48) & 0xffff, + (unsigned)(rr->locator64 >> 32) & 0xffff, + (unsigned)(rr->locator64 >> 16) & 0xffff, + (unsigned)(rr->locator64 >> 0) & 0xffff); return quickstrdup_temp(s); } static struct binary_data l64_wirerdata(struct rr *rrv) { - RRCAST(l64); + RRCAST(l64); return compose_binary_data("28", 1, rr->preference, rr->locator64); } diff -pruN 0.8+git20160720-3.2/loc.c 0.8+git20170804-0ubuntu3/loc.c --- 0.8+git20160720-3.2/loc.c 2016-02-04 14:14:15.000000000 +0000 +++ 0.8+git20170804-0ubuntu3/loc.c 2017-08-04 14:27:44.000000000 +0000 @@ -21,161 +21,161 @@ static uint8_t double2loc_format(double val) { - if (val > 1000000000) { - return (((uint8_t)(val / 1000000000)) << 4) | 9; - } else if (val > 100000000) { - return (((uint8_t)(val / 100000000)) << 4) | 8; - } else if (val > 10000000) { - return (((uint8_t)(val / 10000000)) << 4) | 7; - } else if (val > 1000000) { - return (((uint8_t)(val / 1000000)) << 4) | 6; - } else if (val > 100000) { - return (((uint8_t)(val / 100000)) << 4) | 5; - } else if (val > 10000) { - return (((uint8_t)(val / 10000)) << 4) | 4; - } else if (val > 1000) { - return (((uint8_t)(val / 1000)) << 4) | 3; - } else if (val > 100) { - return (((uint8_t)(val / 100)) << 4) | 2; - } else if (val > 10) { - return (((uint8_t)(val / 10)) << 4) | 1; - } else { - return (((uint8_t)(val)) << 4); - } + if (val > 1000000000) { + return (((uint8_t)(val / 1000000000)) << 4) | 9; + } else if (val > 100000000) { + return (((uint8_t)(val / 100000000)) << 4) | 8; + } else if (val > 10000000) { + return (((uint8_t)(val / 10000000)) << 4) | 7; + } else if (val > 1000000) { + return (((uint8_t)(val / 1000000)) << 4) | 6; + } else if (val > 100000) { + return (((uint8_t)(val / 100000)) << 4) | 5; + } else if (val > 10000) { + return (((uint8_t)(val / 10000)) << 4) | 4; + } else if (val > 1000) { + return (((uint8_t)(val / 1000)) << 4) | 3; + } else if (val > 100) { + return (((uint8_t)(val / 100)) << 4) | 2; + } else if (val > 10) { + return (((uint8_t)(val / 10)) << 4) | 1; + } else { + return (((uint8_t)(val)) << 4); + } } static struct rr *loc_parse(char *name, long ttl, int type, char *s) { - struct rr_loc *rr = getmem(sizeof(*rr)); - long long i; - int deg; - int min; - double sec, val; - - rr->version = 0; - - /* latitude block */ - i = extract_integer(&s, "degrees latitude", NULL); - if (i < 0) - return NULL; - if (i > 90) - return bitch("degrees latitude not in the range 0..90"); - deg = i; - min = 0; - sec = 0; - if (isdigit(*s)) { - i = extract_integer(&s, "minutes latitude", NULL); - if (i < 0) - return NULL; - if (i > 59) - return bitch("minutes latitude not in the range 0..59"); - min = i; - - if (isdigit(*s)) { /* restricted floating point, starting with a digit */ - if (extract_double(&s, "seconds latitude", &sec, 0) < 0) - return NULL; - if (sec < 0 || sec > 59.999) - return bitch("seconds latitude not in the range 0..59.999"); - } - } - rr->latitude = sec*1000 + .5 + min*1000*60 + deg*1000*60*60; - if (*s == 'n' || *s == 'N') { - s++; - rr->latitude = 2147483648u + rr->latitude; - } else if (*s == 's' || *s == 'S') { - s++; - rr->latitude = 2147483648u - rr->latitude; - } else { - return bitch("latitude: N or S is expected"); - } - if (*s && !isspace(*s) && *s != ';' && *s != ')') { - return bitch("latitude: N or S is expected"); - } - s = skip_white_space(s); - if (!s) return NULL; - - /* longitude block */ - i = extract_integer(&s, "degrees longitude", NULL); - if (i < 0) - return NULL; - if (i > 180) - return bitch("degrees longitude not in the range 0..90"); - deg = i; - min = 0; - sec = 0; - if (isdigit(*s)) { - i = extract_integer(&s, "minutes longitude", NULL); - if (i < 0) - return NULL; - if (i > 59) - return bitch("minutes longitude not in the range 0..59"); - min = i; - - if (isdigit(*s)) { /* restricted floating point, starting with a digit */ - if (extract_double(&s, "seconds longitude", &sec, 0) < 0) - return NULL; - if (sec < 0 || sec > 59.999) - return bitch("seconds longitude not in the range 0..59.999"); - } - } - rr->longitude = sec*1000 + .5 + min*1000*60 + deg*1000*60*60; - if (*s == 'e' || *s == 'E') { - s++; - rr->longitude = 2147483648u + rr->longitude; - } else if (*s == 'w' || *s == 'W') { - s++; - rr->longitude = 2147483648u - rr->longitude; - } else { - return bitch("longitude: E or W is expected"); - } - if (*s && !isspace(*s) && *s != ';' && *s != ')') { - return bitch("longitude: E or W is expected"); - } - s = skip_white_space(s); - if (!s) return NULL; - - if (extract_double(&s, "altitude", &val, 1) < 0) - return NULL; - if (val < -100000.00 || val > 42849672.95) - return bitch("altitude is out of supported range"); - rr->altitude = (val + 100000.00) * 100 + 0.5; - - if (*s) { - if (extract_double(&s, "sphere size", &val, 1) < 0) - return NULL; - if (val < 0 || val > 90000000.00) - return bitch("sphere size is out of supported range"); - rr->size = double2loc_format(val * 100 + 0.5); - - if (*s) { - if (extract_double(&s, "horizontal precision", &val, 1) < 0) - return NULL; - if (val < 0 || val > 90000000.00) - return bitch("horizontal precision is out of supported range"); - rr->horiz_pre = double2loc_format(val * 100 + 0.5); - - if (*s) { - if (extract_double(&s, "vertical precision", &val, 1) < 0) - return NULL; - if (val < 0 || val > 90000000.00) - return bitch("vertical precision is out of supported range"); - rr->vert_pre = double2loc_format(val * 100 + 0.5); - } else { - rr->vert_pre = double2loc_format(10 * 100 + 0.5); - } - } else { - rr->horiz_pre = double2loc_format(10000 * 100 + 0.5); - } - } else { - rr->size = double2loc_format(1 * 100 + 0.5); - } - - if (*s) { - return bitch("garbage after valid LOC data"); - } + struct rr_loc *rr = getmem(sizeof(*rr)); + long long i; + int deg; + int min; + double sec, val; + + rr->version = 0; + + /* latitude block */ + i = extract_integer(&s, "degrees latitude", NULL); + if (i < 0) + return NULL; + if (i > 90) + return bitch("degrees latitude not in the range 0..90"); + deg = i; + min = 0; + sec = 0; + if (isdigit(*s)) { + i = extract_integer(&s, "minutes latitude", NULL); + if (i < 0) + return NULL; + if (i > 59) + return bitch("minutes latitude not in the range 0..59"); + min = i; + + if (isdigit(*s)) { /* restricted floating point, starting with a digit */ + if (extract_double(&s, "seconds latitude", &sec, 0) < 0) + return NULL; + if (sec < 0 || sec > 59.999) + return bitch("seconds latitude not in the range 0..59.999"); + } + } + rr->latitude = sec*1000 + .5 + min*1000*60 + deg*1000*60*60; + if (*s == 'n' || *s == 'N') { + s++; + rr->latitude = 2147483648u + rr->latitude; + } else if (*s == 's' || *s == 'S') { + s++; + rr->latitude = 2147483648u - rr->latitude; + } else { + return bitch("latitude: N or S is expected"); + } + if (*s && !isspace(*s) && *s != ';' && *s != ')') { + return bitch("latitude: N or S is expected"); + } + s = skip_white_space(s); + if (!s) return NULL; + + /* longitude block */ + i = extract_integer(&s, "degrees longitude", NULL); + if (i < 0) + return NULL; + if (i > 180) + return bitch("degrees longitude not in the range 0..90"); + deg = i; + min = 0; + sec = 0; + if (isdigit(*s)) { + i = extract_integer(&s, "minutes longitude", NULL); + if (i < 0) + return NULL; + if (i > 59) + return bitch("minutes longitude not in the range 0..59"); + min = i; + + if (isdigit(*s)) { /* restricted floating point, starting with a digit */ + if (extract_double(&s, "seconds longitude", &sec, 0) < 0) + return NULL; + if (sec < 0 || sec > 59.999) + return bitch("seconds longitude not in the range 0..59.999"); + } + } + rr->longitude = sec*1000 + .5 + min*1000*60 + deg*1000*60*60; + if (*s == 'e' || *s == 'E') { + s++; + rr->longitude = 2147483648u + rr->longitude; + } else if (*s == 'w' || *s == 'W') { + s++; + rr->longitude = 2147483648u - rr->longitude; + } else { + return bitch("longitude: E or W is expected"); + } + if (*s && !isspace(*s) && *s != ';' && *s != ')') { + return bitch("longitude: E or W is expected"); + } + s = skip_white_space(s); + if (!s) return NULL; + + if (extract_double(&s, "altitude", &val, 1) < 0) + return NULL; + if (val < -100000.00 || val > 42849672.95) + return bitch("altitude is out of supported range"); + rr->altitude = (val + 100000.00) * 100 + 0.5; + + if (*s) { + if (extract_double(&s, "sphere size", &val, 1) < 0) + return NULL; + if (val < 0 || val > 90000000.00) + return bitch("sphere size is out of supported range"); + rr->size = double2loc_format(val * 100 + 0.5); + + if (*s) { + if (extract_double(&s, "horizontal precision", &val, 1) < 0) + return NULL; + if (val < 0 || val > 90000000.00) + return bitch("horizontal precision is out of supported range"); + rr->horiz_pre = double2loc_format(val * 100 + 0.5); + + if (*s) { + if (extract_double(&s, "vertical precision", &val, 1) < 0) + return NULL; + if (val < 0 || val > 90000000.00) + return bitch("vertical precision is out of supported range"); + rr->vert_pre = double2loc_format(val * 100 + 0.5); + } else { + rr->vert_pre = double2loc_format(10 * 100 + 0.5); + } + } else { + rr->horiz_pre = double2loc_format(10000 * 100 + 0.5); + } + } else { + rr->size = double2loc_format(1 * 100 + 0.5); + } + + if (*s) { + return bitch("garbage after valid LOC data"); + } - return store_record(type, name, ttl, rr); + return store_record(type, name, ttl, rr); } static char* loc_human(struct rr *rrv) @@ -185,17 +185,17 @@ static char* loc_human(struct rr *rrv) // snprintf(s, 1024, "\"%s\" \"%s\"", rr->cpu.data, rr->os.data); // return quickstrdup_temp(s); - return "meow"; + return "meow"; } static struct binary_data loc_wirerdata(struct rr *rrv) { - RRCAST(loc); + RRCAST(loc); return compose_binary_data("1111444", 1, - rr->version, rr->size, - rr->horiz_pre, rr->vert_pre, - rr->latitude, rr->longitude, rr->altitude); + rr->version, rr->size, + rr->horiz_pre, rr->vert_pre, + rr->latitude, rr->longitude, rr->altitude); } struct rr_methods loc_methods = { loc_parse, loc_human, loc_wirerdata, NULL, NULL }; diff -pruN 0.8+git20160720-3.2/lp.c 0.8+git20170804-0ubuntu3/lp.c --- 0.8+git20160720-3.2/lp.c 2016-02-04 14:14:15.000000000 +0000 +++ 0.8+git20170804-0ubuntu3/lp.c 2017-08-04 14:27:44.000000000 +0000 @@ -20,41 +20,41 @@ static struct rr *lp_parse(char *name, long ttl, int type, char *s) { - struct rr_lp *rr = getmem(sizeof(*rr)); - int preference; + struct rr_lp *rr = getmem(sizeof(*rr)); + int preference; - rr->preference = preference = extract_integer(&s, "LP preference", NULL); - if (preference < 0) - return NULL; - rr->fqdn = extract_name(&s, "LP fqdn", 0); - if (!rr->fqdn) - return NULL; - if (strcasecmp(name, rr->fqdn) == 0) { - return bitch("LP points to itself"); - } - - if (*s) { - return bitch("garbage after valid LP data"); - } + rr->preference = preference = extract_integer(&s, "LP preference", NULL); + if (preference < 0) + return NULL; + rr->fqdn = extract_name(&s, "LP fqdn", 0); + if (!rr->fqdn) + return NULL; + if (strcasecmp(name, rr->fqdn) == 0) { + return bitch("LP points to itself"); + } + + if (*s) { + return bitch("garbage after valid LP data"); + } - return store_record(type, name, ttl, rr); + return store_record(type, name, ttl, rr); } static char* lp_human(struct rr *rrv) { - RRCAST(lp); - char s[1024]; + RRCAST(lp); + char s[1024]; - snprintf(s, 1024, "%d %s", - rr->preference, rr->fqdn); - return quickstrdup_temp(s); + snprintf(s, 1024, "%d %s", + rr->preference, rr->fqdn); + return quickstrdup_temp(s); } static struct binary_data lp_wirerdata(struct rr *rrv) { - RRCAST(lp); + RRCAST(lp); return compose_binary_data("2d", 1, - rr->preference, name2wire_name(rr->fqdn)); + rr->preference, name2wire_name(rr->fqdn)); } struct rr_methods lp_methods = { lp_parse, lp_human, lp_wirerdata, NULL, NULL }; diff -pruN 0.8+git20160720-3.2/main.c 0.8+git20170804-0ubuntu3/main.c --- 0.8+git20160720-3.2/main.c 2016-02-04 14:14:15.000000000 +0000 +++ 0.8+git20170804-0ubuntu3/main.c 2017-08-04 14:27:44.000000000 +0000 @@ -34,609 +34,625 @@ void open_zone_file(char *fname); static void concat_generate_template(char *buf, int bufsz, int val, struct generate_template_piece *t) { - char sval[40]; + char sval[40]; - while (t) { - if (t->constant_string) { - mystrlcat(buf, t->constant_string, bufsz); - } else { - snprintf(sval, 40, "%d", val); - mystrlcat(buf, sval, bufsz); - } - t = t->next; - } + while (t) { + if (t->constant_string) { + mystrlcat(buf, t->constant_string, bufsz); + } else { + snprintf(sval, 40, "%d", val); + mystrlcat(buf, sval, bufsz); + } + t = t->next; + } } static struct generate_template_piece * free_generate_template(struct generate_template_piece *t) { - struct generate_template_piece *n; - while (t) { - n = t->next; - free(t); - t = n; - } - return NULL; + struct generate_template_piece *n; + while (t) { + n = t->next; + free(t); + t = n; + } + return NULL; } static void create_generate_template_piece(struct generate_template_piece **generate_template, char *s) { - if (s && *s == 0) - return; + if (s && *s == 0) + return; - struct generate_template_piece *p = malloc(sizeof(struct generate_template_piece)); + struct generate_template_piece *p = malloc(sizeof(struct generate_template_piece)); - p->constant_string = s; - p->next = NULL; + p->constant_string = s; + p->next = NULL; - if (*generate_template) { - struct generate_template_piece *t = *generate_template; - while (t->next) - t = t->next; - t->next = p; - } else { - *generate_template = p; - } + if (*generate_template) { + struct generate_template_piece *t = *generate_template; + while (t->next) + t = t->next; + t->next = p; + } else { + *generate_template = p; + } } static struct generate_template_piece * prepare_generate_template(char *t) { - char *s = t; - struct generate_template_piece *r = NULL; + char *s = t; + struct generate_template_piece *r = NULL; - while (1) { - while (*t && *t != '$') t++; - if (!*t) { - create_generate_template_piece(&r, s); - break; - } else { - *t = 0; - create_generate_template_piece(&r, s); - create_generate_template_piece(&r, NULL); - t++; - s = t; - } - } + while (1) { + while (*t && *t != '$') t++; + if (!*t) { + create_generate_template_piece(&r, s); + break; + } else { + *t = 0; + create_generate_template_piece(&r, s); + create_generate_template_piece(&r, NULL); + t++; + s = t; + } + } - return r; + return r; } static char *process_directive(char *s) { - char *d = s+1; - if (*(s+1) == 'O' && strncmp(s, "$ORIGIN", 7) == 0) { - char *o; - s += 7; - if (!isspace(*s)) { - if (isalnum(*s)) goto unrecognized_directive; - return bitch("bad $ORIGIN format"); - } - s = skip_white_space(s); - o = extract_name(&s, "$ORIGIN value", 0); - if (!o) { - return NULL; - } - if (*s) { - return bitch("garbage after valid $ORIGIN directive"); - } - file_info->current_origin = o; - if (G.opt.verbose) { - fprintf(stderr, "-> %s:%d: ", file_info->name, file_info->line); - fprintf(stderr, "origin is now %s\n", o); - } - } else if (*(s+1) == 'T' && strncmp(s, "$TTL", 4) == 0) { - s += 4; - if (!isspace(*s)) { - if (isalnum(*s)) goto unrecognized_directive; - return bitch("bad $TTL format"); - } - s = skip_white_space(s); - G.default_ttl = extract_timevalue(&s, "$TTL value"); - if (G.default_ttl < 0) { - return NULL; - } - if (*s) { - return bitch("garbage after valid $TTL directive"); - } - if (G.opt.verbose) { - fprintf(stderr, "-> %s:%d: ", file_info->name, file_info->line); - fprintf(stderr, "default ttl is now %ld\n", G.default_ttl); - } - } else if (*(s+1) == 'G' && strncmp(s, "$GENERATE", 9) == 0) { - int from, to; - char *lhs, *rdtype; - - s += 9; - if (!isspace(*s)) { - if (isalnum(*s)) goto unrecognized_directive; - return bitch("bad $GENERATE format"); - } - s = skip_white_space(s); - - from = extract_integer(&s, "generate-from", "-"); - if (from < 0) - return NULL; - if (*s != '-') - return bitch("'-' between generate-from and generate-to is expected"); - s++; - to = extract_integer(&s, "generate-to", "-"); - if (to < 0) - return NULL; - - if (*s == '/') - return bitch("generate-step is unsupported for now"); - - lhs = extract_name(&s, "generate-lhs", KEEP_CAPITALIZATION | DOLLAR_OK_IN_NAMES); - if (!lhs) - return NULL; - - if (*s == '{') - return bitch("{offset,width,type} is unsupported for now"); - - rdtype = extract_label(&s, "type", NULL); - if (!rdtype) - return NULL; - - file_info->generate_cur = from; - file_info->generate_lim = to; - file_info->generate_type = rdtype; - file_info->generate_lhs = prepare_generate_template(lhs); - file_info->generate_rhs = prepare_generate_template(quickstrdup(s)); - - return s; - } else if (*(s+1) == 'I' && strncmp(s, "$INCLUDE", 8) == 0) { - char *p, *f; - char c; - s += 8; - if (!isspace(*s)) { - if (isalnum(*s)) goto unrecognized_directive; - return bitch("bad $INCLUDE format"); - } - s = skip_white_space(s); - p = s; - while (*s && !isspace(*s) && *s != ';') - s++; - c = *s; - *s = '\0'; - if (!*p) { - return bitch("$INCLUDE directive with empty file name"); - } - f = quickstrdup_temp(p); - *s = c; - s = skip_white_space(s); - - if (*s) { - return bitch("garbage after valid $INCLUDE directive"); - } - if (*f == '/') { - open_zone_file(f); - } else { - char buf[1024]; - - snprintf(buf, 1024, "%s/%s", G.opt.include_path, f); - open_zone_file(buf); - } - } else { + char *d = s+1; + if (*(s+1) == 'O' && strncmp(s, "$ORIGIN", 7) == 0) { + char *o; + s += 7; + if (!isspace(*s)) { + if (isalnum(*s)) goto unrecognized_directive; + return bitch("bad $ORIGIN format"); + } + s = skip_white_space(s); + o = extract_name(&s, "$ORIGIN value", 0); + if (!o) { + return NULL; + } + if (*s) { + return bitch("garbage after valid $ORIGIN directive"); + } + file_info->current_origin = o; + if (G.opt.verbose) { + fprintf(stderr, "-> %s:%d: ", file_info->name, file_info->line); + fprintf(stderr, "origin is now %s\n", o); + } + } else if (*(s+1) == 'T' && strncmp(s, "$TTL", 4) == 0) { + s += 4; + if (!isspace(*s)) { + if (isalnum(*s)) goto unrecognized_directive; + return bitch("bad $TTL format"); + } + s = skip_white_space(s); + G.default_ttl = extract_timevalue(&s, "$TTL value"); + if (G.default_ttl < 0) { + return NULL; + } + if (*s) { + return bitch("garbage after valid $TTL directive"); + } + if (G.opt.verbose) { + fprintf(stderr, "-> %s:%d: ", file_info->name, file_info->line); + fprintf(stderr, "default ttl is now %ld\n", G.default_ttl); + } + } else if (*(s+1) == 'G' && strncmp(s, "$GENERATE", 9) == 0) { + int from, to; + char *lhs, *rdtype; + + s += 9; + if (!isspace(*s)) { + if (isalnum(*s)) goto unrecognized_directive; + return bitch("bad $GENERATE format"); + } + s = skip_white_space(s); + + from = extract_integer(&s, "generate-from", "-"); + if (from < 0) + return NULL; + if (*s != '-') + return bitch("'-' between generate-from and generate-to is expected"); + s++; + to = extract_integer(&s, "generate-to", "-"); + if (to < 0) + return NULL; + + if (*s == '/') + return bitch("generate-step is unsupported for now"); + + lhs = extract_name(&s, "generate-lhs", KEEP_CAPITALIZATION | DOLLAR_OK_IN_NAMES); + if (!lhs) + return NULL; + + if (*s == '{') + return bitch("{offset,width,type} is unsupported for now"); + + rdtype = extract_label(&s, "type", NULL); + if (!rdtype) + return NULL; + + file_info->generate_cur = from; + file_info->generate_lim = to; + file_info->generate_type = rdtype; + file_info->generate_lhs = prepare_generate_template(lhs); + file_info->generate_rhs = prepare_generate_template(quickstrdup(s)); + + return s; + } else if (*(s+1) == 'I' && strncmp(s, "$INCLUDE", 8) == 0) { + char *p, *f; + char c; + s += 8; + if (!isspace(*s)) { + if (isalnum(*s)) goto unrecognized_directive; + return bitch("bad $INCLUDE format"); + } + s = skip_white_space(s); + p = s; + while (*s && !isspace(*s) && *s != ';') + s++; + c = *s; + *s = '\0'; + if (!*p) { + return bitch("$INCLUDE directive with empty file name"); + } + f = quickstrdup_temp(p); + *s = c; + s = skip_white_space(s); + + if (*s) { + return bitch("garbage after valid $INCLUDE directive"); + } + if (*f == '/') { + open_zone_file(f); + } else { + char buf[1024]; + + snprintf(buf, 1024, "%s/%s", G.opt.include_path, f); + open_zone_file(buf); + } + } else { unrecognized_directive: - s = d-1; - while (isalnum(*d)) d++; - *d = '\0'; - return bitch("unrecognized directive: %s", s); - } - return s; + s = d-1; + while (isalnum(*d)) d++; + *d = '\0'; + return bitch("unrecognized directive: %s", s); + } + return s; } char * read_zone_line(void) { - char *r; + char *r; - if (file_info->generate_lhs) { - if (file_info->generate_cur <= file_info->generate_lim) { - file_info->buf[0] = 0; - concat_generate_template(file_info->buf, LINEBUFSZ, file_info->generate_cur, file_info->generate_lhs); - mystrlcat(file_info->buf, " ", LINEBUFSZ); - mystrlcat(file_info->buf, file_info->generate_type, LINEBUFSZ); - mystrlcat(file_info->buf, " ", LINEBUFSZ); - concat_generate_template(file_info->buf, LINEBUFSZ, file_info->generate_cur, file_info->generate_rhs); - file_info->generate_cur++; - return file_info->buf; - } else { - /* Done with this $GENERATE */ - file_info->generate_cur = 0; - file_info->generate_lim = 0; - file_info->generate_type = NULL; - file_info->generate_lhs = NULL; - free_generate_template(file_info->generate_lhs); - free_generate_template(file_info->generate_rhs); - file_info->generate_rhs = NULL; - } - } - - r = fgets(file_info->buf, LINEBUFSZ, file_info->file); - if (r) - file_info->line++; - return r; + if (file_info->generate_lhs) { + if (file_info->generate_cur <= file_info->generate_lim) { + file_info->buf[0] = 0; + concat_generate_template(file_info->buf, LINEBUFSZ, file_info->generate_cur, file_info->generate_lhs); + mystrlcat(file_info->buf, " ", LINEBUFSZ); + mystrlcat(file_info->buf, file_info->generate_type, LINEBUFSZ); + mystrlcat(file_info->buf, " ", LINEBUFSZ); + concat_generate_template(file_info->buf, LINEBUFSZ, file_info->generate_cur, file_info->generate_rhs); + file_info->generate_cur++; + return file_info->buf; + } else { + /* Done with this $GENERATE */ + file_info->generate_cur = 0; + file_info->generate_lim = 0; + file_info->generate_type = NULL; + file_info->generate_lhs = NULL; + free_generate_template(file_info->generate_lhs); + free_generate_template(file_info->generate_rhs); + file_info->generate_rhs = NULL; + } + } + + r = fgets(file_info->buf, LINEBUFSZ, file_info->file); + if (r) + file_info->line++; + return r; } int read_zone_file(void) { - char *s; - char *name = NULL, *class, *rdtype; - long ttl = -1; - while (file_info) { - while (read_zone_line()) { - freeall_temp(); - file_info->paren_mode = 0; - rdtype = NULL; - if (empty_line_or_comment(file_info->buf)) - continue; - - s = file_info->buf; - if (!isspace(*s)) { - /* , $INCLUDE, $ORIGIN */ - if (*s == '$') { - process_directive(s); - continue; - } else { - /* */ - name = extract_name(&s, "record name", 0); - if (!name) - continue; - } - } else { - s = skip_white_space(s); - } - if (!s) - continue; - if (!name) { - bitch("cannot assume previous name for it is not known"); - continue; - } - if (G.default_ttl >= 0) - ttl = G.default_ttl; - if (isdigit(*s)) { - ttl = extract_timevalue(&s, "TTL"); - if (ttl < 0) - continue; - class = extract_label(&s, "class or type", "temporary"); - if (!class) - continue; - if (*class == 'i' && *(class+1) == 'n' && *(class+2) == 0) { - } else if (*class == 'c' && *(class+1) == 's' && *(class+2) == 0) { - bitch("CSNET class is not supported"); - continue; - } else if (*class == 'c' && *(class+1) == 'h' && *(class+2) == 0) { - bitch("CHAOS class is not supported"); - continue; - } else if (*class == 'h' && *(class+1) == 's' && *(class+2) == 0) { - bitch("HESIOD class is not supported"); - continue; - } else { - rdtype = class; - } - } else { - class = extract_label(&s, "class or type", "temporary"); - if (!class) - continue; - if (*class == 'i' && *(class+1) == 'n' && *(class+2) == 0) { - if (isdigit(*s)) { - ttl = extract_timevalue(&s, "TTL"); - if (ttl < 0) - continue; - } - } else if (*class == 'c' && *(class+1) == 's' && *(class+2) == 0) { - bitch("CSNET class is not supported"); - continue; - } else if (*class == 'c' && *(class+1) == 'h' && *(class+2) == 0) { - bitch("CHAOS class is not supported"); - continue; - } else if (*class == 'h' && *(class+1) == 's' && *(class+2) == 0) { - bitch("HESIOD class is not supported"); - continue; - } else { - rdtype = class; - } - } - if (!rdtype) { - rdtype = extract_label(&s, "type", "temporary"); - } - if (!rdtype) { - continue; - } - if (ttl < 0) { - ttl = G.default_ttl; - } - - { - int is_generic; - int type = str2rdtype(rdtype, &is_generic); - struct rr *rr; - - if (type <= 0) continue; - - if (ttl < 0 && !(G.opt.soa_minttl_as_default_ttl && type == T_SOA)) { - bitch("ttl not specified and default is not known"); - continue; - } - - if (is_generic) - rr = rr_parse_any(name, ttl, type, s); - else if (type > T_MAX) - rr = rr_parse_any(name, ttl, type, s); - else if (rr_methods[type].rr_parse) - rr = rr_methods[type].rr_parse(name, ttl, type, s); - else - rr = rr_parse_any(name, ttl, type, s); - - if (type == T_SOA && ttl < 0 && rr) { - struct rr_soa *soa = (struct rr_soa *) rr; - soa->rr.ttl = G.default_ttl = soa->minimum; - if (G.opt.verbose) { - fprintf(stderr, "-> %s:%d: ", file_info->name, file_info->line); - fprintf(stderr, "no ttl specified; using SOA MINTTL (%ld) instead\n", G.default_ttl); - } - } - } - } - if (ferror(file_info->file)) - croak(1, "read error for %s", file_info->name); - file_info = file_info->next; - } - return 0; + char *s; + char *name = NULL, *class, *rdtype; + long ttl = -1; + while (file_info) { + while (read_zone_line()) { + freeall_temp(); + file_info->paren_mode = 0; + rdtype = NULL; + if (empty_line_or_comment(file_info->buf)) + continue; + + s = file_info->buf; + if (!isspace(*s)) { + /* , $INCLUDE, $ORIGIN */ + if (*s == '$') { + process_directive(s); + continue; + } else { + /* */ + name = extract_name(&s, "record name", 0); + if (!name) + continue; + } + } else { + s = skip_white_space(s); + } + if (!s) + continue; + if (!name) { + bitch("cannot assume previous name for it is not known"); + continue; + } + if (G.default_ttl >= 0) + ttl = G.default_ttl; + if (isdigit(*s)) { + ttl = extract_timevalue(&s, "TTL"); + if (ttl < 0) + continue; + class = extract_label(&s, "class or type", "temporary"); + if (!class) + continue; + if (*class == 'i' && *(class+1) == 'n' && *(class+2) == 0) { + } else if (*class == 'c' && *(class+1) == 's' && *(class+2) == 0) { + bitch("CSNET class is not supported"); + continue; + } else if (*class == 'c' && *(class+1) == 'h' && *(class+2) == 0) { + bitch("CHAOS class is not supported"); + continue; + } else if (*class == 'h' && *(class+1) == 's' && *(class+2) == 0) { + bitch("HESIOD class is not supported"); + continue; + } else { + rdtype = class; + } + } else { + class = extract_label(&s, "class or type", "temporary"); + if (!class) + continue; + if (*class == 'i' && *(class+1) == 'n' && *(class+2) == 0) { + if (isdigit(*s)) { + ttl = extract_timevalue(&s, "TTL"); + if (ttl < 0) + continue; + } + } else if (*class == 'c' && *(class+1) == 's' && *(class+2) == 0) { + bitch("CSNET class is not supported"); + continue; + } else if (*class == 'c' && *(class+1) == 'h' && *(class+2) == 0) { + bitch("CHAOS class is not supported"); + continue; + } else if (*class == 'h' && *(class+1) == 's' && *(class+2) == 0) { + bitch("HESIOD class is not supported"); + continue; + } else { + rdtype = class; + } + } + if (!rdtype) { + rdtype = extract_label(&s, "type", "temporary"); + } + if (!rdtype) { + continue; + } + if (ttl < 0) { + ttl = G.default_ttl; + } + + { + int is_generic; + int type = str2rdtype(rdtype, &is_generic); + struct rr *rr; + + if (type <= 0) continue; + + if (ttl < 0 && !(G.opt.soa_minttl_as_default_ttl && type == T_SOA)) { + bitch("ttl not specified and default is not known"); + continue; + } + + if (is_generic) + rr = rr_parse_any(name, ttl, type, s); + else if (type > T_MAX) + rr = rr_parse_any(name, ttl, type, s); + else if (rr_methods[type].rr_parse) + rr = rr_methods[type].rr_parse(name, ttl, type, s); + else + rr = rr_parse_any(name, ttl, type, s); + + if (type == T_SOA && ttl < 0 && rr) { + struct rr_soa *soa = (struct rr_soa *) rr; + soa->rr.ttl = G.default_ttl = soa->minimum; + if (G.opt.verbose) { + fprintf(stderr, "-> %s:%d: ", file_info->name, file_info->line); + fprintf(stderr, "no ttl specified; using SOA MINTTL (%ld) instead\n", G.default_ttl); + } + } + } + } + if (ferror(file_info->file)) + croak(1, "read error for %s", file_info->name); + file_info = file_info->next; + } + return 0; } void open_zone_file(char *fname) { - FILE *f; - struct file_info *new_file_info; + FILE *f; + struct file_info *new_file_info; - if (strcmp(fname, "-") == 0) { - f = stdin; - fname = "stdin"; - } else { - f = fopen(fname, "r"); - if (!file_info && !G.opt.include_path_specified) { - G.opt.include_path = quickstrdup(dirname(quickstrdup_temp(fname))); - } - } - if (!f) - croak(1, "open %s", fname); - new_file_info = malloc(sizeof(*new_file_info) + strlen(fname) + 1); - if (!new_file_info) - croak(1, "malloc(file_info), %s", fname); - new_file_info->next = file_info; - new_file_info->file = f; - new_file_info->line = 0; - strcpy(new_file_info->name, fname); - if (file_info) { - new_file_info->current_origin = file_info->current_origin; - } else { - new_file_info->current_origin = G.opt.first_origin; - } - file_info = new_file_info; + if (strcmp(fname, "-") == 0) { + f = stdin; + fname = "stdin"; + } else { + f = fopen(fname, "r"); + if (!file_info && !G.opt.include_path_specified) { + G.opt.include_path = quickstrdup(dirname(quickstrdup_temp(fname))); + } + } + if (!f) + croak(1, "open %s", fname); + new_file_info = malloc(sizeof(*new_file_info) + strlen(fname) + 1); + if (!new_file_info) + croak(1, "malloc(file_info), %s", fname); + new_file_info->next = file_info; + new_file_info->file = f; + new_file_info->line = 0; + strcpy(new_file_info->name, fname); + if (file_info) { + new_file_info->current_origin = file_info->current_origin; + } else { + new_file_info->current_origin = G.opt.first_origin; + } + file_info = new_file_info; } void usage(char *err) { - if (err) - fprintf(stderr, "%s\n", err); - fprintf(stderr, "Usage:\n"); - fprintf(stderr, " %s -h\n", thisprogname()); - fprintf(stderr, " %s [options] zone-file\n", thisprogname()); - fprintf(stderr, "Usage parameters:\n"); - fprintf(stderr, "\t-h\t\tproduce usage text and quit\n"); - fprintf(stderr, "\t-f\t\tquit on first validation error\n"); - - fprintf(stderr, "\t-p name\tperform policy check \n"); - fprintf(stderr, "\t\t\tsingle-ns\n"); - fprintf(stderr, "\t\t\tcname-other-data\n"); - fprintf(stderr, "\t\t\tdname\n"); - fprintf(stderr, "\t\t\tnsec3param-not-apex\n"); - fprintf(stderr, "\t\t\tmx-alias\n"); - fprintf(stderr, "\t\t\tns-alias\n"); - fprintf(stderr, "\t\t\trp-txt-exists\n"); - fprintf(stderr, "\t\t\ttlsa-host\n"); - fprintf(stderr, "\t\t\tksk-exists\n"); - fprintf(stderr, "\t\t\tall\n"); - - fprintf(stderr, "\t-n N\t\tuse N worker threads\n"); - fprintf(stderr, "\t-q\t\tquiet - do not produce any output\n"); - fprintf(stderr, "\t-s\t\tprint validation summary/stats\n"); - fprintf(stderr, "\t-v\t\tbe extra verbose\n"); - fprintf(stderr, "\t-I path\tuse this path for $INCLUDE files\n"); - fprintf(stderr, "\t-z origin\tuse this origin as initial $ORIGIN\n"); - fprintf(stderr, "\t-t epoch-time\tuse this time instead of \"now\"\n"); - exit(1); + if (err) + fprintf(stderr, "%s\n", err); + fprintf(stderr, "Usage:\n"); + fprintf(stderr, " %s -h\n", thisprogname()); + fprintf(stderr, " %s [options] zone-file\n", thisprogname()); + fprintf(stderr, "Usage parameters:\n"); + fprintf(stderr, "\t-h\t\tproduce usage text and quit\n"); + fprintf(stderr, "\t-f\t\tquit on first validation error\n"); + + fprintf(stderr, "\t-p name\tperform policy check \n"); + fprintf(stderr, "\t\t\tsingle-ns\n"); + fprintf(stderr, "\t\t\tcname-other-data\n"); + fprintf(stderr, "\t\t\tdname\n"); + fprintf(stderr, "\t\t\tnsec3param-not-apex\n"); + fprintf(stderr, "\t\t\tmx-alias\n"); + fprintf(stderr, "\t\t\tns-alias\n"); + fprintf(stderr, "\t\t\trp-txt-exists\n"); + fprintf(stderr, "\t\t\ttlsa-host\n"); + fprintf(stderr, "\t\t\tksk-exists\n"); + fprintf(stderr, "\t\t\tsmimea-host\n"); + fprintf(stderr, "\t\t\tall\n"); + + fprintf(stderr, "\t-n N\t\tuse N worker threads\n"); + fprintf(stderr, "\t-q\t\tquiet - do not produce any output\n"); + fprintf(stderr, "\t-s\t\tprint validation summary/stats\n"); + fprintf(stderr, "\t-v\t\tbe extra verbose\n"); + fprintf(stderr, "\t-I path\tuse this path for $INCLUDE files\n"); + fprintf(stderr, "\t-z origin\tuse this origin as initial $ORIGIN\n"); + fprintf(stderr, "\t-t epoch-time\tuse this time instead of \"now\"\n"); + exit(1); } struct rr_methods rr_methods[T_MAX+1]; static void initialize_globals(void) { - int i; + int i; - setenv("TZ", "GMT0", 1); tzset(); - memset(&G, 0, sizeof(G)); - memset(&G.opt, 0, sizeof(G.opt)); - memset(&G.stats, 0, sizeof(G.stats)); - G.default_ttl = -1; /* XXX orly? */ - G.opt.times_to_check[0] = time(NULL); - G.opt.n_times_to_check = 0; - G.opt.include_path = "."; - - for (i = 0; i <= T_MAX; i++) { - rr_methods[i] = unknown_methods; - } - rr_methods[T_AAAA] = aaaa_methods; - rr_methods[T_A] = a_methods; - rr_methods[T_AFSDB] = afsdb_methods; - rr_methods[T_CERT] = cert_methods; - rr_methods[T_CNAME] = cname_methods; - rr_methods[T_DHCID] = dhcid_methods; - rr_methods[T_DLV] = dlv_methods; - rr_methods[T_DNAME] = dname_methods; - rr_methods[T_DNSKEY] = dnskey_methods; - rr_methods[T_DS] = ds_methods; - rr_methods[T_HINFO] = hinfo_methods; - rr_methods[T_IPSECKEY] = ipseckey_methods; - rr_methods[T_ISDN] = isdn_methods; - rr_methods[T_KX] = kx_methods; - rr_methods[T_L32] = l32_methods; - rr_methods[T_L64] = l64_methods; - rr_methods[T_LOC] = loc_methods; - rr_methods[T_LP] = lp_methods; - rr_methods[T_MB] = mb_methods; - rr_methods[T_MG] = mg_methods; - rr_methods[T_MINFO] = minfo_methods; - rr_methods[T_MR] = mr_methods; - rr_methods[T_MX] = mx_methods; - rr_methods[T_NAPTR] = naptr_methods; - rr_methods[T_NID] = nid_methods; - rr_methods[T_NSAP] = nsap_methods; - rr_methods[T_NSEC3PARAM] = nsec3param_methods; - rr_methods[T_NSEC3] = nsec3_methods; - rr_methods[T_NSEC] = nsec_methods; - rr_methods[T_NS] = ns_methods; - rr_methods[T_PTR] = ptr_methods; - rr_methods[T_PX] = px_methods; - rr_methods[T_RP] = rp_methods; - rr_methods[T_RT] = rt_methods; - rr_methods[T_RRSIG] = rrsig_methods; - rr_methods[T_SOA] = soa_methods; - rr_methods[T_SPF] = spf_methods; - rr_methods[T_SRV] = srv_methods; - rr_methods[T_SSHFP] = sshfp_methods; - rr_methods[T_TLSA] = tlsa_methods; - rr_methods[T_TXT] = txt_methods; - rr_methods[T_X25] = x25_methods; + setenv("TZ", "GMT0", 1); tzset(); + memset(&G, 0, sizeof(G)); + memset(&G.opt, 0, sizeof(G.opt)); + memset(&G.stats, 0, sizeof(G.stats)); + memset(rr_counts, 0, sizeof(rr_counts[0])*(T_MAX+1)); + G.default_ttl = -1; /* XXX orly? */ + G.opt.times_to_check[0] = time(NULL); + G.opt.n_times_to_check = 0; + G.opt.include_path = "."; + + for (i = 0; i <= T_MAX; i++) { + rr_methods[i] = unknown_methods; + } + rr_methods[T_AAAA] = aaaa_methods; + rr_methods[T_A] = a_methods; + rr_methods[T_AFSDB] = afsdb_methods; + rr_methods[T_CAA] = caa_methods; + rr_methods[T_CDNSKEY] = cdnskey_methods; + rr_methods[T_CDS] = cds_methods; + rr_methods[T_CERT] = cert_methods; + rr_methods[T_CNAME] = cname_methods; + rr_methods[T_DHCID] = dhcid_methods; + rr_methods[T_DLV] = dlv_methods; + rr_methods[T_DNAME] = dname_methods; + rr_methods[T_DNSKEY] = dnskey_methods; + rr_methods[T_DS] = ds_methods; + rr_methods[T_HINFO] = hinfo_methods; + rr_methods[T_IPSECKEY] = ipseckey_methods; + rr_methods[T_ISDN] = isdn_methods; + rr_methods[T_KX] = kx_methods; + rr_methods[T_L32] = l32_methods; + rr_methods[T_L64] = l64_methods; + rr_methods[T_LOC] = loc_methods; + rr_methods[T_LP] = lp_methods; + rr_methods[T_MB] = mb_methods; + rr_methods[T_MG] = mg_methods; + rr_methods[T_MINFO] = minfo_methods; + rr_methods[T_MR] = mr_methods; + rr_methods[T_MX] = mx_methods; + rr_methods[T_NAPTR] = naptr_methods; + rr_methods[T_NID] = nid_methods; + rr_methods[T_NSAP] = nsap_methods; + rr_methods[T_NSEC3PARAM] = nsec3param_methods; + rr_methods[T_NSEC3] = nsec3_methods; + rr_methods[T_NSEC] = nsec_methods; + rr_methods[T_NS] = ns_methods; + rr_methods[T_PTR] = ptr_methods; + rr_methods[T_PX] = px_methods; + rr_methods[T_RP] = rp_methods; + rr_methods[T_RT] = rt_methods; + rr_methods[T_RRSIG] = rrsig_methods; + rr_methods[T_SMIMEA] = smimea_methods; + rr_methods[T_SOA] = soa_methods; + rr_methods[T_SPF] = spf_methods; + rr_methods[T_SRV] = srv_methods; + rr_methods[T_SSHFP] = sshfp_methods; + rr_methods[T_TLSA] = tlsa_methods; + rr_methods[T_TXT] = txt_methods; + rr_methods[T_X25] = x25_methods; } int main(int argc, char **argv) { - int o; - struct timeval start, stop; + int o; + struct timeval start, stop; - initialize_globals(); - while ((o = getopt(argc, argv, "fhMqsvI:z:t:p:n:")) != -1) { - switch(o) { - case 'h': - usage(NULL); - break; - case 'f': - G.opt.die_on_first_error = 1; - break; - case 'M': - G.opt.soa_minttl_as_default_ttl = 1; - break; - case 'q': - G.opt.no_output = 1; - break; - case 's': - G.opt.summary = 1; - break; - case 'v': - G.opt.verbose = 1; - break; - case 'p': - if (strcmp(optarg, "all") == 0) { - int i; - for (i = 0; i < N_POLICY_CHECKS; i++) { - G.opt.policy_checks[i] = 1; - } - } else if (strcmp(optarg, "single-ns") == 0) { - G.opt.policy_checks[POLICY_SINGLE_NS] = 1; - } else if (strcmp(optarg, "cname-other-data") == 0) { - G.opt.policy_checks[POLICY_CNAME_OTHER_DATA] = 1; - } else if (strcmp(optarg, "dname") == 0) { - G.opt.policy_checks[POLICY_DNAME] = 1; - } else if (strcmp(optarg, "dnskey") == 0) { - G.opt.policy_checks[POLICY_DNSKEY] = 1; - } else if (strcmp(optarg, "nsec3param-not-apex") == 0) { - G.opt.policy_checks[POLICY_NSEC3PARAM_NOT_APEX] = 1; - } else if (strcmp(optarg, "mx-alias") == 0) { - G.opt.policy_checks[POLICY_MX_ALIAS] = 1; - } else if (strcmp(optarg, "ns-alias") == 0) { - G.opt.policy_checks[POLICY_NS_ALIAS] = 1; - } else if (strcmp(optarg, "rp-txt-exists") == 0) { - G.opt.policy_checks[POLICY_RP_TXT_EXISTS] = 1; - } else if (strcmp(optarg, "tlsa-host") == 0) { - G.opt.policy_checks[POLICY_TLSA_HOST] = 1; - } else if (strcmp(optarg, "ksk-exists") == 0) { - G.opt.policy_checks[POLICY_KSK_EXISTS] = 1; - } else { - usage("unknown policy name"); - } - break; - case 'I': - G.opt.include_path = optarg; - G.opt.include_path_specified = 1; - break; - case 'z': - if (strlen(optarg) && *(optarg+strlen(optarg)-1) == '.') { - G.opt.first_origin = optarg; - } else if (strlen(optarg)) { - G.opt.first_origin = getmem(strlen(optarg)+2); - strcpy(mystpcpy(G.opt.first_origin, optarg), "."); - } else { - usage("origin must not be empty"); - } - break; - case 'n': - G.opt.n_threads = strtol(optarg, NULL, 10); - if (G.opt.n_threads > 256) - usage("non-sensical number of threads requested"); - if (G.opt.verbose) - fprintf(stderr, "using %d worker threads\n", G.opt.n_threads); - break; - case 't': - if (G.opt.n_times_to_check >= MAX_TIMES_TO_CHECK) - usage("too many -t specified"); - G.opt.times_to_check[G.opt.n_times_to_check++] = strtol(optarg, NULL, 10); - break; - default: - usage(NULL); - } - } - if (G.opt.n_times_to_check <= 0) - G.opt.n_times_to_check = 1; - argc -= optind; - argv += optind; - if (argc != 1) - usage(NULL); - gettimeofday(&start, NULL); - open_zone_file(argv[0]); - read_zone_file(); - validate_zone(); - verify_all_keys(); - if (G.nsec3_present) { - if (first_nsec3) nsec3_validate(&first_nsec3->rr); - perform_remaining_nsec3checks(); - } - if (G.dnssec_active && G.opt.policy_checks[POLICY_KSK_EXISTS]) { - dnskey_ksk_policy_check(); - } - gettimeofday(&stop, NULL); - if (G.opt.summary) { - printf("records found: %d\n", G.stats.rr_count); - printf("skipped dups: %d\n", G.stats.skipped_dup_rr_count); - printf("record sets found: %d\n", G.stats.rrset_count); - printf("unique names found: %d\n", G.stats.names_count); - printf("delegations found: %d\n", G.stats.delegations); - printf(" nsec3 records: %d\n", G.stats.nsec3_count); - /* "not authoritative names" - non-empty terminals without any authoritative records */ - /* delegation points count as authoritative, which might or might not be correct */ - printf("not authoritative names, not counting delegation points:\n" - " %d\n", G.stats.not_authoritative); - printf("validation errors: %d\n", G.stats.error_count); - printf("signatures verified: %d\n", G.stats.signatures_verified); - printf("time taken: %.3fs\n", - stop.tv_sec - start.tv_sec + (stop.tv_usec - start.tv_usec)/1000000.); - } - return G.exit_code; + initialize_globals(); + while ((o = getopt(argc, argv, "fhMqsvI:z:t:p:n:")) != -1) { + switch(o) { + case 'h': + usage(NULL); + break; + case 'f': + G.opt.die_on_first_error = 1; + break; + case 'M': + G.opt.soa_minttl_as_default_ttl = 1; + break; + case 'q': + G.opt.no_output = 1; + break; + case 's': + G.opt.summary++; + break; + case 'v': + G.opt.verbose = 1; + break; + case 'p': + if (strcmp(optarg, "all") == 0) { + int i; + for (i = 0; i < N_POLICY_CHECKS; i++) { + G.opt.policy_checks[i] = 1; + } + } else if (strcmp(optarg, "single-ns") == 0) { + G.opt.policy_checks[POLICY_SINGLE_NS] = 1; + } else if (strcmp(optarg, "cname-other-data") == 0) { + G.opt.policy_checks[POLICY_CNAME_OTHER_DATA] = 1; + } else if (strcmp(optarg, "dname") == 0) { + G.opt.policy_checks[POLICY_DNAME] = 1; + } else if (strcmp(optarg, "dnskey") == 0) { + G.opt.policy_checks[POLICY_DNSKEY] = 1; + } else if (strcmp(optarg, "nsec3param-not-apex") == 0) { + G.opt.policy_checks[POLICY_NSEC3PARAM_NOT_APEX] = 1; + } else if (strcmp(optarg, "mx-alias") == 0) { + G.opt.policy_checks[POLICY_MX_ALIAS] = 1; + } else if (strcmp(optarg, "ns-alias") == 0) { + G.opt.policy_checks[POLICY_NS_ALIAS] = 1; + } else if (strcmp(optarg, "rp-txt-exists") == 0) { + G.opt.policy_checks[POLICY_RP_TXT_EXISTS] = 1; + } else if (strcmp(optarg, "tlsa-host") == 0) { + G.opt.policy_checks[POLICY_TLSA_HOST] = 1; + } else if (strcmp(optarg, "smimea-host") == 0) { + G.opt.policy_checks[POLICY_SMIMEA_HOST] = 1; + } else if (strcmp(optarg, "ksk-exists") == 0) { + G.opt.policy_checks[POLICY_KSK_EXISTS] = 1; + } else { + usage("unknown policy name"); + } + break; + case 'I': + G.opt.include_path = optarg; + G.opt.include_path_specified = 1; + break; + case 'z': + if (strlen(optarg) && *(optarg+strlen(optarg)-1) == '.') { + G.opt.first_origin = optarg; + } else if (strlen(optarg)) { + G.opt.first_origin = getmem(strlen(optarg)+2); + strcpy(mystpcpy(G.opt.first_origin, optarg), "."); + } else { + usage("origin must not be empty"); + } + break; + case 'n': + G.opt.n_threads = strtol(optarg, NULL, 10); + if (G.opt.n_threads > 256) + usage("non-sensical number of threads requested"); + if (G.opt.verbose) + fprintf(stderr, "using %d worker threads\n", G.opt.n_threads); + break; + case 't': + if (G.opt.n_times_to_check >= MAX_TIMES_TO_CHECK) + usage("too many -t specified"); + G.opt.times_to_check[G.opt.n_times_to_check++] = strtol(optarg, NULL, 10); + break; + default: + usage(NULL); + } + } + if (G.opt.n_times_to_check <= 0) + G.opt.n_times_to_check = 1; + argc -= optind; + argv += optind; + if (argc != 1) + usage(NULL); + gettimeofday(&start, NULL); + open_zone_file(argv[0]); + read_zone_file(); + validate_zone(); + verify_all_keys(); + if (G.nsec3_present) { + if (first_nsec3) nsec3_validate(&first_nsec3->rr); + perform_remaining_nsec3checks(); + } + if (G.dnssec_active && G.opt.policy_checks[POLICY_KSK_EXISTS]) { + dnskey_ksk_policy_check(); + } + gettimeofday(&stop, NULL); + if (G.opt.summary) { + printf("records found: %d\n", G.stats.rr_count); + printf("skipped dups: %d\n", G.stats.skipped_dup_rr_count); + printf("record sets found: %d\n", G.stats.rrset_count); + printf("unique names found: %d\n", G.stats.names_count); + printf("delegations found: %d\n", G.stats.delegations); + printf(" nsec3 records: %d\n", G.stats.nsec3_count); + /* "not authoritative names" - non-empty terminals without any authoritative records */ + /* delegation points count as authoritative, which might or might not be correct */ + printf("not authoritative names, not counting delegation points:\n" + " %d\n", G.stats.not_authoritative); + printf("validation errors: %d\n", G.stats.error_count); + printf("signatures verified: %d\n", G.stats.signatures_verified); + printf("time taken: %.3fs\n", + stop.tv_sec - start.tv_sec + (stop.tv_usec - start.tv_usec)/1000000.); + if (G.opt.summary > 1) { + int i; + printf("record count by type:\n"); + for (i = 1; i <= T_MAX; i++) { + if (rr_counts[i]) + printf("%20s: %d\n", rdtype2str(i), rr_counts[i]); + } + } + } + return G.exit_code; } diff -pruN 0.8+git20160720-3.2/Makefile 0.8+git20170804-0ubuntu3/Makefile --- 0.8+git20160720-3.2/Makefile 2016-02-04 14:14:15.000000000 +0000 +++ 0.8+git20170804-0ubuntu3/Makefile 2017-08-04 14:27:44.000000000 +0000 @@ -27,7 +27,7 @@ validns: main.o carp.o mempool.o textpar dname.o tlsa.o nid.o l32.o l64.o lp.o \ ipseckey.o cbtree.o mb.o mg.o mr.o minfo.o \ afsdb.o x25.o isdn.o rt.o px.o kx.o \ - dlv.o dhcid.o nsap.o + dlv.o dhcid.o nsap.o caa.o $(CC) $(CFLAGS) $(OPTIMIZE) -o validns \ main.o carp.o mempool.o textparse.o base64.o base32hex.o \ rr.o soa.o a.o cname.o mx.o ns.o \ @@ -38,7 +38,7 @@ validns: main.o carp.o mempool.o textpar dname.o tlsa.o nid.o l32.o l64.o lp.o \ ipseckey.o cbtree.o mb.o mg.o mr.o minfo.o \ afsdb.o x25.o isdn.o rt.o px.o kx.o \ - dlv.o dhcid.o nsap.o \ + dlv.o dhcid.o nsap.o caa.o \ -L/usr/local/lib -L/opt/local/lib $(EXTRALPATH) \ -lJudy -lcrypto $(EXTRALIBS) $(EXTRALINKING) @@ -53,7 +53,7 @@ clean: -rm -f nid.o l32.o l64.o lp.o ipseckey.o -rm -f cbtree.o mb.o mg.o mr.o minfo.o -rm -f afsdb.o x25.o isdn.o rt.o px.o kx.o - -rm -f dlv.o dhcid.o nsap.o + -rm -f dlv.o dhcid.o nsap.o caa.o -rm -f validns.core core @echo ':-)' @@ -177,6 +177,9 @@ ptr.o: ptr.c common.h textparse.h mempoo sshfp.o: sshfp.c common.h textparse.h mempool.h carp.h rr.h $(CC) $(CFLAGS) $(OPTIMIZE) -c -o sshfp.o sshfp.c $(INCPATH) +caa.o: caa.c common.h textparse.h mempool.h carp.h rr.h + $(CC) $(CFLAGS) $(OPTIMIZE) -c -o caa.o caa.c $(INCPATH) + rp.o: rp.c common.h textparse.h mempool.h carp.h rr.h $(CC) $(CFLAGS) $(OPTIMIZE) -c -o rp.o rp.c $(INCPATH) diff -pruN 0.8+git20160720-3.2/mb.c 0.8+git20170804-0ubuntu3/mb.c --- 0.8+git20160720-3.2/mb.c 2016-02-04 14:14:15.000000000 +0000 +++ 0.8+git20170804-0ubuntu3/mb.c 2017-08-04 14:27:44.000000000 +0000 @@ -19,28 +19,28 @@ static struct rr *mb_parse(char *name, long ttl, int type, char *s) { - struct rr_mb *rr = getmem(sizeof(*rr)); + struct rr_mb *rr = getmem(sizeof(*rr)); - rr->madname = extract_name(&s, "madname", 0); - if (!rr->madname) - return NULL; - if (*s) { - return bitch("garbage after valid MB data"); - } + rr->madname = extract_name(&s, "madname", 0); + if (!rr->madname) + return NULL; + if (*s) { + return bitch("garbage after valid MB data"); + } - return store_record(type, name, ttl, rr); + return store_record(type, name, ttl, rr); } static char* mb_human(struct rr *rrv) { - RRCAST(mb); + RRCAST(mb); return rr->madname; } static struct binary_data mb_wirerdata(struct rr *rrv) { - RRCAST(mb); - return name2wire_name(rr->madname); + RRCAST(mb); + return name2wire_name(rr->madname); } struct rr_methods mb_methods = { mb_parse, mb_human, mb_wirerdata, NULL, NULL }; diff -pruN 0.8+git20160720-3.2/mempool.c 0.8+git20170804-0ubuntu3/mempool.c --- 0.8+git20160720-3.2/mempool.c 2016-02-04 14:14:15.000000000 +0000 +++ 0.8+git20170804-0ubuntu3/mempool.c 2017-08-04 14:27:44.000000000 +0000 @@ -14,10 +14,10 @@ struct pool { - struct pool *next; - size_t pool_size; - size_t free_index; - char mem[0]; + struct pool *next; + size_t pool_size; + size_t free_index; + char mem[0]; }; static struct pool *freespace = NULL; @@ -25,78 +25,78 @@ static struct pool *temp_freespace = NUL static void new_pool(size_t size) { - struct pool *pool; + struct pool *pool; - size = (size + sizeof(void *) - 1) / sizeof(void *); - size *= sizeof(void *); - pool = malloc(size + sizeof(struct pool)); - if (!pool) - croak(1, "new_pool malloc"); - pool->next = freespace; - pool->free_index = 0; - pool->pool_size = size; - freespace = pool; + size = (size + sizeof(void *) - 1) / sizeof(void *); + size *= sizeof(void *); + pool = malloc(size + sizeof(struct pool)); + if (!pool) + croak(1, "new_pool malloc"); + pool->next = freespace; + pool->free_index = 0; + pool->pool_size = size; + freespace = pool; } void mem_requirements_hint(size_t size) { - if (freespace) return; - new_pool(size); + if (freespace) return; + new_pool(size); } void *getmem(size_t size) { - void *ret; - size = (size + sizeof(void *) - 1) / sizeof(void *); - size *= sizeof(void *); - if (!freespace) new_pool(size > 256000 ? size : 256000); - if (freespace->pool_size - freespace->free_index < size) - new_pool(size > 256000 ? size : 256000); - ret = freespace->mem + freespace->free_index; - freespace->free_index += size; - return ret; + void *ret; + size = (size + sizeof(void *) - 1) / sizeof(void *); + size *= sizeof(void *); + if (!freespace) new_pool(size > 256000 ? size : 256000); + if (freespace->pool_size - freespace->free_index < size) + new_pool(size > 256000 ? size : 256000); + ret = freespace->mem + freespace->free_index; + freespace->free_index += size; + return ret; } void *getmem_temp(size_t size) { - void *ret; - size = (size + sizeof(void *) - 1) / sizeof(void *); - size *= sizeof(void *); - if (!temp_freespace) { - size_t pool_size = size > 1024*1024 ? size : 1024*1024; - pool_size = (pool_size + sizeof(void *) - 1) / sizeof(void *); - pool_size *= sizeof(void *); - temp_freespace = malloc(pool_size + sizeof(struct pool)); - if (!temp_freespace) - croak(1, "getmem_temp malloc"); - temp_freespace->next = NULL; - temp_freespace->free_index = 0; - temp_freespace->pool_size = pool_size; - } - if (temp_freespace->pool_size - temp_freespace->free_index < size) - croak(1, "getmem_temp request too large"); - ret = temp_freespace->mem + temp_freespace->free_index; - temp_freespace->free_index += size; - return ret; + void *ret; + size = (size + sizeof(void *) - 1) / sizeof(void *); + size *= sizeof(void *); + if (!temp_freespace) { + size_t pool_size = size > 1024*1024 ? size : 1024*1024; + pool_size = (pool_size + sizeof(void *) - 1) / sizeof(void *); + pool_size *= sizeof(void *); + temp_freespace = malloc(pool_size + sizeof(struct pool)); + if (!temp_freespace) + croak(1, "getmem_temp malloc"); + temp_freespace->next = NULL; + temp_freespace->free_index = 0; + temp_freespace->pool_size = pool_size; + } + if (temp_freespace->pool_size - temp_freespace->free_index < size) + croak(1, "getmem_temp request too large"); + ret = temp_freespace->mem + temp_freespace->free_index; + temp_freespace->free_index += size; + return ret; } int freeall_temp(void) { - if (temp_freespace) { - temp_freespace->free_index = 0; - } - return 1; + if (temp_freespace) { + temp_freespace->free_index = 0; + } + return 1; } char *quickstrdup(char *s) { - char *r = getmem(strlen(s)+1); - return strcpy(r, s); + char *r = getmem(strlen(s)+1); + return strcpy(r, s); } char *quickstrdup_temp(char *s) { - char *r = getmem_temp(strlen(s)+1); - return strcpy(r, s); + char *r = getmem_temp(strlen(s)+1); + return strcpy(r, s); } diff -pruN 0.8+git20160720-3.2/mg.c 0.8+git20170804-0ubuntu3/mg.c --- 0.8+git20160720-3.2/mg.c 2016-02-04 14:14:15.000000000 +0000 +++ 0.8+git20170804-0ubuntu3/mg.c 2017-08-04 14:27:44.000000000 +0000 @@ -19,28 +19,28 @@ static struct rr *mg_parse(char *name, long ttl, int type, char *s) { - struct rr_mg *rr = getmem(sizeof(*rr)); + struct rr_mg *rr = getmem(sizeof(*rr)); - rr->mgmname = extract_name(&s, "mgmname", 0); - if (!rr->mgmname) - return NULL; - if (*s) { - return bitch("garbage after valid MG data"); - } + rr->mgmname = extract_name(&s, "mgmname", 0); + if (!rr->mgmname) + return NULL; + if (*s) { + return bitch("garbage after valid MG data"); + } - return store_record(type, name, ttl, rr); + return store_record(type, name, ttl, rr); } static char* mg_human(struct rr *rrv) { - RRCAST(mg); + RRCAST(mg); return rr->mgmname; } static struct binary_data mg_wirerdata(struct rr *rrv) { - RRCAST(mg); - return name2wire_name(rr->mgmname); + RRCAST(mg); + return name2wire_name(rr->mgmname); } struct rr_methods mg_methods = { mg_parse, mg_human, mg_wirerdata, NULL, NULL }; diff -pruN 0.8+git20160720-3.2/minfo.c 0.8+git20170804-0ubuntu3/minfo.c --- 0.8+git20160720-3.2/minfo.c 2016-02-04 14:14:15.000000000 +0000 +++ 0.8+git20170804-0ubuntu3/minfo.c 2017-08-04 14:27:44.000000000 +0000 @@ -19,38 +19,38 @@ static struct rr *minfo_parse(char *name, long ttl, int type, char *s) { - struct rr_minfo *rr = getmem(sizeof(*rr)); + struct rr_minfo *rr = getmem(sizeof(*rr)); - rr->rmailbx = extract_name(&s, "rmailbx", 0); - if (!rr->rmailbx) - return NULL; + rr->rmailbx = extract_name(&s, "rmailbx", 0); + if (!rr->rmailbx) + return NULL; - rr->emailbx = extract_name(&s, "emailbx", 0); - if (!rr->emailbx) - return NULL; + rr->emailbx = extract_name(&s, "emailbx", 0); + if (!rr->emailbx) + return NULL; - if (*s) { - return bitch("garbage after valid MINFO data"); - } + if (*s) { + return bitch("garbage after valid MINFO data"); + } - return store_record(type, name, ttl, rr); + return store_record(type, name, ttl, rr); } static char* minfo_human(struct rr *rrv) { - RRCAST(minfo); - char s[1024]; + RRCAST(minfo); + char s[1024]; - snprintf(s, 1024, "%s %s", rr->rmailbx, rr->emailbx); - return quickstrdup_temp(s); + snprintf(s, 1024, "%s %s", rr->rmailbx, rr->emailbx); + return quickstrdup_temp(s); } static struct binary_data minfo_wirerdata(struct rr *rrv) { - RRCAST(minfo); - return compose_binary_data("dd", 1, - name2wire_name(rr->rmailbx), - name2wire_name(rr->emailbx)); + RRCAST(minfo); + return compose_binary_data("dd", 1, + name2wire_name(rr->rmailbx), + name2wire_name(rr->emailbx)); } struct rr_methods minfo_methods = { minfo_parse, minfo_human, minfo_wirerdata, NULL, NULL }; diff -pruN 0.8+git20160720-3.2/mr.c 0.8+git20170804-0ubuntu3/mr.c --- 0.8+git20160720-3.2/mr.c 2016-02-04 14:14:15.000000000 +0000 +++ 0.8+git20170804-0ubuntu3/mr.c 2017-08-04 14:27:44.000000000 +0000 @@ -19,28 +19,28 @@ static struct rr *mr_parse(char *name, long ttl, int type, char *s) { - struct rr_mr *rr = getmem(sizeof(*rr)); + struct rr_mr *rr = getmem(sizeof(*rr)); - rr->newname = extract_name(&s, "newname", 0); - if (!rr->newname) - return NULL; - if (*s) { - return bitch("garbage after valid MR data"); - } + rr->newname = extract_name(&s, "newname", 0); + if (!rr->newname) + return NULL; + if (*s) { + return bitch("garbage after valid MR data"); + } - return store_record(type, name, ttl, rr); + return store_record(type, name, ttl, rr); } static char* mr_human(struct rr *rrv) { - RRCAST(mr); + RRCAST(mr); return rr->newname; } static struct binary_data mr_wirerdata(struct rr *rrv) { - RRCAST(mr); - return name2wire_name(rr->newname); + RRCAST(mr); + return name2wire_name(rr->newname); } struct rr_methods mr_methods = { mr_parse, mr_human, mr_wirerdata, NULL, NULL }; diff -pruN 0.8+git20160720-3.2/mx.c 0.8+git20170804-0ubuntu3/mx.c --- 0.8+git20160720-3.2/mx.c 2016-02-04 14:14:15.000000000 +0000 +++ 0.8+git20170804-0ubuntu3/mx.c 2017-08-04 14:27:44.000000000 +0000 @@ -19,59 +19,59 @@ static struct rr *mx_parse(char *name, long ttl, int type, char *s) { - struct rr_mx *rr = getmem(sizeof(*rr)); + struct rr_mx *rr = getmem(sizeof(*rr)); - rr->preference = extract_integer(&s, "MX preference", NULL); - if (rr->preference < 0) - return NULL; - /* XXX preference range check */ - rr->exchange = extract_name(&s, "MX exchange", 0); - if (!rr->exchange) - return NULL; - if (*s) { - return bitch("garbage after valid MX data"); - } + rr->preference = extract_integer(&s, "MX preference", NULL); + if (rr->preference < 0) + return NULL; + /* XXX preference range check */ + rr->exchange = extract_name(&s, "MX exchange", 0); + if (!rr->exchange) + return NULL; + if (*s) { + return bitch("garbage after valid MX data"); + } - return store_record(type, name, ttl, rr); + return store_record(type, name, ttl, rr); } static char* mx_human(struct rr *rrv) { - RRCAST(mx); + RRCAST(mx); char s[1024]; snprintf(s, 1024, "%d %s", - rr->preference, rr->exchange); + rr->preference, rr->exchange); return quickstrdup_temp(s); } static struct binary_data mx_wirerdata(struct rr *rrv) { - RRCAST(mx); + RRCAST(mx); return compose_binary_data("2d", 1, - rr->preference, name2wire_name(rr->exchange)); + rr->preference, name2wire_name(rr->exchange)); } static void* mx_validate_set(struct rr_set *rr_set) { - if (rr_set->named_rr->flags & NAME_FLAG_CONTAINS_SLASH) { - struct rr *rr = rr_set->tail; - return moan(rr->file_name, rr->line, "host name contains '/'"); - } - return NULL; + if (rr_set->named_rr->flags & NAME_FLAG_CONTAINS_SLASH) { + struct rr *rr = rr_set->tail; + return moan(rr->file_name, rr->line, "host name contains '/'"); + } + return NULL; } static void *mx_validate(struct rr *rrv) { - RRCAST(mx); + RRCAST(mx); - if (G.opt.policy_checks[POLICY_MX_ALIAS]) { - if (find_rr_set(T_CNAME, rr->exchange)) { - return moan(rr->rr.file_name, rr->rr.line, "MX exchange is an alias"); - } - } - return NULL; + if (G.opt.policy_checks[POLICY_MX_ALIAS]) { + if (find_rr_set(T_CNAME, rr->exchange)) { + return moan(rr->rr.file_name, rr->rr.line, "MX exchange is an alias"); + } + } + return NULL; } struct rr_methods mx_methods = { mx_parse, mx_human, mx_wirerdata, mx_validate_set, mx_validate }; diff -pruN 0.8+git20160720-3.2/naptr.c 0.8+git20170804-0ubuntu3/naptr.c --- 0.8+git20160720-3.2/naptr.c 2016-02-04 14:14:15.000000000 +0000 +++ 0.8+git20170804-0ubuntu3/naptr.c 2017-08-04 14:27:44.000000000 +0000 @@ -20,74 +20,74 @@ static struct rr *naptr_parse(char *name, long ttl, int type, char *s) { - struct rr_naptr *rr = getmem(sizeof(*rr)); - int i; - struct binary_data text; - - i = extract_integer(&s, "order", NULL); - if (i < 0) - return NULL; - if (i >= 65536) - return bitch("order range is not valid"); - rr->order = i; - - i = extract_integer(&s, "preference", NULL); - if (i < 0) - return NULL; - if (i >= 65536) - return bitch("preference range is not valid"); - rr->preference = i; - - text = extract_text(&s, "flags"); - if (text.length < 0) - return NULL; - for (i = 0; i < text.length; i++) { - if (!isalnum(text.data[i])) { - return bitch("flags contains illegal characters"); - } - } - rr->flags = text; - - text = extract_text(&s, "services"); - if (text.length < 0) - return NULL; - rr->services = text; - - text = extract_text(&s, "regexp"); - if (text.length < 0) - return NULL; - rr->regexp = text; - - rr->replacement = extract_name(&s, "replacement", 0); - if (!rr->replacement) - return NULL; - - if (*s) { - return bitch("garbage after valid NAPTR data"); - } + struct rr_naptr *rr = getmem(sizeof(*rr)); + int i; + struct binary_data text; + + i = extract_integer(&s, "order", NULL); + if (i < 0) + return NULL; + if (i >= 65536) + return bitch("order range is not valid"); + rr->order = i; + + i = extract_integer(&s, "preference", NULL); + if (i < 0) + return NULL; + if (i >= 65536) + return bitch("preference range is not valid"); + rr->preference = i; + + text = extract_text(&s, "flags"); + if (text.length < 0) + return NULL; + for (i = 0; i < text.length; i++) { + if (!isalnum(text.data[i])) { + return bitch("flags contains illegal characters"); + } + } + rr->flags = text; + + text = extract_text(&s, "services"); + if (text.length < 0) + return NULL; + rr->services = text; + + text = extract_text(&s, "regexp"); + if (text.length < 0) + return NULL; + rr->regexp = text; + + rr->replacement = extract_name(&s, "replacement", 0); + if (!rr->replacement) + return NULL; + + if (*s) { + return bitch("garbage after valid NAPTR data"); + } - return store_record(type, name, ttl, rr); + return store_record(type, name, ttl, rr); } static char* naptr_human(struct rr *rrv) { - RRCAST(naptr); + RRCAST(naptr); char s[1024]; - snprintf(s, 1024, "%hu %hu \"%s\" ...", - rr->order, rr->preference, rr->flags.data); + snprintf(s, 1024, "%hu %hu \"%s\" ...", + rr->order, rr->preference, rr->flags.data); - return quickstrdup_temp(s); + return quickstrdup_temp(s); } static struct binary_data naptr_wirerdata(struct rr *rrv) { - RRCAST(naptr); + RRCAST(naptr); return compose_binary_data("22bbbd", 1, - rr->order, rr->preference, - rr->flags, rr->services, rr->regexp, - name2wire_name(rr->replacement)); + rr->order, rr->preference, + rr->flags, rr->services, rr->regexp, + name2wire_name(rr->replacement)); } struct rr_methods naptr_methods = { naptr_parse, naptr_human, naptr_wirerdata, NULL, NULL }; diff -pruN 0.8+git20160720-3.2/nid.c 0.8+git20170804-0ubuntu3/nid.c --- 0.8+git20160720-3.2/nid.c 2016-02-04 14:14:15.000000000 +0000 +++ 0.8+git20170804-0ubuntu3/nid.c 2017-08-04 14:27:44.000000000 +0000 @@ -19,39 +19,39 @@ static struct rr *nid_parse(char *name, long ttl, int type, char *s) { - struct rr_nid *rr = getmem(sizeof(*rr)); - int preference; + struct rr_nid *rr = getmem(sizeof(*rr)); + int preference; - rr->preference = preference = extract_integer(&s, "NID preference", NULL); - if (preference < 0) - return NULL; - if (extract_u64(&s, "NodeID", &rr->node_id) < 0) - return NULL; - - if (*s) { - return bitch("garbage after valid NID data"); - } + rr->preference = preference = extract_integer(&s, "NID preference", NULL); + if (preference < 0) + return NULL; + if (extract_u64(&s, "NodeID", &rr->node_id) < 0) + return NULL; + + if (*s) { + return bitch("garbage after valid NID data"); + } - return store_record(type, name, ttl, rr); + return store_record(type, name, ttl, rr); } static char* nid_human(struct rr *rrv) { - RRCAST(nid); + RRCAST(nid); char s[1024]; snprintf(s, 1024, "%d %x:%x:%x:%x", - rr->preference, - (unsigned)(rr->node_id >> 48) & 0xffff, - (unsigned)(rr->node_id >> 32) & 0xffff, - (unsigned)(rr->node_id >> 16) & 0xffff, - (unsigned)(rr->node_id >> 0) & 0xffff); + rr->preference, + (unsigned)(rr->node_id >> 48) & 0xffff, + (unsigned)(rr->node_id >> 32) & 0xffff, + (unsigned)(rr->node_id >> 16) & 0xffff, + (unsigned)(rr->node_id >> 0) & 0xffff); return quickstrdup_temp(s); } static struct binary_data nid_wirerdata(struct rr *rrv) { - RRCAST(nid); + RRCAST(nid); return compose_binary_data("28", 1, rr->preference, rr->node_id); } diff -pruN 0.8+git20160720-3.2/nsap.c 0.8+git20170804-0ubuntu3/nsap.c --- 0.8+git20160720-3.2/nsap.c 2016-02-04 14:14:15.000000000 +0000 +++ 0.8+git20170804-0ubuntu3/nsap.c 2017-08-04 14:27:44.000000000 +0000 @@ -19,15 +19,15 @@ static struct rr* nsap_parse(char *name, long ttl, int type, char *s) { - struct rr_nsap *rr = getmem(sizeof(*rr)); + struct rr_nsap *rr = getmem(sizeof(*rr)); - rr->data = extract_hex_binary_data(&s, "NSAP data", EXTRACT_EAT_WHITESPACE); - if (rr->data.length < 0) return NULL; + rr->data = extract_hex_binary_data(&s, "NSAP data", EXTRACT_EAT_WHITESPACE); + if (rr->data.length < 0) return NULL; - if (*s) { - return bitch("garbage after valid NSAP data"); - } - return store_record(type, name, ttl, rr); + if (*s) { + return bitch("garbage after valid NSAP data"); + } + return store_record(type, name, ttl, rr); } static char* nsap_human(struct rr *rrv) @@ -37,9 +37,9 @@ static char* nsap_human(struct rr *rrv) static struct binary_data nsap_wirerdata(struct rr *rrv) { - RRCAST(nsap); + RRCAST(nsap); - return compose_binary_data("d", 1, rr->data); + return compose_binary_data("d", 1, rr->data); } struct rr_methods nsap_methods = { nsap_parse, nsap_human, nsap_wirerdata, NULL, NULL }; diff -pruN 0.8+git20160720-3.2/ns.c 0.8+git20170804-0ubuntu3/ns.c --- 0.8+git20160720-3.2/ns.c 2016-02-04 14:14:15.000000000 +0000 +++ 0.8+git20170804-0ubuntu3/ns.c 2017-08-04 14:27:44.000000000 +0000 @@ -20,63 +20,63 @@ static struct rr *ns_parse(char *name, long ttl, int type, char *s) { - struct rr_ns *rr = getmem(sizeof(*rr)); - struct rr *ret_rr; + struct rr_ns *rr = getmem(sizeof(*rr)); + struct rr *ret_rr; - rr->nsdname = extract_name(&s, "name server domain name", 0); - if (!rr->nsdname) - return NULL; - if (*s) { - return bitch("garbage after valid NS data"); - } - - ret_rr = store_record(type, name, ttl, rr); - if (ret_rr) { - if (!(ret_rr->rr_set->named_rr->flags & (NAME_FLAG_APEX|NAME_FLAG_DELEGATION))) { - ret_rr->rr_set->named_rr->flags |= NAME_FLAG_DELEGATION; - G.stats.delegations++; - } - } - return ret_rr; + rr->nsdname = extract_name(&s, "name server domain name", 0); + if (!rr->nsdname) + return NULL; + if (*s) { + return bitch("garbage after valid NS data"); + } + + ret_rr = store_record(type, name, ttl, rr); + if (ret_rr) { + if (!(ret_rr->rr_set->named_rr->flags & (NAME_FLAG_APEX|NAME_FLAG_DELEGATION))) { + ret_rr->rr_set->named_rr->flags |= NAME_FLAG_DELEGATION; + G.stats.delegations++; + } + } + return ret_rr; } static char* ns_human(struct rr *rrv) { - RRCAST(ns); + RRCAST(ns); return rr->nsdname; } static struct binary_data ns_wirerdata(struct rr *rrv) { - RRCAST(ns); - return name2wire_name(rr->nsdname); + RRCAST(ns); + return name2wire_name(rr->nsdname); } static void* ns_validate_set(struct rr_set *rr_set) { - struct rr *rr; - if (G.opt.policy_checks[POLICY_SINGLE_NS]) { - if (rr_set->count < 2) { - rr = rr_set->tail; - return moan(rr->file_name, rr->line, "there should be at least two NS records per name"); - } - } - return NULL; + struct rr *rr; + if (G.opt.policy_checks[POLICY_SINGLE_NS]) { + if (rr_set->count < 2) { + rr = rr_set->tail; + return moan(rr->file_name, rr->line, "there should be at least two NS records per name"); + } + } + return NULL; } static void *ns_validate(struct rr *rrv) { - RRCAST(ns); + RRCAST(ns); - if (G.opt.policy_checks[POLICY_NS_ALIAS]) { - if (find_rr_set(T_CNAME, rr->nsdname)) { - return moan(rr->rr.file_name, rr->rr.line, "NS data is an alias"); - } - } - if (strchr(rr->nsdname, '/') != NULL) - return moan(rr->rr.file_name, rr->rr.line, "NS data contains '/'"); - return NULL; + if (G.opt.policy_checks[POLICY_NS_ALIAS]) { + if (find_rr_set(T_CNAME, rr->nsdname)) { + return moan(rr->rr.file_name, rr->rr.line, "NS data is an alias"); + } + } + if (strchr(rr->nsdname, '/') != NULL) + return moan(rr->rr.file_name, rr->rr.line, "NS data contains '/'"); + return NULL; } struct rr_methods ns_methods = { ns_parse, ns_human, ns_wirerdata, ns_validate_set, ns_validate }; diff -pruN 0.8+git20160720-3.2/nsec3.c 0.8+git20170804-0ubuntu3/nsec3.c --- 0.8+git20160720-3.2/nsec3.c 2016-02-04 14:14:15.000000000 +0000 +++ 0.8+git20170804-0ubuntu3/nsec3.c 2017-08-04 14:27:44.000000000 +0000 @@ -24,125 +24,125 @@ static struct rr* nsec3_parse(char *name, long ttl, int type, char *s) { struct rr_nsec3 *rr = getmem(sizeof(*rr)); - struct rr *ret_rr; - struct binary_data bitmap; - int i; - int opt_out = 0; - char *str_type = NULL; - int ltype; - - i = extract_integer(&s, "hash algorithm", NULL); - if (i < 0) - return NULL; - if (i > 255) - return bitch("bad hash algorithm value"); - if (i != 1) - return bitch("unrecognized or unsupported hash algorithm"); - rr->hash_algorithm = i; - - i = extract_integer(&s, "flags", NULL); - if (i < 0) - return NULL; - if (i > 255) - return bitch("bad flags value"); - - if (!(i == 0 || i == 1)) - return bitch("unsupported flags value"); - if (i == 1) - opt_out = 1; - rr->flags = i; - - i = extract_integer(&s, "iterations", NULL); - if (i < 0) - return NULL; - if (i > 2500) - return bitch("bad iterations value"); - rr->iterations = i; - /* TODO validate iteration count according to key size, - * as per http://tools.ietf.org/html/rfc5155#section-10.3 */ - - if (*s == '-') { - rr->salt.length = 0; - rr->salt.data = NULL; - s++; - if (*s && !isspace(*s) && *s != ';' && *s != ')') - return bitch("salt is not valid"); - s = skip_white_space(s); - } else { - rr->salt = extract_hex_binary_data(&s, "salt", EXTRACT_DONT_EAT_WHITESPACE); - if (rr->salt.length <= 0) - return NULL; - if (rr->salt.length > 255) - return bitch("salt is too long"); - } - - rr->next_hashed_owner = extract_base32hex_binary_data(&s, "next hashed owner"); - if (rr->next_hashed_owner.length != 20) { - return bitch("next hashed owner does not have the right size"); - } - - bitmap = new_set(); - while (s && *s) { - str_type = extract_label(&s, "type list", "temporary"); - if (!str_type) return NULL; - ltype = str2rdtype(str_type, NULL); - if (ltype < 0) - return NULL; - add_bit_to_set(&bitmap, ltype); - } - if (!s) - return NULL; - rr->type_bitmap = compressed_set(&bitmap); + struct rr *ret_rr; + struct binary_data bitmap; + int i; + int opt_out = 0; + char *str_type = NULL; + int ltype; + + i = extract_integer(&s, "hash algorithm", NULL); + if (i < 0) + return NULL; + if (i > 255) + return bitch("bad hash algorithm value"); + if (i != 1) + return bitch("unrecognized or unsupported hash algorithm"); + rr->hash_algorithm = i; + + i = extract_integer(&s, "flags", NULL); + if (i < 0) + return NULL; + if (i > 255) + return bitch("bad flags value"); + + if (!(i == 0 || i == 1)) + return bitch("unsupported flags value"); + if (i == 1) + opt_out = 1; + rr->flags = i; + + i = extract_integer(&s, "iterations", NULL); + if (i < 0) + return NULL; + if (i > 2500) + return bitch("bad iterations value"); + rr->iterations = i; + /* TODO validate iteration count according to key size, + * as per http://tools.ietf.org/html/rfc5155#section-10.3 */ + + if (*s == '-') { + rr->salt.length = 0; + rr->salt.data = NULL; + s++; + if (*s && !isspace(*s) && *s != ';' && *s != ')') + return bitch("salt is not valid"); + s = skip_white_space(s); + } else { + rr->salt = extract_hex_binary_data(&s, "salt", EXTRACT_DONT_EAT_WHITESPACE); + if (rr->salt.length <= 0) + return NULL; + if (rr->salt.length > 255) + return bitch("salt is too long"); + } + + rr->next_hashed_owner = extract_base32hex_binary_data(&s, "next hashed owner"); + if (rr->next_hashed_owner.length != 20) { + return bitch("next hashed owner does not have the right size"); + } + + bitmap = new_set(); + while (s && *s) { + str_type = extract_label(&s, "type list", "temporary"); + if (!str_type) return NULL; + ltype = str2rdtype(str_type, NULL); + if (ltype < 0) + return NULL; + add_bit_to_set(&bitmap, ltype); + } + if (!s) + return NULL; + rr->type_bitmap = compressed_set(&bitmap); - rr->corresponding_name = NULL; - rr->next_nsec3 = NULL; + rr->corresponding_name = NULL; + rr->next_nsec3 = NULL; - if (!remember_nsec3(name, rr)) - return NULL; + if (!remember_nsec3(name, rr)) + return NULL; ret_rr = store_record(type, name, ttl, rr); - if (ret_rr) { - G.nsec3_present = 1; - G.dnssec_active = 1; - G.stats.nsec3_count++; - if (opt_out) { - G.nsec3_opt_out_present = 1; - } - if (ret_rr && !nsec3param) - nsec3param = ret_rr; - } - return ret_rr; + if (ret_rr) { + G.nsec3_present = 1; + G.dnssec_active = 1; + G.stats.nsec3_count++; + if (opt_out) { + G.nsec3_opt_out_present = 1; + } + if (ret_rr && !nsec3param) + nsec3param = ret_rr; + } + return ret_rr; } static char* nsec3_human(struct rr *rrv) { - RRCAST(nsec3); + RRCAST(nsec3); char ss[1024]; - char *s = ss; - int l; - int i; + char *s = ss; + int l; + int i; l = snprintf(s, 1024, "%u %u %u ", rr->hash_algorithm, rr->flags, rr->iterations); - s += l; - if (rr->salt.length) { - for (i = 0; i < rr->salt.length; i++) { - l = snprintf(s, 1024-(s-ss), "%02X", (unsigned char)rr->salt.data[i]); - s += l; - } - } else { - sprintf(s, "-"); - } + s += l; + if (rr->salt.length) { + for (i = 0; i < rr->salt.length; i++) { + l = snprintf(s, 1024-(s-ss), "%02X", (unsigned char)rr->salt.data[i]); + s += l; + } + } else { + sprintf(s, "-"); + } return quickstrdup_temp(ss); } static struct binary_data nsec3_wirerdata(struct rr *rrv) { - RRCAST(nsec3); + RRCAST(nsec3); - return compose_binary_data("112bbd", 1, - rr->hash_algorithm, rr->flags, - rr->iterations, rr->salt, - rr->next_hashed_owner, rr->type_bitmap); + return compose_binary_data("112bbd", 1, + rr->hash_algorithm, rr->flags, + rr->iterations, rr->salt, + rr->next_hashed_owner, rr->type_bitmap); } struct rr_nsec3 *first_nsec3 = NULL; @@ -150,36 +150,36 @@ struct rr_nsec3 *latest_nsec3 = NULL; void* nsec3_validate(struct rr *rrv) { - RRCAST(nsec3); + RRCAST(nsec3); - if (!first_nsec3) { - first_nsec3 = rr; - } - if (latest_nsec3) { - if (memcmp(latest_nsec3->next_hashed_owner.data, rr->this_hashed_name.data, 20) != 0) { - char *expected_name = quickstrdup_temp(rr->rr.rr_set->named_rr->name); - /* guaranteed to have same length, I think */ - encode_base32hex(expected_name, 32, latest_nsec3->next_hashed_owner.data, 20); - if (rr == first_nsec3) { - moan(latest_nsec3->rr.file_name, latest_nsec3->rr.line, - "broken NSEC3 chain, expected %s, but nothing found", - expected_name); - } else { - moan(latest_nsec3->rr.file_name, latest_nsec3->rr.line, - "broken NSEC3 chain, expected %s, but found %s", - expected_name, - rr->rr.rr_set->named_rr->name); - } - if (rr != first_nsec3) - latest_nsec3->next_nsec3 = rr; - latest_nsec3 = rr; - return NULL; - } - if (rr != first_nsec3) - latest_nsec3->next_nsec3 = rr; - } - latest_nsec3 = rr; - return rr; + if (!first_nsec3) { + first_nsec3 = rr; + } + if (latest_nsec3) { + if (memcmp(latest_nsec3->next_hashed_owner.data, rr->this_hashed_name.data, 20) != 0) { + char *expected_name = quickstrdup_temp(rr->rr.rr_set->named_rr->name); + /* guaranteed to have same length, I think */ + encode_base32hex(expected_name, 32, latest_nsec3->next_hashed_owner.data, 20); + if (rr == first_nsec3) { + moan(latest_nsec3->rr.file_name, latest_nsec3->rr.line, + "broken NSEC3 chain, expected %s, but nothing found", + expected_name); + } else { + moan(latest_nsec3->rr.file_name, latest_nsec3->rr.line, + "broken NSEC3 chain, expected %s, but found %s", + expected_name, + rr->rr.rr_set->named_rr->name); + } + if (rr != first_nsec3) + latest_nsec3->next_nsec3 = rr; + latest_nsec3 = rr; + return NULL; + } + if (rr != first_nsec3) + latest_nsec3->next_nsec3 = rr; + } + latest_nsec3 = rr; + return rr; } struct rr_methods nsec3_methods = { nsec3_parse, nsec3_human, nsec3_wirerdata, NULL, nsec3_validate }; diff -pruN 0.8+git20160720-3.2/nsec3checks.c 0.8+git20170804-0ubuntu3/nsec3checks.c --- 0.8+git20160720-3.2/nsec3checks.c 2016-02-04 14:14:15.000000000 +0000 +++ 0.8+git20170804-0ubuntu3/nsec3checks.c 2017-08-04 14:27:44.000000000 +0000 @@ -28,44 +28,44 @@ static struct binary_data name2hash(char *name, struct rr *param) { struct rr_nsec3param *p = (struct rr_nsec3param *)param; - EVP_MD_CTX ctx; - unsigned char md0[EVP_MAX_MD_SIZE]; - unsigned char md1[EVP_MAX_MD_SIZE]; - unsigned char *md[2]; - int mdi = 0; - struct binary_data r = bad_binary_data(); - struct binary_data wire_name = name2wire_name(name); - int i; - int digest_size; - - md[0] = md0; - md[1] = md1; - if (wire_name.length < 0) - return r; - - /* XXX Maybe use Init_ex and Final_ex for speed? */ - - EVP_MD_CTX_init(&ctx); - if (EVP_DigestInit(&ctx, EVP_sha1()) != 1) - return r; - digest_size = EVP_MD_CTX_size(&ctx); - EVP_DigestUpdate(&ctx, wire_name.data, wire_name.length); - EVP_DigestUpdate(&ctx, p->salt.data, p->salt.length); - EVP_DigestFinal(&ctx, md[mdi], NULL); - - for (i = 0; i < p->iterations; i++) { - if (EVP_DigestInit(&ctx, EVP_sha1()) != 1) - return r; - EVP_DigestUpdate(&ctx, md[mdi], digest_size); - mdi = (mdi + 1) % 2; - EVP_DigestUpdate(&ctx, p->salt.data, p->salt.length); - EVP_DigestFinal(&ctx, md[mdi], NULL); - } - - r.length = digest_size; - r.data = getmem(digest_size); - memcpy(r.data, md[mdi], digest_size); - return r; + EVP_MD_CTX ctx; + unsigned char md0[EVP_MAX_MD_SIZE]; + unsigned char md1[EVP_MAX_MD_SIZE]; + unsigned char *md[2]; + int mdi = 0; + struct binary_data r = bad_binary_data(); + struct binary_data wire_name = name2wire_name(name); + int i; + int digest_size; + + md[0] = md0; + md[1] = md1; + if (wire_name.length < 0) + return r; + + /* XXX Maybe use Init_ex and Final_ex for speed? */ + + EVP_MD_CTX_init(&ctx); + if (EVP_DigestInit(&ctx, EVP_sha1()) != 1) + return r; + digest_size = EVP_MD_CTX_size(&ctx); + EVP_DigestUpdate(&ctx, wire_name.data, wire_name.length); + EVP_DigestUpdate(&ctx, p->salt.data, p->salt.length); + EVP_DigestFinal(&ctx, md[mdi], NULL); + + for (i = 0; i < p->iterations; i++) { + if (EVP_DigestInit(&ctx, EVP_sha1()) != 1) + return r; + EVP_DigestUpdate(&ctx, md[mdi], digest_size); + mdi = (mdi + 1) % 2; + EVP_DigestUpdate(&ctx, p->salt.data, p->salt.length); + EVP_DigestFinal(&ctx, md[mdi], NULL); + } + + r.length = digest_size; + r.data = getmem(digest_size); + memcpy(r.data, md[mdi], digest_size); + return r; } int sorted_hashed_names_count; @@ -76,193 +76,193 @@ void *nsec3_hash; static int validate_nsec3_for_name(const char *name, intptr_t *data, void *p) { - struct named_rr *named_rr = *((struct named_rr **)data); - struct binary_data hash; - struct rr_nsec3 **nsec3_slot; - struct rr_nsec3 *nsec3; + struct named_rr *named_rr = *((struct named_rr **)data); + struct binary_data hash; + struct rr_nsec3 **nsec3_slot; + struct rr_nsec3 *nsec3; - if ((named_rr->flags & mask) == NAME_FLAG_KIDS_WITH_RECORDS) { - //fprintf(stderr, "--- need nsec3, kids with records: %s\n", named_rr->name); + if ((named_rr->flags & mask) == NAME_FLAG_KIDS_WITH_RECORDS) { + //fprintf(stderr, "--- need nsec3, kids with records: %s\n", named_rr->name); needs_nsec3: - freeall_temp(); - hash = name2hash(named_rr->name, nsec3param); - if (hash.length < 0) { - moan(named_rr->file_name, named_rr->line, "internal: cannot calculate hashed name"); - goto next; - } - if (hash.length != 20) - croak(4, "assertion failed: wrong hashed name size %d", hash.length); - JHSG(nsec3_slot, nsec3_hash, hash.data, hash.length); - if (nsec3_slot == PJERR) - croak(5, "perform_remaining_nsec3checks: JHSG failed"); - if (!nsec3_slot) { - moan(named_rr->file_name, named_rr->line, - "no corresponding NSEC3 found for %s", - named_rr->name); - goto next; - } - nsec3 = *nsec3_slot; - if (!nsec3) - croak(6, "assertion failed: existing nsec3 from hash is empty"); - nsec3->corresponding_name = named_rr; - sorted_hashed_names_count++; - check_typemap(nsec3->type_bitmap, named_rr, &nsec3->rr); - } else if ((named_rr->flags & - (NAME_FLAG_NOT_AUTHORITATIVE|NAME_FLAG_SIGNED_DELEGATION)) == - NAME_FLAG_SIGNED_DELEGATION) - { - //fprintf(stderr, "--- need nsec3, signed delegation: %s\n", named_rr->name); - goto needs_nsec3; - } else if (!G.nsec3_opt_out_present && (named_rr->flags & - (NAME_FLAG_APEX_PARENT|NAME_FLAG_NOT_AUTHORITATIVE|NAME_FLAG_DELEGATION|NAME_FLAG_HAS_RECORDS)) == - 0) - { - //fprintf(stderr, "--- need nsec3, empty non-term: %s\n", named_rr->name); - goto needs_nsec3; - } else if (!G.nsec3_opt_out_present && (named_rr->flags & (NAME_FLAG_DELEGATION|NAME_FLAG_NOT_AUTHORITATIVE))==NAME_FLAG_DELEGATION) - { - //fprintf(stderr, "--- need nsec3, no opt-out: %s\n", named_rr->name); - goto needs_nsec3; - } else if (!G.nsec3_opt_out_present && (named_rr->flags & (NAME_FLAG_THIS_WITH_RECORDS|NAME_FLAG_NOT_AUTHORITATIVE)) == NAME_FLAG_THIS_WITH_RECORDS) - { - //fprintf(stderr, "--- need nsec3, this with records: %s\n", named_rr->name); - goto needs_nsec3; - } else { - //fprintf(stderr, "--- NO need for nsec3: %s\n", named_rr->name); - } + freeall_temp(); + hash = name2hash(named_rr->name, nsec3param); + if (hash.length < 0) { + moan(named_rr->file_name, named_rr->line, "internal: cannot calculate hashed name"); + goto next; + } + if (hash.length != 20) + croak(4, "assertion failed: wrong hashed name size %d", hash.length); + JHSG(nsec3_slot, nsec3_hash, hash.data, hash.length); + if (nsec3_slot == PJERR) + croak(5, "perform_remaining_nsec3checks: JHSG failed"); + if (!nsec3_slot) { + moan(named_rr->file_name, named_rr->line, + "no corresponding NSEC3 found for %s", + named_rr->name); + goto next; + } + nsec3 = *nsec3_slot; + if (!nsec3) + croak(6, "assertion failed: existing nsec3 from hash is empty"); + nsec3->corresponding_name = named_rr; + sorted_hashed_names_count++; + check_typemap(nsec3->type_bitmap, named_rr, &nsec3->rr); + } else if ((named_rr->flags & + (NAME_FLAG_NOT_AUTHORITATIVE|NAME_FLAG_SIGNED_DELEGATION)) == + NAME_FLAG_SIGNED_DELEGATION) + { + //fprintf(stderr, "--- need nsec3, signed delegation: %s\n", named_rr->name); + goto needs_nsec3; + } else if (!G.nsec3_opt_out_present && (named_rr->flags & + (NAME_FLAG_APEX_PARENT|NAME_FLAG_NOT_AUTHORITATIVE|NAME_FLAG_DELEGATION|NAME_FLAG_HAS_RECORDS)) == + 0) + { + //fprintf(stderr, "--- need nsec3, empty non-term: %s\n", named_rr->name); + goto needs_nsec3; + } else if (!G.nsec3_opt_out_present && (named_rr->flags & (NAME_FLAG_DELEGATION|NAME_FLAG_NOT_AUTHORITATIVE))==NAME_FLAG_DELEGATION) + { + //fprintf(stderr, "--- need nsec3, no opt-out: %s\n", named_rr->name); + goto needs_nsec3; + } else if (!G.nsec3_opt_out_present && (named_rr->flags & (NAME_FLAG_THIS_WITH_RECORDS|NAME_FLAG_NOT_AUTHORITATIVE)) == NAME_FLAG_THIS_WITH_RECORDS) + { + //fprintf(stderr, "--- need nsec3, this with records: %s\n", named_rr->name); + goto needs_nsec3; + } else { + //fprintf(stderr, "--- NO need for nsec3: %s\n", named_rr->name); + } next: - return 1; + return 1; } void perform_remaining_nsec3checks(void) { - struct rr_nsec3 *nsec3; + struct rr_nsec3 *nsec3; - sorted_hashed_names_count = 0; - mask = NAME_FLAG_NOT_AUTHORITATIVE|NAME_FLAG_NSEC3_ONLY|NAME_FLAG_KIDS_WITH_RECORDS; - if (G.nsec3_opt_out_present) { - mask |= NAME_FLAG_DELEGATION; - } - - cbtree_allprefixed(&zone_data, "", validate_nsec3_for_name, NULL); - - nsec3 = first_nsec3; - while (nsec3) { - if (!nsec3->corresponding_name) { - moan(nsec3->rr.file_name, nsec3->rr.line, - "NSEC3 without a corresponding record (or empty non-terminal)"); - } - nsec3 = nsec3->next_nsec3; - } + sorted_hashed_names_count = 0; + mask = NAME_FLAG_NOT_AUTHORITATIVE|NAME_FLAG_NSEC3_ONLY|NAME_FLAG_KIDS_WITH_RECORDS; + if (G.nsec3_opt_out_present) { + mask |= NAME_FLAG_DELEGATION; + } + + cbtree_allprefixed(&zone_data, "", validate_nsec3_for_name, NULL); + + nsec3 = first_nsec3; + while (nsec3) { + if (!nsec3->corresponding_name) { + moan(nsec3->rr.file_name, nsec3->rr.line, + "NSEC3 without a corresponding record (or empty non-terminal)"); + } + nsec3 = nsec3->next_nsec3; + } } void *remember_nsec3(char *name, struct rr_nsec3 *rr) { - char hashed_name[33]; - char binary_hashed_name[20]; - int l; - struct rr_nsec3 **nsec3_slot; - - l = strlen(name); - if (l < 33 || name[32] != '.') - return bitch("NSEC3 record name is not valid"); - if (l == 33 && zone_apex_l != 1) /* root zone */ - return bitch("NSEC3 record name is not valid"); - if (l > 33 && strcmp(name+33, zone_apex) != 0) - return bitch("NSEC3 record name is not valid"); - - memcpy(hashed_name, name, 32); hashed_name[32] = 0; - l = decode_base32hex(binary_hashed_name, hashed_name, 20); - if (l != 20) - return bitch("NSEC3 record name is not valid"); - JHSI(nsec3_slot, nsec3_hash, binary_hashed_name, 20); - if (nsec3_slot == PJERR) - croak(2, "remember_nsec3: JHSI failed"); - if (*nsec3_slot) - return bitch("multiple NSEC3 with the same record name"); - *nsec3_slot = rr; - rr->this_hashed_name.length = 20; - rr->this_hashed_name.data = getmem(20); - memcpy(rr->this_hashed_name.data, binary_hashed_name, 20); - return rr; + char hashed_name[33]; + char binary_hashed_name[20]; + int l; + struct rr_nsec3 **nsec3_slot; + + l = strlen(name); + if (l < 33 || name[32] != '.') + return bitch("NSEC3 record name is not valid"); + if (l == 33 && zone_apex_l != 1) /* root zone */ + return bitch("NSEC3 record name is not valid"); + if (l > 33 && strcmp(name+33, zone_apex) != 0) + return bitch("NSEC3 record name is not valid"); + + memcpy(hashed_name, name, 32); hashed_name[32] = 0; + l = decode_base32hex(binary_hashed_name, hashed_name, 20); + if (l != 20) + return bitch("NSEC3 record name is not valid"); + JHSI(nsec3_slot, nsec3_hash, binary_hashed_name, 20); + if (nsec3_slot == PJERR) + croak(2, "remember_nsec3: JHSI failed"); + if (*nsec3_slot) + return bitch("multiple NSEC3 with the same record name"); + *nsec3_slot = rr; + rr->this_hashed_name.length = 20; + rr->this_hashed_name.data = getmem(20); + memcpy(rr->this_hashed_name.data, binary_hashed_name, 20); + return rr; } void *check_typemap(struct binary_data type_bitmap, struct named_rr *named_rr, struct rr *reference_rr) { - int type; - char *base; - int i, k; - struct rr_set *set; - uint32_t nsec_distinct_types = 0; - uint32_t real_distinct_types; - - base = type_bitmap.data; - while (base - type_bitmap.data < type_bitmap.length) { - for (i = 0; i < base[1]; i++) { - for (k = 0; k <= 7; k++) { - if (base[2+i] & (0x80 >> k)) { - type = ((unsigned char)base[0])*256 + i*8 + k; - nsec_distinct_types++; - set = find_rr_set_in_named_rr(named_rr, type); - if (!set) { - return moan(reference_rr->file_name, reference_rr->line, - "%s mentions %s, but no such record found for %s", - rdtype2str(reference_rr->rdtype), rdtype2str(type), named_rr->name); - } - } - } - } - base += base[1]+2; - } - real_distinct_types = get_rr_set_count(named_rr); - if (real_distinct_types > nsec_distinct_types) { - void *bitmap = NULL; - struct rr_set **rr_set_slot; - int rc; - Word_t rcw; - Word_t rdtype; - int skipped = 0; - - base = type_bitmap.data; - while (base - type_bitmap.data < type_bitmap.length) { - for (i = 0; i < base[1]; i++) { - for (k = 0; k <= 7; k++) { - if (base[2+i] & (0x80 >> k)) { - type = ((unsigned char)base[0])*256 + i*8 + k; - J1S(rc, bitmap, type); - } - } - } - base += base[1]+2; - } - rdtype = 0; - JLF(rr_set_slot, named_rr->rr_sets, rdtype); - while (rr_set_slot) { - J1T(rc, bitmap, (*rr_set_slot)->rdtype); - if (!rc) { - if ((named_rr->flags & NAME_FLAG_DELEGATION) && - ((*rr_set_slot)->rdtype == T_A || - (*rr_set_slot)->rdtype == T_AAAA)) - { - skipped++; - } else { - moan(reference_rr->file_name, reference_rr->line, - "%s exists, but %s does not mention it for %s", - rdtype2str((*rr_set_slot)->rdtype), - rdtype2str(reference_rr->rdtype), - named_rr->name); - J1FA(rcw, bitmap); - return NULL; - } - } - JLN(rr_set_slot, named_rr->rr_sets, rdtype); - } - J1FA(rcw, bitmap); - if (real_distinct_types - skipped > nsec_distinct_types) { - return moan(reference_rr->file_name, reference_rr->line, - "internal: we know %s typemap is wrong, but don't know any details", - rdtype2str(reference_rr->rdtype)); - } - } - return reference_rr; + int type; + char *base; + int i, k; + struct rr_set *set; + uint32_t nsec_distinct_types = 0; + uint32_t real_distinct_types; + + base = type_bitmap.data; + while (base - type_bitmap.data < type_bitmap.length) { + for (i = 0; i < base[1]; i++) { + for (k = 0; k <= 7; k++) { + if (base[2+i] & (0x80 >> k)) { + type = ((unsigned char)base[0])*256 + i*8 + k; + nsec_distinct_types++; + set = find_rr_set_in_named_rr(named_rr, type); + if (!set) { + return moan(reference_rr->file_name, reference_rr->line, + "%s mentions %s, but no such record found for %s", + rdtype2str(reference_rr->rdtype), rdtype2str(type), named_rr->name); + } + } + } + } + base += base[1]+2; + } + real_distinct_types = get_rr_set_count(named_rr); + if (real_distinct_types > nsec_distinct_types) { + void *bitmap = NULL; + struct rr_set **rr_set_slot; + int rc; + Word_t rcw; + Word_t rdtype; + int skipped = 0; + + base = type_bitmap.data; + while (base - type_bitmap.data < type_bitmap.length) { + for (i = 0; i < base[1]; i++) { + for (k = 0; k <= 7; k++) { + if (base[2+i] & (0x80 >> k)) { + type = ((unsigned char)base[0])*256 + i*8 + k; + J1S(rc, bitmap, type); + } + } + } + base += base[1]+2; + } + rdtype = 0; + JLF(rr_set_slot, named_rr->rr_sets, rdtype); + while (rr_set_slot) { + J1T(rc, bitmap, (*rr_set_slot)->rdtype); + if (!rc) { + if ((named_rr->flags & NAME_FLAG_DELEGATION) && + ((*rr_set_slot)->rdtype == T_A || + (*rr_set_slot)->rdtype == T_AAAA)) + { + skipped++; + } else { + moan(reference_rr->file_name, reference_rr->line, + "%s exists, but %s does not mention it for %s", + rdtype2str((*rr_set_slot)->rdtype), + rdtype2str(reference_rr->rdtype), + named_rr->name); + J1FA(rcw, bitmap); + return NULL; + } + } + JLN(rr_set_slot, named_rr->rr_sets, rdtype); + } + J1FA(rcw, bitmap); + if (real_distinct_types - skipped > nsec_distinct_types) { + return moan(reference_rr->file_name, reference_rr->line, + "internal: we know %s typemap is wrong, but don't know any details", + rdtype2str(reference_rr->rdtype)); + } + } + return reference_rr; } diff -pruN 0.8+git20160720-3.2/nsec3param.c 0.8+git20170804-0ubuntu3/nsec3param.c --- 0.8+git20160720-3.2/nsec3param.c 2016-02-04 14:14:15.000000000 +0000 +++ 0.8+git20170804-0ubuntu3/nsec3param.c 2017-08-04 14:27:44.000000000 +0000 @@ -24,94 +24,94 @@ struct rr *nsec3param = NULL; static struct rr* nsec3param_parse(char *name, long ttl, int type, char *s) { struct rr_nsec3param *rr = getmem(sizeof(*rr)); - struct rr *ret_rr; - int i; + struct rr *ret_rr; + int i; - i = extract_integer(&s, "hash algorithm", NULL); - if (i < 0) - return NULL; - if (i > 255) - return bitch("bad hash algorithm value"); - if (i != 1) - return bitch("unrecognized or unsupported hash algorithm"); - rr->hash_algorithm = i; - - i = extract_integer(&s, "flags", NULL); - if (i < 0) - return NULL; - if (i > 255) - return bitch("bad flags value"); - if (i != 0) - return bitch("flags is supposed to be 0 for NSEC3PARAM"); - rr->flags = i; - - i = extract_integer(&s, "iterations", NULL); - if (i < 0) - return NULL; - if (i > 2500) - return bitch("bad iterations value"); - rr->iterations = i; - /* TODO validate iteration count according to key size, - * as per http://tools.ietf.org/html/rfc5155#section-10.3 */ - - if (*s == '-') { - rr->salt.length = 0; - rr->salt.data = NULL; - s++; - if (*s && !isspace(*s) && *s != ';' && *s != ')') - return bitch("salt is not valid"); - s = skip_white_space(s); - } else { - rr->salt = extract_hex_binary_data(&s, "salt", EXTRACT_DONT_EAT_WHITESPACE); - if (rr->salt.length <= 0) - return NULL; - if (rr->salt.length > 255) - return bitch("salt is too long"); - } - if (*s) { - return bitch("garbage after valid NSEC3PARAM data"); - } + i = extract_integer(&s, "hash algorithm", NULL); + if (i < 0) + return NULL; + if (i > 255) + return bitch("bad hash algorithm value"); + if (i != 1) + return bitch("unrecognized or unsupported hash algorithm"); + rr->hash_algorithm = i; + + i = extract_integer(&s, "flags", NULL); + if (i < 0) + return NULL; + if (i > 255) + return bitch("bad flags value"); + if (i != 0) + return bitch("flags is supposed to be 0 for NSEC3PARAM"); + rr->flags = i; + + i = extract_integer(&s, "iterations", NULL); + if (i < 0) + return NULL; + if (i > 2500) + return bitch("bad iterations value"); + rr->iterations = i; + /* TODO validate iteration count according to key size, + * as per http://tools.ietf.org/html/rfc5155#section-10.3 */ + + if (*s == '-') { + rr->salt.length = 0; + rr->salt.data = NULL; + s++; + if (*s && !isspace(*s) && *s != ';' && *s != ')') + return bitch("salt is not valid"); + s = skip_white_space(s); + } else { + rr->salt = extract_hex_binary_data(&s, "salt", EXTRACT_DONT_EAT_WHITESPACE); + if (rr->salt.length <= 0) + return NULL; + if (rr->salt.length > 255) + return bitch("salt is too long"); + } + if (*s) { + return bitch("garbage after valid NSEC3PARAM data"); + } - G.dnssec_active = 1; + G.dnssec_active = 1; ret_rr = store_record(type, name, ttl, rr); - if (ret_rr && !nsec3param && (ret_rr->rr_set->named_rr->flags & NAME_FLAG_APEX)) - nsec3param = ret_rr; - if (G.opt.policy_checks[POLICY_NSEC3PARAM_NOT_APEX] && - (ret_rr->rr_set->named_rr->flags & NAME_FLAG_APEX) == 0) - { - return bitch("NSEC3PARAM found not at zone apex"); - } - return ret_rr; + if (ret_rr && !nsec3param && (ret_rr->rr_set->named_rr->flags & NAME_FLAG_APEX)) + nsec3param = ret_rr; + if (G.opt.policy_checks[POLICY_NSEC3PARAM_NOT_APEX] && + (ret_rr->rr_set->named_rr->flags & NAME_FLAG_APEX) == 0) + { + return bitch("NSEC3PARAM found not at zone apex"); + } + return ret_rr; } static char* nsec3param_human(struct rr *rrv) { - RRCAST(nsec3param); + RRCAST(nsec3param); char ss[1024]; - char *s = ss; - int l; - int i; + char *s = ss; + int l; + int i; l = snprintf(s, 1024, "%u %u %u ", rr->hash_algorithm, rr->flags, rr->iterations); - s += l; - if (rr->salt.length) { - for (i = 0; i < rr->salt.length; i++) { - l = snprintf(s, 1024-(s-ss), "%02X", (unsigned char)rr->salt.data[i]); - s += l; - } - } else { - sprintf(s, "-"); - } + s += l; + if (rr->salt.length) { + for (i = 0; i < rr->salt.length; i++) { + l = snprintf(s, 1024-(s-ss), "%02X", (unsigned char)rr->salt.data[i]); + s += l; + } + } else { + sprintf(s, "-"); + } return quickstrdup_temp(ss); } static struct binary_data nsec3param_wirerdata(struct rr *rrv) { - RRCAST(nsec3param); + RRCAST(nsec3param); - return compose_binary_data("112b", 1, - rr->hash_algorithm, rr->flags, - rr->iterations, rr->salt); + return compose_binary_data("112b", 1, + rr->hash_algorithm, rr->flags, + rr->iterations, rr->salt); } struct rr_methods nsec3param_methods = { nsec3param_parse, nsec3param_human, nsec3param_wirerdata, NULL, NULL }; diff -pruN 0.8+git20160720-3.2/nsec.c 0.8+git20170804-0ubuntu3/nsec.c --- 0.8+git20160720-3.2/nsec.c 2016-02-04 14:14:15.000000000 +0000 +++ 0.8+git20170804-0ubuntu3/nsec.c 2017-08-04 14:27:44.000000000 +0000 @@ -1,18 +1,18 @@ /* * Part of DNS zone file validator `validns`. - 604800 NSEC example.com. NS DS RRSIG NSEC - 604800 RRSIG NSEC 10 3 604800 20130321184221 ( - 20130219184221 35615 example.com. - WWg7EiYoY8Hp593I2i5Mkl2ezg7YuAnq0y75 - oymTCuEfGwh4OxbMT/mWNqAFL5Y8f0YoQOOY - wZP0m/sGK/EJN7ulNsfQyULY4WsyHIGlKMwT - KdyDXJLrmrzlmRnGv7pFb0bo53n3osE0uFfH - yMQYOkQRYfqa4yWXF9Nl48dy67frtVih0foy - 9Mm76mmJSDUd/jGsYQmaoFGVU/a64rWapVQ9 - O/mXPqr6Pw2ZCHecsF4ElMEp41YqG1DfR5QR - khTjvTlg4aTKvgX1YuvDhjUygSHit47xn2NC - 2WwEZF+vYXT9DIUCMcKdVeb4bjWwUXbWNFqz - Ca3jb/mpOpUDFnrRPw== ) + 604800 NSEC example.com. NS DS RRSIG NSEC + 604800 RRSIG NSEC 10 3 604800 20130321184221 ( + 20130219184221 35615 example.com. + WWg7EiYoY8Hp593I2i5Mkl2ezg7YuAnq0y75 + oymTCuEfGwh4OxbMT/mWNqAFL5Y8f0YoQOOY + wZP0m/sGK/EJN7ulNsfQyULY4WsyHIGlKMwT + KdyDXJLrmrzlmRnGv7pFb0bo53n3osE0uFfH + yMQYOkQRYfqa4yWXF9Nl48dy67frtVih0foy + 9Mm76mmJSDUd/jGsYQmaoFGVU/a64rWapVQ9 + O/mXPqr6Pw2ZCHecsF4ElMEp41YqG1DfR5QR + khTjvTlg4aTKvgX1YuvDhjUygSHit47xn2NC + 2WwEZF+vYXT9DIUCMcKdVeb4bjWwUXbWNFqz + Ca3jb/mpOpUDFnrRPw== ) * * Copyright 2011-2014 Anton Berezin * Modified BSD license. @@ -35,114 +35,114 @@ static struct rr* nsec_parse(char *name, long ttl, int type, char *s) { struct rr_nsec *rr = getmem(sizeof(*rr)); - struct binary_data bitmap; - char *str_type = NULL; - int ltype; + struct binary_data bitmap; + char *str_type = NULL; + int ltype; rr->next_domain = extract_name(&s, "next domain", KEEP_CAPITALIZATION); - /* TODO: validate next_domain, http://tools.ietf.org/html/rfc4034#section-4.1.1 */ + /* TODO: validate next_domain, http://tools.ietf.org/html/rfc4034#section-4.1.1 */ - bitmap = new_set(); - while (s && *s) { - str_type = extract_label(&s, "type list", "temporary"); - if (!str_type) return NULL; - ltype = str2rdtype(str_type, NULL); - if (ltype < 0) - return NULL; - add_bit_to_set(&bitmap, ltype); - } - if (!s) - return NULL; - if (!str_type) { - return bitch("NSEC type list should not be empty"); - } - rr->type_bitmap = compressed_set(&bitmap); - G.dnssec_active = 1; + bitmap = new_set(); + while (s && *s) { + str_type = extract_label(&s, "type list", "temporary"); + if (!str_type) return NULL; + ltype = str2rdtype(str_type, NULL); + if (ltype < 0) + return NULL; + add_bit_to_set(&bitmap, ltype); + } + if (!s) + return NULL; + if (!str_type) { + return bitch("NSEC type list should not be empty"); + } + rr->type_bitmap = compressed_set(&bitmap); + G.dnssec_active = 1; return store_record(type, name, ttl, rr); } static char* nsec_human(struct rr *rrv) { - RRCAST(nsec); + RRCAST(nsec); char ss[1024]; - char *s = ss; - int l; - char *base; - int i, k; - int type; - char *type_name; + char *s = ss; + int l; + char *base; + int i, k; + int type; + char *type_name; l = snprintf(s, 1024, "%s", rr->next_domain); - s += l; - base = rr->type_bitmap.data; - while (base - rr->type_bitmap.data < rr->type_bitmap.length) { - for (i = 0; i < base[1]; i++) { - for (k = 0; k <= 7; k++) { - if (base[2+i] & (0x80 >> k)) { - type = ((unsigned char)base[0])*256 + i*8 + k; - type_name = rdtype2str(type); - l = snprintf(s, 1024-(s-ss), " %s", type_name); - s += l; - } - } - } - base += base[1]+2; - } + s += l; + base = rr->type_bitmap.data; + while (base - rr->type_bitmap.data < rr->type_bitmap.length) { + for (i = 0; i < base[1]; i++) { + for (k = 0; k <= 7; k++) { + if (base[2+i] & (0x80 >> k)) { + type = ((unsigned char)base[0])*256 + i*8 + k; + type_name = rdtype2str(type); + l = snprintf(s, 1024-(s-ss), " %s", type_name); + s += l; + } + } + } + base += base[1]+2; + } return quickstrdup_temp(ss); } static struct binary_data nsec_wirerdata(struct rr *rrv) { - RRCAST(nsec); + RRCAST(nsec); - return compose_binary_data("dd", 1, - name2wire_name(rr->next_domain), rr->type_bitmap); + return compose_binary_data("dd", 1, + name2wire_name(rr->next_domain), rr->type_bitmap); } static void* nsec_validate(struct rr *rrv) { - RRCAST(nsec); - struct named_rr *named_rr; + RRCAST(nsec); + struct named_rr *named_rr; - named_rr = rr->rr.rr_set->named_rr; - if (!check_typemap(rr->type_bitmap, named_rr, rrv)) - return NULL; + named_rr = rr->rr.rr_set->named_rr; + if (!check_typemap(rr->type_bitmap, named_rr, rrv)) + return NULL; - return rr; + return rr; } void validate_nsec_chain(void) { - struct rr_set *rr_set; - struct named_rr *named_rr; + struct rr_set *rr_set; + struct named_rr *named_rr; - rr_set = find_rr_set(T_NSEC, zone_apex); - if (!rr_set) { - named_rr = find_named_rr(zone_apex); - moan(named_rr->file_name, named_rr->line, "apex NSEC not found"); - return; - } - while (1) { - char name[1024]; - struct rr_nsec *rr = (struct rr_nsec *)rr_set->tail; - char *s, *t; - - if (strcasecmp(rr->next_domain, zone_apex) == 0) /* chain complete */ - break; - freeall_temp(); - s = rr->next_domain; - t = name; - while (*s) *t++ = tolower(*s++); - *t = 0; - rr_set = find_rr_set(T_NSEC, name); - if (!rr_set) { - moan(rr->rr.file_name, rr->rr.line, "broken NSEC chain %s -> %s", - rr->rr.rr_set->named_rr->name, rr->next_domain); - break; - } - } - freeall_temp(); + rr_set = find_rr_set(T_NSEC, zone_apex); + if (!rr_set) { + named_rr = find_named_rr(zone_apex); + moan(named_rr->file_name, named_rr->line, "apex NSEC not found"); + return; + } + while (1) { + char name[1024]; + struct rr_nsec *rr = (struct rr_nsec *)rr_set->tail; + char *s, *t; + + if (strcasecmp(rr->next_domain, zone_apex) == 0) /* chain complete */ + break; + freeall_temp(); + s = rr->next_domain; + t = name; + while (*s) *t++ = tolower(*s++); + *t = 0; + rr_set = find_rr_set(T_NSEC, name); + if (!rr_set) { + moan(rr->rr.file_name, rr->rr.line, "broken NSEC chain %s -> %s", + rr->rr.rr_set->named_rr->name, rr->next_domain); + break; + } + } + freeall_temp(); } struct rr_methods nsec_methods = { nsec_parse, nsec_human, nsec_wirerdata, NULL, nsec_validate }; diff -pruN 0.8+git20160720-3.2/ptr.c 0.8+git20170804-0ubuntu3/ptr.c --- 0.8+git20160720-3.2/ptr.c 2016-02-04 14:14:15.000000000 +0000 +++ 0.8+git20170804-0ubuntu3/ptr.c 2017-08-04 14:27:44.000000000 +0000 @@ -19,29 +19,29 @@ static struct rr *ptr_parse(char *name, long ttl, int type, char *s) { - struct rr_ptr *rr = getmem(sizeof(*rr)); + struct rr_ptr *rr = getmem(sizeof(*rr)); - rr->ptrdname = extract_name(&s, "name server domain name", 0); - if (!rr->ptrdname) - return NULL; - if (*s) { - return bitch("garbage after valid PTR data"); - } + rr->ptrdname = extract_name(&s, "name server domain name", 0); + if (!rr->ptrdname) + return NULL; + if (*s) { + return bitch("garbage after valid PTR data"); + } - return store_record(type, name, ttl, rr); + return store_record(type, name, ttl, rr); } static char* ptr_human(struct rr *rrv) { - RRCAST(ptr); + RRCAST(ptr); return rr->ptrdname; } static struct binary_data ptr_wirerdata(struct rr *rrv) { - RRCAST(ptr); - return name2wire_name(rr->ptrdname); + RRCAST(ptr); + return name2wire_name(rr->ptrdname); } struct rr_methods ptr_methods = { ptr_parse, ptr_human, ptr_wirerdata, NULL, NULL }; diff -pruN 0.8+git20160720-3.2/px.c 0.8+git20170804-0ubuntu3/px.c --- 0.8+git20160720-3.2/px.c 2016-02-04 14:14:15.000000000 +0000 +++ 0.8+git20170804-0ubuntu3/px.c 2017-08-04 14:27:44.000000000 +0000 @@ -19,45 +19,45 @@ static struct rr *px_parse(char *name, long ttl, int type, char *s) { - struct rr_px *rr = getmem(sizeof(*rr)); + struct rr_px *rr = getmem(sizeof(*rr)); - rr->preference = extract_integer(&s, "PX preference", NULL); - if (rr->preference < 0) - return NULL; + rr->preference = extract_integer(&s, "PX preference", NULL); + if (rr->preference < 0) + return NULL; - rr->map822 = extract_name(&s, "map822", 0); - if (!rr->map822) - return NULL; + rr->map822 = extract_name(&s, "map822", 0); + if (!rr->map822) + return NULL; - rr->mapx400 = extract_name(&s, "mapx400", 0); - if (!rr->mapx400) - return NULL; + rr->mapx400 = extract_name(&s, "mapx400", 0); + if (!rr->mapx400) + return NULL; - if (*s) { - return bitch("garbage after valid KX data"); - } + if (*s) { + return bitch("garbage after valid KX data"); + } - return store_record(type, name, ttl, rr); + return store_record(type, name, ttl, rr); } static char* px_human(struct rr *rrv) { - RRCAST(px); + RRCAST(px); char s[1024]; snprintf(s, 1024, "%d %s %s", - rr->preference, rr->map822, rr->mapx400); + rr->preference, rr->map822, rr->mapx400); return quickstrdup_temp(s); } static struct binary_data px_wirerdata(struct rr *rrv) { - RRCAST(px); + RRCAST(px); return compose_binary_data("2dd", 1, - rr->preference, - name2wire_name(rr->map822), - name2wire_name(rr->mapx400)); + rr->preference, + name2wire_name(rr->map822), + name2wire_name(rr->mapx400)); } struct rr_methods px_methods = { px_parse, px_human, px_wirerdata, NULL, NULL }; diff -pruN 0.8+git20160720-3.2/rp.c 0.8+git20170804-0ubuntu3/rp.c --- 0.8+git20160720-3.2/rp.c 2016-02-04 14:14:15.000000000 +0000 +++ 0.8+git20170804-0ubuntu3/rp.c 2017-08-04 14:27:44.000000000 +0000 @@ -20,26 +20,26 @@ static struct rr *rp_parse(char *name, long ttl, int type, char *s) { - struct rr_rp *rr = getmem(sizeof(*rr)); + struct rr_rp *rr = getmem(sizeof(*rr)); - rr->mbox_dname = extract_name(&s, "mbox domain name", 0); - if (!rr->mbox_dname) - return NULL; + rr->mbox_dname = extract_name(&s, "mbox domain name", 0); + if (!rr->mbox_dname) + return NULL; - rr->txt_dname = extract_name(&s, "txt domain name", 0); - if (!rr->txt_dname) - return NULL; + rr->txt_dname = extract_name(&s, "txt domain name", 0); + if (!rr->txt_dname) + return NULL; - if (*s) { - return bitch("garbage after valid RP data"); - } + if (*s) { + return bitch("garbage after valid RP data"); + } - return store_record(type, name, ttl, rr); + return store_record(type, name, ttl, rr); } static char* rp_human(struct rr *rrv) { - RRCAST(rp); + RRCAST(rp); char s[1024]; snprintf(s, 1024, "\"%s\" \"%s\"", rr->mbox_dname, rr->txt_dname); @@ -48,24 +48,24 @@ static char* rp_human(struct rr *rrv) static struct binary_data rp_wirerdata(struct rr *rrv) { - RRCAST(rp); + RRCAST(rp); - return compose_binary_data("dd", 1, - name2wire_name(rr->mbox_dname), - name2wire_name(rr->txt_dname)); + return compose_binary_data("dd", 1, + name2wire_name(rr->mbox_dname), + name2wire_name(rr->txt_dname)); } static void *rp_validate(struct rr *rrv) { - RRCAST(rp); + RRCAST(rp); - if (G.opt.policy_checks[POLICY_RP_TXT_EXISTS]) { - if (name_belongs_to_zone(rr->txt_dname) && !find_rr_set(T_TXT, rr->txt_dname)) { - return moan(rr->rr.file_name, rr->rr.line, "%s RP TXT %s does not exist", - rr->rr.rr_set->named_rr->name, rr->txt_dname); - } - } - return NULL; + if (G.opt.policy_checks[POLICY_RP_TXT_EXISTS]) { + if (name_belongs_to_zone(rr->txt_dname) && !find_rr_set(T_TXT, rr->txt_dname)) { + return moan(rr->rr.file_name, rr->rr.line, "%s RP TXT %s does not exist", + rr->rr.rr_set->named_rr->name, rr->txt_dname); + } + } + return NULL; } struct rr_methods rp_methods = { rp_parse, rp_human, rp_wirerdata, NULL, rp_validate }; diff -pruN 0.8+git20160720-3.2/rr.c 0.8+git20170804-0ubuntu3/rr.c --- 0.8+git20160720-3.2/rr.c 2016-02-04 14:14:15.000000000 +0000 +++ 0.8+git20170804-0ubuntu3/rr.c 2017-08-04 14:27:44.000000000 +0000 @@ -20,859 +20,899 @@ #include "cbtree.h" static char* rdtype2str_map[T_MAX+1] = { - "0", - "A", - "NS", - "MD", - "MF", - "CNAME", /* 5 */ - "SOA", - "MB", - "MG", - "MR", - "NULL", /* 10 */ - "WKS", - "PTR", - "HINFO", - "MINFO", - "MX", /* 15 */ - "TXT", - "RP", - "AFSDB", - "X25", - "ISDN", /* 20 */ - "RT", - "NSAP", - "NSAP-PTR", - "SIG", - "KEY", /* 25 */ - "PX", - "GPOS", - "AAAA", - "LOC", - "NXT", /* 30 */ - "EID", - "NIMLOC", - "SRV", - "ATMA", - "NAPTR", /* 35 */ - "KX", - "CERT", - "A6", - "DNAME", - "SINK", /* 40 */ - "OPT", - "APL", - "DS", - "SSHFP", - "IPSECKEY", /* 45 */ - "RRSIG", - "NSEC", - "DNSKEY", - "DHCID", - "NSEC3", /* 50 */ - "NSEC3PARAM", - "TLSA", - 0, 0, 0, 0, 0, 0, 0, 0, /* 60 */ - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 70 */ - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 80 */ - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 90 */ - 0, 0, 0, 0, 0, 0, 0, 0, - "SPF", - 0, /* 100 */ - 0, 0, 0, - "NID", - "L32", - "L64", - "LP", + "0", + "A", + "NS", + "MD", + "MF", + "CNAME", /* 5 */ + "SOA", + "MB", + "MG", + "MR", + "NULL", /* 10 */ + "WKS", + "PTR", + "HINFO", + "MINFO", + "MX", /* 15 */ + "TXT", + "RP", + "AFSDB", + "X25", + "ISDN", /* 20 */ + "RT", + "NSAP", + "NSAP-PTR", + "SIG", + "KEY", /* 25 */ + "PX", + "GPOS", + "AAAA", + "LOC", + "NXT", /* 30 */ + "EID", + "NIMLOC", + "SRV", + "ATMA", + "NAPTR", /* 35 */ + "KX", + "CERT", + "A6", + "DNAME", + "SINK", /* 40 */ + "OPT", + "APL", + "DS", + "SSHFP", + "IPSECKEY", /* 45 */ + "RRSIG", + "NSEC", + "DNSKEY", + "DHCID", + "NSEC3", /* 50 */ + "NSEC3PARAM", + "TLSA", + "SMIMEA", + 0, 0, 0, 0, 0, + "CDS", + "CDNSKEY", /* 60 */ + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 70 */ + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 80 */ + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 90 */ + 0, 0, 0, 0, 0, 0, 0, 0, + "SPF", + 0, /* 100 */ + 0, 0, 0, + "NID", + "L32", + "L64", + "LP", + 0, 0, 0, /* 110 */ + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 120 */ + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 130 */ + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 140 */ + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 150 */ + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 160 */ + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 170 */ + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 180 */ + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 190 */ + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 200 */ + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 210 */ + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 220 */ + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 230 */ + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 240 */ + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 250 */ + 0, 0, 0, 0, 0, 0, + "CAA", + 0, 0, 0, /* 260 */ }; struct cbtree zone_data = {NULL}; char *zone_apex = NULL; int zone_apex_l = 0; +int rr_counts[T_MAX+1]; char *rdtype2str(int type) { - char s[10]; - char *r; - if (type < 0 || type > 65535) { - return "???"; - } - if (type > T_MAX) { - sprintf(s, "TYPE%d", type); - return quickstrdup_temp(s); - } - r = rdtype2str_map[type]; - if (r) return r; - if (type == 32769) { - return rdtype2str_map[type] = "DLV"; - } - sprintf(s, "TYPE%d", type); - return quickstrdup_temp(s); + char s[10]; + char *r; + if (type < 0 || type > 65535) { + return "???"; + } + if (type > T_MAX) { + sprintf(s, "TYPE%d", type); + return quickstrdup_temp(s); + } + r = rdtype2str_map[type]; + if (r) return r; + if (type == 32769) { + return rdtype2str_map[type] = "DLV"; + } + sprintf(s, "TYPE%d", type); + return quickstrdup_temp(s); } static unsigned char *name2findable_name(char *s) { - int l = strlen(s); - unsigned char *res = getmem_temp(l+1); - unsigned char *r = res; - int i; - - if (l > 0 && s[l-1] == '.') - l--; - while (--l >= 0) { - i = l; - while (i >= 0 && s[i] != '.') - i--; - memcpy(r, s+i+1, l-i); - r += l-i; - *r = '\x01'; - r++; - l = i; - } - if (r > res) r--; - *r = 0; - return res; + int l = strlen(s); + unsigned char *res = getmem_temp(l+1); + unsigned char *r = res; + int i; + + if (l > 0 && s[l-1] == '.') + l--; + while (--l >= 0) { + i = l; + while (i >= 0 && s[i] != '.') + i--; + memcpy(r, s+i+1, l-i); + r += l-i; + *r = '\x01'; + r++; + l = i; + } + if (r > res) r--; + *r = 0; + return res; } struct binary_data name2wire_name(char *s) { - unsigned char *res = getmem_temp(strlen(s)+2); - unsigned char *r = res; - unsigned char *c = res; - struct binary_data toret; - - r++; - *c = 0; - while (*s) { - if (*s != '.') { - *r++ = *s++; - } else { - *c = (unsigned char)(r-c-1); - c = r; - *c = 0; - r++; - s++; - } - } - *c = (unsigned char)(r-c-1); - toret.length = r-res; - toret.data = (char*)res; - if (toret.length == 2) /* "." is just 00, not 00 00 */ - toret.length = 1; - return toret; + unsigned char *res = getmem_temp(strlen(s)+2); + unsigned char *r = res; + unsigned char *c = res; + struct binary_data toret; + + r++; + *c = 0; + while (*s) { + if (*s != '.') { + *r++ = *s++; + } else { + *c = (unsigned char)(r-c-1); + c = r; + *c = 0; + r++; + s++; + } + } + *c = (unsigned char)(r-c-1); + toret.length = r-res; + toret.data = (char*)res; + if (toret.length == 2) /* "." is just 00, not 00 00 */ + toret.length = 1; + return toret; } static struct named_rr *find_or_create_named_rr(char *name) { - struct named_rr *named_rr = find_named_rr(name); + struct named_rr *named_rr = find_named_rr(name); - if (!named_rr) { - struct named_rr **named_rr_slot; - char *s; - - named_rr = getmem(sizeof(struct named_rr)); - named_rr->name = quickstrdup(name); - named_rr->rr_sets = NULL; - named_rr->line = file_info->line; - named_rr->file_name = file_info->name; - named_rr->flags = 0; - named_rr->parent = NULL; - - if (strchr(name, '/') != NULL) - named_rr->flags |= NAME_FLAG_CONTAINS_SLASH; - - named_rr_slot = (void *)cbtree_insert(&zone_data, (char *)name2findable_name(name)); - if (!named_rr_slot) - croak(2, "find_or_create_named_rr: tree insertion failed"); - if (*named_rr_slot) - croak(3, "find_or_create_named_rr: assertion error, %s should not be there", name); - *named_rr_slot = named_rr; - G.stats.names_count++; - - s = strchr(name, '.'); - if (s && s[1] != '\0') { - named_rr->parent = find_or_create_named_rr(s+1); - } - } + if (!named_rr) { + struct named_rr **named_rr_slot; + char *s; + + named_rr = getmem(sizeof(struct named_rr)); + named_rr->name = quickstrdup(name); + named_rr->rr_sets = NULL; + named_rr->line = file_info->line; + named_rr->file_name = file_info->name; + named_rr->flags = 0; + named_rr->parent = NULL; + + if (strchr(name, '/') != NULL) + named_rr->flags |= NAME_FLAG_CONTAINS_SLASH; + + named_rr_slot = (void *)cbtree_insert(&zone_data, (char *)name2findable_name(name)); + if (!named_rr_slot) + croak(2, "find_or_create_named_rr: tree insertion failed"); + if (*named_rr_slot) + croak(3, "find_or_create_named_rr: assertion error, %s should not be there", name); + *named_rr_slot = named_rr; + G.stats.names_count++; + + s = strchr(name, '.'); + if (s && s[1] != '\0') { + named_rr->parent = find_or_create_named_rr(s+1); + } + } - return named_rr; + return named_rr; } static struct rr_set *find_or_create_rr_set(struct named_rr *named_rr, int rdtype) { - struct rr_set *rr_set = find_rr_set_in_named_rr(named_rr, rdtype); - if (!rr_set) { - struct rr_set **rr_set_slot; - - rr_set = getmem(sizeof(struct rr_set)); - rr_set->head = NULL; - rr_set->tail = NULL; - rr_set->named_rr = named_rr; - rr_set->rdtype = rdtype; - rr_set->count = 0; - - JLI(rr_set_slot, named_rr->rr_sets, rdtype); - if (rr_set_slot == PJERR) - croak(2, "find_or_create_rr_set: JLI failed"); - if (*rr_set_slot) - croak(3, "find_or_create_rr_set: assertion error, %s/%s should not be there", - named_rr->name, rdtype2str(rdtype)); - *rr_set_slot = rr_set; - G.stats.rrset_count++; - } - return rr_set; + struct rr_set *rr_set = find_rr_set_in_named_rr(named_rr, rdtype); + if (!rr_set) { + struct rr_set **rr_set_slot; + + rr_set = getmem(sizeof(struct rr_set)); + rr_set->head = NULL; + rr_set->tail = NULL; + rr_set->named_rr = named_rr; + rr_set->rdtype = rdtype; + rr_set->count = 0; + + JLI(rr_set_slot, named_rr->rr_sets, rdtype); + if (rr_set_slot == PJERR) + croak(2, "find_or_create_rr_set: JLI failed"); + if (*rr_set_slot) + croak(3, "find_or_create_rr_set: assertion error, %s/%s should not be there", + named_rr->name, rdtype2str(rdtype)); + *rr_set_slot = rr_set; + G.stats.rrset_count++; + } + return rr_set; } int name_belongs_to_zone(const char *name) { - int name_l; + int name_l; - name_l = strlen(name); - if (zone_apex && name_l >= zone_apex_l) { - if (strcmp(zone_apex, name+name_l-zone_apex_l) != 0) { - return 0; - } else if (name_l > zone_apex_l && name[name_l-zone_apex_l-1] != '.') { - return 0; - } - } else { - if (zone_apex) { - return 0; - } else { - // XXX this is actually very bad, zone apex is not know - return 0; - } - } - return 1; + name_l = strlen(name); + if (zone_apex && name_l >= zone_apex_l) { + if (strcmp(zone_apex, name+name_l-zone_apex_l) != 0) { + return 0; + } else if (name_l > zone_apex_l && name[name_l-zone_apex_l-1] != '.') { + return 0; + } + } else { + if (zone_apex) { + return 0; + } else { + // XXX this is actually very bad, zone apex is not know + return 0; + } + } + return 1; } struct binary_data call_get_wired(struct rr *rr) { - rr_wire_func get_wired; + rr_wire_func get_wired; - if (rr->rdtype > T_MAX || rr->is_generic) - get_wired = any_wirerdata; - else - get_wired = rr_methods[rr->rdtype].rr_wire; - if (!get_wired) return bad_binary_data(); - return get_wired(rr); + if (rr->rdtype > T_MAX || rr->is_generic) + get_wired = any_wirerdata; + else + get_wired = rr_methods[rr->rdtype].rr_wire; + if (!get_wired) return bad_binary_data(); + return get_wired(rr); } struct rr *store_record(int rdtype, char *name, long ttl, void *rrptr) { - struct rr *rr = rrptr; - struct named_rr *named_rr; - struct rr_set *rr_set; - int name_l; - int apex_assigned = 0; - int is_generic = 0; - - if (rdtype < 0) { - rdtype = -rdtype; - is_generic = 1; - } - name_l = strlen(name); - if (name_l > 511) - return bitch("name is too long: %s", name); - - if (G.stats.rr_count == 0) { - if (rdtype != T_SOA) { - return bitch("the first record in the zone must be an SOA record"); - } else { - zone_apex = name; - zone_apex_l = name_l; - apex_assigned = 1; - } - } - if (zone_apex && name_l >= zone_apex_l) { - if (strcmp(zone_apex, name+name_l-zone_apex_l) != 0) { - return bitch("%s does not belong to zone %s", name, zone_apex); - } else if (name_l > zone_apex_l && name[name_l-zone_apex_l-1] != '.') { - return bitch("%s does not belong to zone %s", name, zone_apex); - } - } else { - if (zone_apex) { - return bitch("%s does not belong to zone %s", name, zone_apex); - } else { - croakx(3, "assertion error: %s does not belong to a zone", name); - } - } - - named_rr = find_or_create_named_rr(name); - if (apex_assigned) { - named_rr->flags |= NAME_FLAG_APEX; - } - rr_set = find_or_create_rr_set(named_rr, rdtype); - - rr->rdtype = rdtype; - rr->ttl = ttl; - rr->line = file_info->line; - rr->file_name = file_info->name; - rr->is_generic = is_generic; - - if (rr_set->count > 0) { - struct binary_data new_d, old_d; - struct rr *old_rr; - - new_d = call_get_wired(rr); - if (new_d.length < 0) goto after_dup_check; - - old_rr = rr_set->tail; - while (old_rr) { - old_d = call_get_wired(old_rr); - if (old_d.length == new_d.length && - memcmp(old_d.data, new_d.data, old_d.length) == 0) - { - G.stats.skipped_dup_rr_count++; - return old_rr; - } - old_rr = old_rr->next; - } - } + struct rr *rr = rrptr; + struct named_rr *named_rr; + struct rr_set *rr_set; + int name_l; + int apex_assigned = 0; + int is_generic = 0; + + if (rdtype < 0) { + rdtype = -rdtype; + is_generic = 1; + } + name_l = strlen(name); + if (name_l > 511) + return bitch("name is too long: %s", name); + + if (G.stats.rr_count == 0) { + if (rdtype != T_SOA) { + return bitch("the first record in the zone must be an SOA record"); + } else { + zone_apex = name; + zone_apex_l = name_l; + apex_assigned = 1; + } + } + if (zone_apex && name_l >= zone_apex_l) { + if (strcmp(zone_apex, name+name_l-zone_apex_l) != 0) { + return bitch("%s does not belong to zone %s", name, zone_apex); + } else if (name_l > zone_apex_l && name[name_l-zone_apex_l-1] != '.') { + return bitch("%s does not belong to zone %s", name, zone_apex); + } + } else { + if (zone_apex) { + return bitch("%s does not belong to zone %s", name, zone_apex); + } else { + croakx(3, "assertion error: %s does not belong to a zone", name); + } + } + + named_rr = find_or_create_named_rr(name); + if (apex_assigned) { + named_rr->flags |= NAME_FLAG_APEX; + } + rr_set = find_or_create_rr_set(named_rr, rdtype); + + rr->rdtype = rdtype; + rr->ttl = ttl; + rr->line = file_info->line; + rr->file_name = file_info->name; + rr->is_generic = is_generic; + + if (rr_set->count > 0) { + struct binary_data new_d, old_d; + struct rr *old_rr; + + new_d = call_get_wired(rr); + if (new_d.length < 0) goto after_dup_check; + + old_rr = rr_set->tail; + while (old_rr) { + old_d = call_get_wired(old_rr); + if (old_d.length == new_d.length && + memcmp(old_d.data, new_d.data, old_d.length) == 0) + { + G.stats.skipped_dup_rr_count++; + return old_rr; + } + old_rr = old_rr->next; + } + } after_dup_check: - if (rdtype == T_SOA) { - if (G.stats.soa_rr_count++) { - return bitch("there could only be one SOA in a zone"); - } - } - - rr->rr_set = rr_set; - rr->next = NULL; - rr->prev = rr_set->head; - rr_set->head = rr; - if (rr->prev) - rr->prev->next = rr; - if (!rr_set->tail) - rr_set->tail = rr; - - rr_set->count++; - - if (G.opt.verbose) { - char *rdata; - if (rdtype > T_MAX) - rdata = any_human(rr); - else - rdata = rr_methods[rdtype].rr_human(rr); - fprintf(stderr, "-> %s:%d: %s IN %ld %s", - file_info->name, file_info->line, - name, ttl, rdtype2str(rdtype)); - if (rdata) { - fprintf(stderr, " %s\n", rdata); - } else { - fprintf(stderr, "\n"); - } - } + if (rdtype == T_SOA) { + if (G.stats.soa_rr_count++) { + return bitch("there could only be one SOA in a zone"); + } + } + + rr->rr_set = rr_set; + rr->next = NULL; + rr->prev = rr_set->head; + rr_set->head = rr; + if (rr->prev) + rr->prev->next = rr; + if (!rr_set->tail) + rr_set->tail = rr; + + rr_set->count++; + + if (G.opt.verbose) { + char *rdata; + if (rdtype > T_MAX) + rdata = any_human(rr); + else + rdata = rr_methods[rdtype].rr_human(rr); + fprintf(stderr, "-> %s:%d: %s IN %ld %s", + file_info->name, file_info->line, + name, ttl, rdtype2str(rdtype)); + if (rdata) { + fprintf(stderr, " %s\n", rdata); + } else { + fprintf(stderr, "\n"); + } + } - G.stats.rr_count++; - named_rr->flags |= NAME_FLAG_HAS_RECORDS; + G.stats.rr_count++; + named_rr->flags |= NAME_FLAG_HAS_RECORDS; - return rr; + return rr; } struct named_rr *find_named_rr(char *name) { - struct named_rr **named_rr_slot; + struct named_rr **named_rr_slot; - named_rr_slot = (void*) cbtree_find(&zone_data, (char *)name2findable_name(name)); - if (named_rr_slot) - return *named_rr_slot; - return NULL; + named_rr_slot = (void*) cbtree_find(&zone_data, (char *)name2findable_name(name)); + if (named_rr_slot) + return *named_rr_slot; + return NULL; } struct named_rr *find_next_named_rr(struct named_rr *named_rr) { - struct named_rr *res; + struct named_rr *res; - if (cbtree_next(&zone_data, (char *)name2findable_name(named_rr->name), (intptr_t *)&res) == NULL) - return NULL; + if (cbtree_next(&zone_data, (char *)name2findable_name(named_rr->name), (intptr_t *)&res) == NULL) + return NULL; - return res; + return res; } struct rr_set *find_rr_set(int rdtype, char *name) { - struct named_rr *named_rr; + struct named_rr *named_rr; - named_rr = find_named_rr(name); - if (!named_rr) - return NULL; + named_rr = find_named_rr(name); + if (!named_rr) + return NULL; - return find_rr_set_in_named_rr(named_rr, rdtype); + return find_rr_set_in_named_rr(named_rr, rdtype); } struct rr_set *find_rr_set_in_named_rr(struct named_rr *named_rr, int rdtype) { - struct rr_set **rr_set_slot; + struct rr_set **rr_set_slot; - JLG(rr_set_slot, named_rr->rr_sets, rdtype); - if (rr_set_slot) - return *rr_set_slot; - return NULL; + JLG(rr_set_slot, named_rr->rr_sets, rdtype); + if (rr_set_slot) + return *rr_set_slot; + return NULL; } uint32_t get_rr_set_count(struct named_rr *named_rr) { - uint32_t count; - JLC(count, named_rr->rr_sets, 0, -1); - return count; + uint32_t count; + JLC(count, named_rr->rr_sets, 0, -1); + return count; } struct rr *rr_parse_any(char *name, long ttl, int type, char *s) { - struct rr_any *rr = getmem(sizeof(*rr)); - long long len; + struct rr_any *rr = getmem(sizeof(*rr)); + long long len; - if (*s++ != '\\') { + if (*s++ != '\\') { invalid: - return bitch("invalid custom type rdata"); - } - if (*s++ != '#') - goto invalid; - if (*s && !isspace(*s) && *s != ';' && *s != ')') - goto invalid; - s = skip_white_space(s); - if (!s) return NULL; - - len = extract_integer(&s, "custom data size", NULL); - if (len < 0) return NULL; - if (len > 65535) goto invalid; - - rr->data = extract_hex_binary_data(&s, "custom data", EXTRACT_EAT_WHITESPACE); - if (rr->data.length < 0) return NULL; - if (rr->data.length != len) - return bitch("custom data is longer than specified"); - - if (*s) { - return bitch("garbage after valid %s data", rdtype2str(type)); - } + return bitch("invalid custom type rdata"); + } + if (*s++ != '#') + goto invalid; + if (*s && !isspace(*s) && *s != ';' && *s != ')') + goto invalid; + s = skip_white_space(s); + if (!s) return NULL; + + len = extract_integer(&s, "custom data size", NULL); + if (len < 0) return NULL; + if (len > 65535) goto invalid; + + rr->data = extract_hex_binary_data(&s, "custom data", EXTRACT_EAT_WHITESPACE); + if (rr->data.length < 0) return NULL; + if (rr->data.length != len) + return bitch("custom data is longer than specified"); + + if (*s) { + return bitch("garbage after valid %s data", rdtype2str(type)); + } - return store_record(-type, name, ttl, rr); + return store_record(-type, name, ttl, rr); } char* any_human(struct rr *rrv) { - RRCAST(any); - char buf[80]; + RRCAST(any); + char buf[80]; - sprintf(buf, "\\# %d ...", rr->data.length); - return quickstrdup_temp(buf); + sprintf(buf, "\\# %d ...", rr->data.length); + return quickstrdup_temp(buf); } struct binary_data any_wirerdata(struct rr *rrv) { - RRCAST(any); + RRCAST(any); - return compose_binary_data("d", 1, rr->data); + return compose_binary_data("d", 1, rr->data); } struct rr_methods unknown_methods = { NULL, any_human, any_wirerdata, NULL, NULL }; int str2rdtype(char *rdtype, int *is_generic) { - if (!rdtype) return -1; - if (is_generic) *is_generic = 0; - switch (*rdtype) { - case 'a': - if (strcmp(rdtype, "a") == 0) { - return T_A; - } else if (strcmp(rdtype, "aaaa") == 0) { - return T_AAAA; - } else if (strcmp(rdtype, "afsdb") == 0) { - return T_AFSDB; - } - break; - case 'c': - if (strcmp(rdtype, "cname") == 0) { - return T_CNAME; - } else if (strcmp(rdtype, "cert") == 0) { - return T_CERT; - } - break; - case 'd': - if (strcmp(rdtype, "ds") == 0) { - return T_DS; - } else if (strcmp(rdtype, "dnskey") == 0) { - return T_DNSKEY; - } else if (strcmp(rdtype, "dname") == 0) { - return T_DNAME; - } else if (strcmp(rdtype, "dlv") == 0) { - return T_DLV; - } else if (strcmp(rdtype, "dhcid") == 0) { - return T_DHCID; - } - break; - case 'h': - if (strcmp(rdtype, "hinfo") == 0) { - return T_HINFO; - } - break; - case 'i': - if (strcmp(rdtype, "ipseckey") == 0) { - return T_IPSECKEY; - } else if (strcmp(rdtype, "isdn") == 0) { - return T_ISDN; - } - break; - case 'k': - if (strcmp(rdtype, "kx") == 0) { - return T_KX; - } - break; - case 'l': - if (strcmp(rdtype, "loc") == 0) { - return T_LOC; - } else if (strcmp(rdtype, "l32") == 0) { - return T_L32; - } else if (strcmp(rdtype, "l64") == 0) { - return T_L64; - } else if (strcmp(rdtype, "lp") == 0) { - return T_LP; - } - break; - case 'm': - if (strcmp(rdtype, "mx") == 0) { - return T_MX; - } else if (strcmp(rdtype, "mb") == 0) { - return T_MB; - } else if (strcmp(rdtype, "mg") == 0) { - return T_MG; - } else if (strcmp(rdtype, "minfo") == 0) { - return T_MINFO; - } else if (strcmp(rdtype, "mr") == 0) { - return T_MR; - } - break; - case 'n': - if (strcmp(rdtype, "ns") == 0) { - return T_NS; - } else if (strcmp(rdtype, "naptr") == 0) { - return T_NAPTR; - } else if (strcmp(rdtype, "nsec") == 0) { - return T_NSEC; - } else if (strcmp(rdtype, "nsec3") == 0) { - return T_NSEC3; - } else if (strcmp(rdtype, "nid") == 0) { - return T_NID; - } else if (strcmp(rdtype, "nsec3param") == 0) { - return T_NSEC3PARAM; - } else if (strcmp(rdtype, "nsap") == 0) { - return T_NSAP; - } - break; - case 'p': - if (strcmp(rdtype, "ptr") == 0) { - return T_PTR; - } else if (strcmp(rdtype, "px") == 0) { - return T_PX; - } - break; - case 'r': - if (strcmp(rdtype, "rrsig") == 0) { - return T_RRSIG; - } else if (strcmp(rdtype, "rp") == 0) { - return T_RP; - } else if (strcmp(rdtype, "rt") == 0) { - return T_RT; - } - break; - case 's': - if (strcmp(rdtype, "soa") == 0) { - return T_SOA; - } else if (strcmp(rdtype, "srv") == 0) { - return T_SRV; - } else if (strcmp(rdtype, "spf") == 0) { - return T_SPF; - } else if (strcmp(rdtype, "sshfp") == 0) { - return T_SSHFP; - } - break; - case 't': - if (strcmp(rdtype, "txt") == 0) { - return T_TXT; - } else if (strcmp(rdtype, "tlsa") == 0) { - return T_TLSA; - } else if (strncmp(rdtype, "type", 4) == 0) { - long type = strtol(rdtype+4, NULL, 10); - if (is_generic) *is_generic = 1; - if (type <= 0 || type > 65535) - bitch("invalid rdtype %s", rdtype); - return type; - } - break; - case 'x': - if (strcmp(rdtype, "x25") == 0) { - return T_X25; - } - break; - } - bitch("invalid or unsupported rdtype %s", rdtype); - return -1; + if (!rdtype) return -1; + if (is_generic) *is_generic = 0; + switch (*rdtype) { + case 'a': + if (strcmp(rdtype, "a") == 0) { + return T_A; + } else if (strcmp(rdtype, "aaaa") == 0) { + return T_AAAA; + } else if (strcmp(rdtype, "afsdb") == 0) { + return T_AFSDB; + } + break; + case 'c': + if (strcmp(rdtype, "cname") == 0) { + return T_CNAME; + } else if (strcmp(rdtype, "cert") == 0) { + return T_CERT; + } else if (strcmp(rdtype, "caa") == 0) { + return T_CAA; + } else if (strcmp(rdtype, "cds") == 0) { + return T_CDS; + } else if (strcmp(rdtype, "cdnskey") == 0) { + return T_CDNSKEY; + } + break; + case 'd': + if (strcmp(rdtype, "ds") == 0) { + return T_DS; + } else if (strcmp(rdtype, "dnskey") == 0) { + return T_DNSKEY; + } else if (strcmp(rdtype, "dname") == 0) { + return T_DNAME; + } else if (strcmp(rdtype, "dlv") == 0) { + return T_DLV; + } else if (strcmp(rdtype, "dhcid") == 0) { + return T_DHCID; + } + break; + case 'h': + if (strcmp(rdtype, "hinfo") == 0) { + return T_HINFO; + } + break; + case 'i': + if (strcmp(rdtype, "ipseckey") == 0) { + return T_IPSECKEY; + } else if (strcmp(rdtype, "isdn") == 0) { + return T_ISDN; + } + break; + case 'k': + if (strcmp(rdtype, "kx") == 0) { + return T_KX; + } + break; + case 'l': + if (strcmp(rdtype, "loc") == 0) { + return T_LOC; + } else if (strcmp(rdtype, "l32") == 0) { + return T_L32; + } else if (strcmp(rdtype, "l64") == 0) { + return T_L64; + } else if (strcmp(rdtype, "lp") == 0) { + return T_LP; + } + break; + case 'm': + if (strcmp(rdtype, "mx") == 0) { + return T_MX; + } else if (strcmp(rdtype, "mb") == 0) { + return T_MB; + } else if (strcmp(rdtype, "mg") == 0) { + return T_MG; + } else if (strcmp(rdtype, "minfo") == 0) { + return T_MINFO; + } else if (strcmp(rdtype, "mr") == 0) { + return T_MR; + } + break; + case 'n': + if (strcmp(rdtype, "ns") == 0) { + return T_NS; + } else if (strcmp(rdtype, "naptr") == 0) { + return T_NAPTR; + } else if (strcmp(rdtype, "nsec") == 0) { + return T_NSEC; + } else if (strcmp(rdtype, "nsec3") == 0) { + return T_NSEC3; + } else if (strcmp(rdtype, "nid") == 0) { + return T_NID; + } else if (strcmp(rdtype, "nsec3param") == 0) { + return T_NSEC3PARAM; + } else if (strcmp(rdtype, "nsap") == 0) { + return T_NSAP; + } + break; + case 'p': + if (strcmp(rdtype, "ptr") == 0) { + return T_PTR; + } else if (strcmp(rdtype, "px") == 0) { + return T_PX; + } + break; + case 'r': + if (strcmp(rdtype, "rrsig") == 0) { + return T_RRSIG; + } else if (strcmp(rdtype, "rp") == 0) { + return T_RP; + } else if (strcmp(rdtype, "rt") == 0) { + return T_RT; + } + break; + case 's': + if (strcmp(rdtype, "soa") == 0) { + return T_SOA; + } else if (strcmp(rdtype, "srv") == 0) { + return T_SRV; + } else if (strcmp(rdtype, "spf") == 0) { + return T_SPF; + } else if (strcmp(rdtype, "sshfp") == 0) { + return T_SSHFP; + } else if (strcmp(rdtype, "smimea") == 0) { + return T_SMIMEA; + } + break; + case 't': + if (strcmp(rdtype, "txt") == 0) { + return T_TXT; + } else if (strcmp(rdtype, "tlsa") == 0) { + return T_TLSA; + } else if (strncmp(rdtype, "type", 4) == 0) { + long type = strtol(rdtype+4, NULL, 10); + if (is_generic) *is_generic = 1; + if (type <= 0 || type > 65535) + bitch("invalid rdtype %s", rdtype); + return type; + } + break; + case 'x': + if (strcmp(rdtype, "x25") == 0) { + return T_X25; + } + break; + } + bitch("invalid or unsupported rdtype %s", rdtype); + return -1; } void validate_rrset(struct rr_set *rr_set) { - struct rr *rr; - int ttl; + struct rr *rr; + int ttl; - /* This can happen when rr_set was allocated but - * nothing was added to it due to an error. */ - if (rr_set->count == 0) return; - rr = rr_set->tail; - if (!rr) { - croakx(4, "assertion failed: %s %s is null, but count is %d", - rdtype2str(rr_set->rdtype), rr_set->named_rr->name, - rr_set->count); - } - if (rr_set->rdtype < T_MAX && rr_methods[rr_set->rdtype].rr_validate_set) - rr_methods[rr_set->rdtype].rr_validate_set(rr_set); - ttl = rr->ttl; - - while (rr) { - validate_record(rr); - if (ttl != rr->ttl) { - if (rr->rdtype != T_RRSIG) /* RRSIG is an exception */ - moan(rr->file_name, rr->line, "TTL values differ within an RR set"); - } - rr = rr->next; - } + /* This can happen when rr_set was allocated but + * nothing was added to it due to an error. */ + if (rr_set->count == 0) return; + rr = rr_set->tail; + if (!rr) { + croakx(4, "assertion failed: %s %s is null, but count is %d", + rdtype2str(rr_set->rdtype), rr_set->named_rr->name, + rr_set->count); + } + if (rr_set->rdtype < T_MAX && rr_methods[rr_set->rdtype].rr_validate_set) + rr_methods[rr_set->rdtype].rr_validate_set(rr_set); + ttl = rr->ttl; + + while (rr) { + validate_record(rr); + if (ttl != rr->ttl) { + if (rr->rdtype != T_RRSIG) /* RRSIG is an exception */ + moan(rr->file_name, rr->line, "TTL values differ within an RR set"); + } + rr = rr->next; + } } void debug(struct named_rr *named_rr, char *s) { - fprintf(stderr, "%s %s", s, named_rr->name); - if ((named_rr->flags & NAME_FLAG_APEX)) - fprintf(stderr, ", apex"); - if ((named_rr->flags & NAME_FLAG_HAS_RECORDS)) - fprintf(stderr, ", has records"); - if ((named_rr->flags & NAME_FLAG_DELEGATION)) - fprintf(stderr, ", delegation"); - if ((named_rr->flags & NAME_FLAG_NOT_AUTHORITATIVE)) - fprintf(stderr, ", not auth"); - if ((named_rr->flags & NAME_FLAG_NSEC3_ONLY)) - fprintf(stderr, ", nsec3 only"); - if ((named_rr->flags & NAME_FLAG_KIDS_WITH_RECORDS)) - fprintf(stderr, ", kid records"); - if ((named_rr->flags & NAME_FLAG_SIGNED_DELEGATION)) - fprintf(stderr, ", signed delegation"); - if ((named_rr->flags & NAME_FLAG_APEX_PARENT)) - fprintf(stderr, ", apex parent"); - fprintf(stderr, "\n"); + fprintf(stderr, "%s %s", s, named_rr->name); + if ((named_rr->flags & NAME_FLAG_APEX)) + fprintf(stderr, ", apex"); + if ((named_rr->flags & NAME_FLAG_HAS_RECORDS)) + fprintf(stderr, ", has records"); + if ((named_rr->flags & NAME_FLAG_DELEGATION)) + fprintf(stderr, ", delegation"); + if ((named_rr->flags & NAME_FLAG_NOT_AUTHORITATIVE)) + fprintf(stderr, ", not auth"); + if ((named_rr->flags & NAME_FLAG_NSEC3_ONLY)) + fprintf(stderr, ", nsec3 only"); + if ((named_rr->flags & NAME_FLAG_KIDS_WITH_RECORDS)) + fprintf(stderr, ", kid records"); + if ((named_rr->flags & NAME_FLAG_SIGNED_DELEGATION)) + fprintf(stderr, ", signed delegation"); + if ((named_rr->flags & NAME_FLAG_APEX_PARENT)) + fprintf(stderr, ", apex parent"); + fprintf(stderr, "\n"); } static int validate_named_rr(const char *name, intptr_t *data, void *p) { - struct named_rr *named_rr = *((struct named_rr **)data); - Word_t rdtype; - struct rr_set **rr_set_p; - int nsec3_present = 0; - int nsec3_only = 1; - static int seen_apex = 0; - - if ((named_rr->flags & NAME_FLAG_APEX)) - seen_apex = 1; - if (!seen_apex) - named_rr->flags |= NAME_FLAG_APEX_PARENT; - - if (named_rr->parent && (named_rr->parent->flags & (NAME_FLAG_DELEGATION|NAME_FLAG_NOT_AUTHORITATIVE)) != 0) { - named_rr->flags |= NAME_FLAG_NOT_AUTHORITATIVE; - if ((named_rr->flags & NAME_FLAG_HAS_RECORDS) != 0) { - G.stats.not_authoritative++; - } - } - - if (G.nsec3_opt_out_present && (named_rr->flags & NAME_FLAG_DELEGATION)) { - JLG(rr_set_p, named_rr->rr_sets, T_DS); - if (!rr_set_p) - named_rr->flags |= NAME_FLAG_NOT_AUTHORITATIVE; - } + struct named_rr *named_rr = *((struct named_rr **)data); + Word_t rdtype; + struct rr_set **rr_set_p; + int nsec3_present = 0; + int nsec3_only = 1; + static int seen_apex = 0; + + if ((named_rr->flags & NAME_FLAG_APEX)) + seen_apex = 1; + if (!seen_apex) + named_rr->flags |= NAME_FLAG_APEX_PARENT; + + if (named_rr->parent && (named_rr->parent->flags & (NAME_FLAG_DELEGATION|NAME_FLAG_NOT_AUTHORITATIVE)) != 0) { + named_rr->flags |= NAME_FLAG_NOT_AUTHORITATIVE; + if ((named_rr->flags & NAME_FLAG_HAS_RECORDS) != 0) { + G.stats.not_authoritative++; + } + } + + if (G.nsec3_opt_out_present && (named_rr->flags & NAME_FLAG_DELEGATION)) { + JLG(rr_set_p, named_rr->rr_sets, T_DS); + if (!rr_set_p) + named_rr->flags |= NAME_FLAG_NOT_AUTHORITATIVE; + } //debug(named_rr, ">>>>"); - rdtype = 0; - JLF(rr_set_p, named_rr->rr_sets, rdtype); + rdtype = 0; + JLF(rr_set_p, named_rr->rr_sets, rdtype); - while (rr_set_p) { - validate_rrset(*rr_set_p); - if (rdtype == T_NSEC3) - nsec3_present = 1; - else if (rdtype != T_RRSIG) - nsec3_only = 0; - if (rdtype != T_NSEC3 && rdtype != T_RRSIG && rdtype != T_NS) - named_rr->flags |= NAME_FLAG_THIS_WITH_RECORDS; - if ((named_rr->flags & NAME_FLAG_NOT_AUTHORITATIVE) == 0 && - rdtype != T_NS && rdtype != T_NSEC3 && rdtype != T_RRSIG) - { - struct named_rr *nrr = named_rr; - int skip_first = rdtype == T_NS; - - while (nrr && (nrr->flags & NAME_FLAG_KIDS_WITH_RECORDS) == 0) { - if ((nrr->flags & NAME_FLAG_APEX_PARENT) || strlen(nrr->name) < zone_apex_l) { - nrr->flags |= NAME_FLAG_APEX_PARENT; - break; - } - if (!skip_first) - nrr->flags |= NAME_FLAG_KIDS_WITH_RECORDS; - skip_first = 0; - nrr = nrr->parent; - } - } - if (rdtype == T_DS) { - struct named_rr *nrr = named_rr; - while (nrr && (nrr->flags & (NAME_FLAG_DELEGATION|NAME_FLAG_NOT_AUTHORITATIVE)) != 0) { - // nrr->flags &= ~(NAME_FLAG_DELEGATION|NAME_FLAG_NOT_AUTHORITATIVE); - nrr->flags |= NAME_FLAG_SIGNED_DELEGATION; - nrr = nrr->parent; - } - } - JLN(rr_set_p, named_rr->rr_sets, rdtype); - } - if (nsec3_present && nsec3_only) { - named_rr->flags |= NAME_FLAG_NSEC3_ONLY; - } - return 1; + while (rr_set_p) { + validate_rrset(*rr_set_p); + if (rdtype == T_NSEC3) + nsec3_present = 1; + else if (rdtype != T_RRSIG) + nsec3_only = 0; + if (rdtype != T_NSEC3 && rdtype != T_RRSIG && rdtype != T_NS) + named_rr->flags |= NAME_FLAG_THIS_WITH_RECORDS; + if ((named_rr->flags & NAME_FLAG_NOT_AUTHORITATIVE) == 0 && + rdtype != T_NS && rdtype != T_NSEC3 && rdtype != T_RRSIG) + { + struct named_rr *nrr = named_rr; + int skip_first = rdtype == T_NS; + + while (nrr && (nrr->flags & NAME_FLAG_KIDS_WITH_RECORDS) == 0) { + if ((nrr->flags & NAME_FLAG_APEX_PARENT) || strlen(nrr->name) < zone_apex_l) { + nrr->flags |= NAME_FLAG_APEX_PARENT; + break; + } + if (!skip_first) + nrr->flags |= NAME_FLAG_KIDS_WITH_RECORDS; + skip_first = 0; + nrr = nrr->parent; + } + } + if (rdtype == T_DS) { + struct named_rr *nrr = named_rr; + while (nrr && (nrr->flags & (NAME_FLAG_DELEGATION|NAME_FLAG_NOT_AUTHORITATIVE)) != 0) { + // nrr->flags &= ~(NAME_FLAG_DELEGATION|NAME_FLAG_NOT_AUTHORITATIVE); + nrr->flags |= NAME_FLAG_SIGNED_DELEGATION; + nrr = nrr->parent; + } + } + JLN(rr_set_p, named_rr->rr_sets, rdtype); + } + if (nsec3_present && nsec3_only) { + named_rr->flags |= NAME_FLAG_NSEC3_ONLY; + } + return 1; } static void* nsec_validate_pass2(struct rr *rrv) { - RRCAST(nsec); - struct named_rr *named_rr, *next_named_rr; + RRCAST(nsec); + struct named_rr *named_rr, *next_named_rr; - named_rr = rr->rr.rr_set->named_rr; - next_named_rr = find_next_named_rr(named_rr); - /* Skip empty non-terminals and not authoritative records from consideration */ - while (next_named_rr) { - if ((next_named_rr->flags & NAME_FLAG_HAS_RECORDS) == 0) { - next_named_rr = find_next_named_rr(next_named_rr); - continue; - } - if (next_named_rr->parent && - (next_named_rr->parent->flags & (NAME_FLAG_DELEGATION|NAME_FLAG_NOT_AUTHORITATIVE)) != 0) - { - named_rr->flags |= NAME_FLAG_NOT_AUTHORITATIVE; - next_named_rr = find_next_named_rr(next_named_rr); - continue; - } - break; - } - - if (strcasecmp(rr->next_domain, zone_apex) == 0) { - if (next_named_rr) { - return moan(rr->rr.file_name, rr->rr.line, "NSEC says %s is the last name, but %s exists", - named_rr->name, next_named_rr->name); - } - } else { - if (!next_named_rr) { - return moan(rr->rr.file_name, rr->rr.line, "NSEC says %s comes after %s, but nothing does", - rr->next_domain, named_rr->name); - } else if (strcasecmp(rr->next_domain, next_named_rr->name) != 0) { - return moan(rr->rr.file_name, rr->rr.line, "NSEC says %s comes after %s, but %s does", - rr->next_domain, named_rr->name, next_named_rr->name); - } - } + named_rr = rr->rr.rr_set->named_rr; + next_named_rr = find_next_named_rr(named_rr); + /* Skip empty non-terminals and not authoritative records from consideration */ + while (next_named_rr) { + if ((next_named_rr->flags & NAME_FLAG_HAS_RECORDS) == 0) { + next_named_rr = find_next_named_rr(next_named_rr); + continue; + } + if (next_named_rr->parent && + (next_named_rr->parent->flags & (NAME_FLAG_DELEGATION|NAME_FLAG_NOT_AUTHORITATIVE)) != 0) + { + named_rr->flags |= NAME_FLAG_NOT_AUTHORITATIVE; + next_named_rr = find_next_named_rr(next_named_rr); + continue; + } + break; + } + + if (strcasecmp(rr->next_domain, zone_apex) == 0) { + if (next_named_rr) { + return moan(rr->rr.file_name, rr->rr.line, "NSEC says %s is the last name, but %s exists", + named_rr->name, next_named_rr->name); + } + } else { + if (!next_named_rr) { + return moan(rr->rr.file_name, rr->rr.line, "NSEC says %s comes after %s, but nothing does", + rr->next_domain, named_rr->name); + } else if (strcasecmp(rr->next_domain, next_named_rr->name) != 0) { + return moan(rr->rr.file_name, rr->rr.line, "NSEC says %s comes after %s, but %s does", + rr->next_domain, named_rr->name, next_named_rr->name); + } + } - /* TODO: more checks */ - return rr; + /* TODO: more checks */ + return rr; } static int second_pass_one_name(const char *name, intptr_t *data, void *p) { - struct named_rr *named_rr = *((struct named_rr **)data); - struct rr_set **rr_set_p; + struct named_rr *named_rr = *((struct named_rr **)data); + struct rr_set **rr_set_p; - freeall_temp(); - JLG(rr_set_p, named_rr->rr_sets, T_NSEC); - if (rr_set_p && (*rr_set_p)->tail) { - nsec_validate_pass2((*rr_set_p)->tail); - } - return 1; + freeall_temp(); + JLG(rr_set_p, named_rr->rr_sets, T_NSEC); + if (rr_set_p && (*rr_set_p)->tail) { + nsec_validate_pass2((*rr_set_p)->tail); + } + return 1; } void validate_zone(void) { - cbtree_allprefixed(&zone_data, "", validate_named_rr, NULL); - cbtree_allprefixed(&zone_data, "", second_pass_one_name, NULL); + cbtree_allprefixed(&zone_data, "", validate_named_rr, NULL); + cbtree_allprefixed(&zone_data, "", second_pass_one_name, NULL); - if (G.dnssec_active && !G.nsec3_present) - validate_nsec_chain(); + if (G.dnssec_active && !G.nsec3_present) + validate_nsec_chain(); } void validate_record(struct rr *rr) { - freeall_temp(); - if (!rr->is_generic && rr->rdtype < T_MAX && rr_methods[rr->rdtype].rr_validate) - rr_methods[rr->rdtype].rr_validate(rr); + freeall_temp(); + if (!rr->is_generic && rr->rdtype <= T_MAX) + rr_counts[rr->rdtype]++; + if (!rr->is_generic && rr->rdtype <= T_MAX && rr_methods[rr->rdtype].rr_validate) + rr_methods[rr->rdtype].rr_validate(rr); } int extract_algorithm(char **s, char *what) { - int alg; - char *str_alg; + int alg; + char *str_alg; - if (isdigit(**s)) { - alg = extract_integer(s, what, NULL); - if (algorithm_type(alg) == ALG_UNSUPPORTED) { - bitch("bad or unsupported algorithm %d", alg); - return ALG_UNSUPPORTED; - } - return alg; - } else { - str_alg = extract_label(s, what, "temporary"); - if (!str_alg) return ALG_UNSUPPORTED; - if (strcmp(str_alg, "dsa") == 0) - return ALG_DSA; - if (strcmp(str_alg, "rsasha1") == 0) - return ALG_RSASHA1; - if (strcmp(str_alg, "dsa-nsec3-sha1") == 0) - return ALG_DSA_NSEC3_SHA1; - if (strcmp(str_alg, "rsasha1-nsec3-sha1") == 0) - return ALG_RSASHA1_NSEC3_SHA1; - if (strcmp(str_alg, "rsasha256") == 0) - return ALG_RSASHA256; - if (strcmp(str_alg, "rsasha512") == 0) - return ALG_RSASHA512; - - if (strcmp(str_alg, "ecc-gost") == 0) - return ALG_ECCGOST; - if (strcmp(str_alg, "ecdsap256sha256") == 0) - return ALG_ECDSAP256SHA256; - if (strcmp(str_alg, "ecdsap384sha384") == 0) - return ALG_ECDSAP384SHA384; - - if (strcmp(str_alg, "privatedns") == 0) - return ALG_PRIVATEDNS; - if (strcmp(str_alg, "privateoid") == 0) - return ALG_PRIVATEOID; - bitch("bad or unsupported algorithm %s", str_alg); - return ALG_UNSUPPORTED; - } + if (isdigit(**s)) { + alg = extract_integer(s, what, NULL); + if (algorithm_type(alg) == ALG_UNSUPPORTED) { + bitch("bad or unsupported algorithm %d", alg); + return ALG_UNSUPPORTED; + } + return alg; + } else { + str_alg = extract_label(s, what, "temporary"); + if (!str_alg) return ALG_UNSUPPORTED; + if (strcmp(str_alg, "dsa") == 0) + return ALG_DSA; + if (strcmp(str_alg, "rsasha1") == 0) + return ALG_RSASHA1; + if (strcmp(str_alg, "dsa-nsec3-sha1") == 0) + return ALG_DSA_NSEC3_SHA1; + if (strcmp(str_alg, "rsasha1-nsec3-sha1") == 0) + return ALG_RSASHA1_NSEC3_SHA1; + if (strcmp(str_alg, "rsasha256") == 0) + return ALG_RSASHA256; + if (strcmp(str_alg, "rsasha512") == 0) + return ALG_RSASHA512; + + if (strcmp(str_alg, "ecc-gost") == 0) + return ALG_ECCGOST; + if (strcmp(str_alg, "ecdsap256sha256") == 0) + return ALG_ECDSAP256SHA256; + if (strcmp(str_alg, "ecdsap384sha384") == 0) + return ALG_ECDSAP384SHA384; + if (strcmp(str_alg, "ed25519") == 0) + return ALG_ED25519; + if (strcmp(str_alg, "ed448") == 0) + return ALG_ED448; + + if (strcmp(str_alg, "privatedns") == 0) + return ALG_PRIVATEDNS; + if (strcmp(str_alg, "privateoid") == 0) + return ALG_PRIVATEOID; + bitch("bad or unsupported algorithm %s", str_alg); + return ALG_UNSUPPORTED; + } } int algorithm_type(int alg) { - switch (alg) { - case ALG_DSA: - return ALG_DSA_FAMILY; - case ALG_RSASHA1: - return ALG_RSA_FAMILY; - case ALG_DSA_NSEC3_SHA1: - return ALG_DSA_FAMILY; - case ALG_RSASHA1_NSEC3_SHA1: - return ALG_RSA_FAMILY; - case ALG_RSASHA256: - return ALG_RSA_FAMILY; - case ALG_RSASHA512: - return ALG_RSA_FAMILY; + switch (alg) { + case ALG_DSA: + return ALG_DSA_FAMILY; + case ALG_RSASHA1: + return ALG_RSA_FAMILY; + case ALG_DSA_NSEC3_SHA1: + return ALG_DSA_FAMILY; + case ALG_RSASHA1_NSEC3_SHA1: + return ALG_RSA_FAMILY; + case ALG_RSASHA256: + return ALG_RSA_FAMILY; + case ALG_RSASHA512: + return ALG_RSA_FAMILY; case ALG_ECCGOST: return ALG_ECC_FAMILY; case ALG_ECDSAP256SHA256: return ALG_ECC_FAMILY; case ALG_ECDSAP384SHA384: return ALG_ECC_FAMILY; - case ALG_PRIVATEDNS: - return ALG_PRIVATE_FAMILY; - case ALG_PRIVATEOID: - return ALG_PRIVATE_FAMILY; - } - return ALG_UNSUPPORTED; + case ALG_ED25519: + return ALG_ECC_FAMILY; + case ALG_ED448: + return ALG_ECC_FAMILY; + case ALG_PRIVATEDNS: + return ALG_PRIVATE_FAMILY; + case ALG_PRIVATEOID: + return ALG_PRIVATE_FAMILY; + } + return ALG_UNSUPPORTED; } diff -pruN 0.8+git20160720-3.2/rr.h 0.8+git20170804-0ubuntu3/rr.h --- 0.8+git20160720-3.2/rr.h 2016-02-04 14:14:15.000000000 +0000 +++ 0.8+git20170804-0ubuntu3/rr.h 2017-08-04 14:27:44.000000000 +0000 @@ -9,49 +9,53 @@ #ifndef _RR_H #define _RR_H 1 -#define T_A 1 -#define T_NS 2 -#define T_CNAME 5 -#define T_SOA 6 -#define T_MB 7 -#define T_MG 8 -#define T_MR 9 -#define T_PTR 12 -#define T_HINFO 13 -#define T_MINFO 14 -#define T_MX 15 -#define T_TXT 16 -#define T_RP 17 -#define T_AFSDB 18 -#define T_X25 19 -#define T_ISDN 20 -#define T_RT 21 -#define T_NSAP 22 -#define T_PX 26 -#define T_AAAA 28 -#define T_LOC 29 -#define T_SRV 33 -#define T_NAPTR 35 -#define T_KX 36 -#define T_CERT 37 -#define T_DNAME 39 -#define T_DS 43 -#define T_SSHFP 44 -#define T_IPSECKEY 45 -#define T_RRSIG 46 -#define T_NSEC 47 -#define T_DNSKEY 48 -#define T_DHCID 49 -#define T_NSEC3 50 -#define T_NSEC3PARAM 51 -#define T_TLSA 52 -#define T_SPF 99 -#define T_NID 104 -#define T_L32 105 -#define T_L64 106 -#define T_LP 107 +#define T_A 1 +#define T_NS 2 +#define T_CNAME 5 +#define T_SOA 6 +#define T_MB 7 +#define T_MG 8 +#define T_MR 9 +#define T_PTR 12 +#define T_HINFO 13 +#define T_MINFO 14 +#define T_MX 15 +#define T_TXT 16 +#define T_RP 17 +#define T_AFSDB 18 +#define T_X25 19 +#define T_ISDN 20 +#define T_RT 21 +#define T_NSAP 22 +#define T_PX 26 +#define T_AAAA 28 +#define T_LOC 29 +#define T_SRV 33 +#define T_NAPTR 35 +#define T_KX 36 +#define T_CERT 37 +#define T_DNAME 39 +#define T_DS 43 +#define T_SSHFP 44 +#define T_IPSECKEY 45 +#define T_RRSIG 46 +#define T_NSEC 47 +#define T_DNSKEY 48 +#define T_DHCID 49 +#define T_NSEC3 50 +#define T_NSEC3PARAM 51 +#define T_TLSA 52 +#define T_SMIMEA 53 +#define T_CDS 59 +#define T_CDNSKEY 60 +#define T_SPF 99 +#define T_NID 104 +#define T_L32 105 +#define T_L64 106 +#define T_LP 107 +#define T_CAA 257 #define T_DLV 32769 -#define T_MAX 32769 +#define T_MAX 32769 #define ALG_DSA 3 #define ALG_RSASHA1 5 @@ -62,6 +66,8 @@ #define ALG_ECCGOST 12 #define ALG_ECDSAP256SHA256 13 #define ALG_ECDSAP384SHA384 14 +#define ALG_ED25519 15 +#define ALG_ED448 16 #define ALG_PRIVATEDNS 253 #define ALG_PRIVATEOID 254 @@ -88,14 +94,15 @@ typedef struct binary_data (*rr_wire_fun typedef void* (*rr_validate_set_func)(struct rr_set*); typedef void* (*rr_validate_func)(struct rr*); struct rr_methods { - rr_parse_func rr_parse; - rr_human_func rr_human; - rr_wire_func rr_wire; - rr_validate_set_func rr_validate_set; - rr_validate_func rr_validate; + rr_parse_func rr_parse; + rr_human_func rr_human; + rr_wire_func rr_wire; + rr_validate_set_func rr_validate_set; + rr_validate_func rr_validate; }; extern struct rr_methods rr_methods[T_MAX+1]; extern struct rr_methods unknown_methods; +extern int rr_counts[T_MAX+1]; struct binary_data call_get_wired(struct rr *rr); struct rr *rr_parse_any(char *name, long ttl, int type, char *s); @@ -130,58 +137,58 @@ int extract_algorithm(char **s, char *wh struct named_rr { - char *name; - void *rr_sets; + char *name; + void *rr_sets; - int line; - char *file_name; - uint32_t flags; - struct named_rr *parent; + int line; + char *file_name; + uint32_t flags; + struct named_rr *parent; }; struct rr_set { - struct rr* head; - struct rr* tail; - struct named_rr *named_rr; - int rdtype; - int count; + struct rr* head; + struct rr* tail; + struct named_rr *named_rr; + int rdtype; + int count; }; struct rr { - struct rr* next; - struct rr* prev; - struct rr_set *rr_set; - - int ttl; - int rdtype; - - int line; - int is_generic; - char *file_name; + struct rr* next; + struct rr* prev; + struct rr_set *rr_set; + + int ttl; + int rdtype; + + int line; + int is_generic; + char *file_name; }; struct rr_any { - struct rr rr; - struct binary_data data; + struct rr rr; + struct binary_data data; }; struct rr_a { - struct rr rr; - struct in_addr address; + struct rr rr; + struct in_addr address; }; extern struct rr_methods a_methods; struct rr_soa { - struct rr rr; - uint32_t serial; - int refresh, retry, expire, minimum; - char *rname; - char *mname; + struct rr rr; + uint32_t serial; + int refresh, retry, expire, minimum; + char *rname; + char *mname; }; extern struct rr_methods soa_methods; @@ -197,23 +204,23 @@ struct rr_dhcid struct rr rr; int id_type; int digest_type; - struct binary_data digest; + struct binary_data digest; }; extern struct rr_methods dhcid_methods; struct rr_txt_segment { - struct binary_data txt; - struct rr_txt_segment *next; + struct binary_data txt; + struct rr_txt_segment *next; }; struct rr_txt { struct rr rr; int count; - struct rr_txt_segment *txt; + struct rr_txt_segment *txt; }; extern struct rr_methods txt_methods; -struct rr_tlsa +struct rr_tlsa_smimea { struct rr rr; uint8_t cert_usage; @@ -222,20 +229,21 @@ struct rr_tlsa struct binary_data association_data; }; extern struct rr_methods tlsa_methods; +extern struct rr_methods smimea_methods; struct rr_ipseckey { struct rr rr; - uint8_t precedence; - uint8_t gateway_type; - uint8_t algorithm; - union { - char *gateway_none; /* gateway_type == 0 */ - struct in_addr gateway_ipv4; /* gateway_type == 1 */ - struct in6_addr gateway_ipv6; /* gateway_type == 2 */ - char *gateway_name; /* gateway_type == 3 */ - } gateway; - struct binary_data public_key; + uint8_t precedence; + uint8_t gateway_type; + uint8_t algorithm; + union { + char *gateway_none; /* gateway_type == 0 */ + struct in_addr gateway_ipv4; /* gateway_type == 1 */ + struct in6_addr gateway_ipv6; /* gateway_type == 2 */ + char *gateway_name; /* gateway_type == 3 */ + } gateway; + struct binary_data public_key; }; extern struct rr_methods ipseckey_methods; @@ -274,20 +282,20 @@ extern struct rr_methods lp_methods; struct rr_naptr { struct rr rr; - uint16_t order; - uint16_t preference; - struct binary_data flags; - struct binary_data services; - struct binary_data regexp; - char *replacement; + uint16_t order; + uint16_t preference; + struct binary_data flags; + struct binary_data services; + struct binary_data regexp; + char *replacement; }; extern struct rr_methods naptr_methods; struct rr_nsec { - struct rr rr; - char *next_domain; - struct binary_data type_bitmap; + struct rr rr; + char *next_domain; + struct binary_data type_bitmap; }; extern struct rr_methods nsec_methods; @@ -295,178 +303,179 @@ void validate_nsec_chain(void); struct rr_nsec3 { - struct rr rr; - uint8_t hash_algorithm; - uint8_t flags; - uint16_t iterations; - struct binary_data salt; - struct binary_data next_hashed_owner; - struct binary_data type_bitmap; - struct binary_data this_hashed_name; - struct named_rr *corresponding_name; - struct rr_nsec3 *next_nsec3; + struct rr rr; + uint8_t hash_algorithm; + uint8_t flags; + uint16_t iterations; + struct binary_data salt; + struct binary_data next_hashed_owner; + struct binary_data type_bitmap; + struct binary_data this_hashed_name; + struct named_rr *corresponding_name; + struct rr_nsec3 *next_nsec3; }; extern struct rr_methods nsec3_methods; struct rr_nsec3param { - struct rr rr; - uint8_t hash_algorithm; - uint8_t flags; - uint16_t iterations; - struct binary_data salt; + struct rr rr; + uint8_t hash_algorithm; + uint8_t flags; + uint16_t iterations; + struct binary_data salt; }; extern struct rr_methods nsec3param_methods; extern struct rr *nsec3param; struct rr_rrsig { - struct rr rr; - uint16_t type_covered; - int algorithm; - int labels; - int orig_ttl; - uint32_t sig_expiration; - uint32_t sig_inception; - uint16_t key_tag; - char *signer; - struct binary_data signature; + struct rr rr; + uint16_t type_covered; + int algorithm; + int labels; + int orig_ttl; + uint32_t sig_expiration; + uint32_t sig_inception; + uint16_t key_tag; + char *signer; + struct binary_data signature; }; extern struct rr_methods rrsig_methods; struct rr_srv { - struct rr rr; - uint16_t priority; - uint16_t weight; - uint16_t port; - char *target; + struct rr rr; + uint16_t priority; + uint16_t weight; + uint16_t port; + char *target; }; extern struct rr_methods srv_methods; struct rr_cname { - struct rr rr; - char *cname; + struct rr rr; + char *cname; }; extern struct rr_methods cname_methods; struct rr_mb { - struct rr rr; - char *madname; + struct rr rr; + char *madname; }; extern struct rr_methods mb_methods; struct rr_mg { - struct rr rr; - char *mgmname; + struct rr rr; + char *mgmname; }; extern struct rr_methods mg_methods; struct rr_minfo { - struct rr rr; - char *rmailbx; - char *emailbx; + struct rr rr; + char *rmailbx; + char *emailbx; }; extern struct rr_methods minfo_methods; struct rr_mr { - struct rr rr; - char *newname; + struct rr rr; + char *newname; }; extern struct rr_methods mr_methods; struct rr_dname { - struct rr rr; - char *target; + struct rr rr; + char *target; }; extern struct rr_methods dname_methods; struct rr_aaaa { - struct rr rr; - struct in6_addr address; + struct rr rr; + struct in6_addr address; }; extern struct rr_methods aaaa_methods; struct rr_mx { - struct rr rr; - int preference; - char *exchange; + struct rr rr; + int preference; + char *exchange; }; extern struct rr_methods mx_methods; struct rr_rt { - struct rr rr; - int preference; - char *intermediate_host; + struct rr rr; + int preference; + char *intermediate_host; }; extern struct rr_methods rt_methods; struct rr_afsdb { - struct rr rr; - int subtype; - char *hostname; + struct rr rr; + int subtype; + char *hostname; }; extern struct rr_methods afsdb_methods; struct rr_x25 { - struct rr rr; + struct rr rr; struct binary_data psdn_address; }; extern struct rr_methods x25_methods; struct rr_isdn { - struct rr rr; + struct rr rr; struct binary_data isdn_address; struct binary_data sa; - int sa_present; + int sa_present; }; extern struct rr_methods isdn_methods; struct rr_px { - struct rr rr; - int preference; - char *map822; - char *mapx400; + struct rr rr; + int preference; + char *map822; + char *mapx400; }; extern struct rr_methods px_methods; struct rr_kx { - struct rr rr; - int preference; - char *exchanger; + struct rr rr; + int preference; + char *exchanger; }; extern struct rr_methods kx_methods; struct rr_dnskey { - struct rr rr; - uint16_t flags; - uint8_t protocol; - uint8_t algorithm; - struct binary_data pubkey; - /* calculated */ - uint16_t key_tag; - int pkey_built; - void *pkey; - /* extras */ - int key_type; - struct rr_dnskey *next_key; + struct rr rr; + uint16_t flags; + uint8_t protocol; + uint8_t algorithm; + struct binary_data pubkey; + /* calculated */ + uint16_t key_tag; + int pkey_built; + void *pkey; + /* extras */ + int key_type; + struct rr_dnskey *next_key; }; extern struct rr_methods dnskey_methods; +extern struct rr_methods cdnskey_methods; #define KEY_TYPE_UNUSED 0 #define KEY_TYPE_KSK 1 @@ -477,34 +486,35 @@ void dnskey_ksk_policy_check(void); struct rr_ds { - struct rr rr; - uint16_t key_tag; - uint8_t algorithm; - uint8_t digest_type; - struct binary_data digest; + struct rr rr; + uint16_t key_tag; + uint8_t algorithm; + uint8_t digest_type; + struct binary_data digest; }; extern struct rr_methods ds_methods; +extern struct rr_methods cds_methods; struct rr_dlv { - struct rr rr; - uint16_t key_tag; - uint8_t algorithm; - uint8_t digest_type; - struct binary_data digest; + struct rr rr; + uint16_t key_tag; + uint8_t algorithm; + uint8_t digest_type; + struct binary_data digest; }; extern struct rr_methods dlv_methods; struct rr_nsap { - struct rr rr; - struct binary_data data; + struct rr rr; + struct binary_data data; }; extern struct rr_methods nsap_methods; struct rr_hinfo { - struct rr rr; + struct rr rr; struct binary_data cpu; struct binary_data os; }; @@ -512,7 +522,7 @@ extern struct rr_methods hinfo_methods; struct rr_rp { - struct rr rr; + struct rr rr; char *mbox_dname; char *txt_dname; }; @@ -520,14 +530,14 @@ extern struct rr_methods rp_methods; struct rr_loc { - struct rr rr; - uint8_t version; - uint8_t size; - uint8_t horiz_pre; - uint8_t vert_pre; - uint32_t latitude; - uint32_t longitude; - uint32_t altitude; + struct rr rr; + uint8_t version; + uint8_t size; + uint8_t horiz_pre; + uint8_t vert_pre; + uint32_t latitude; + uint32_t longitude; + uint32_t altitude; }; extern struct rr_methods loc_methods; @@ -542,15 +552,15 @@ struct rr_sshfp { struct rr rr; uint8_t algorithm; - uint8_t fp_type; - struct binary_data fingerprint; + uint8_t fp_type; + struct binary_data fingerprint; }; extern struct rr_methods sshfp_methods; struct rr_spf { struct rr rr; - int count; + int count; struct binary_data spf[1]; }; extern struct rr_methods spf_methods; @@ -558,13 +568,22 @@ extern struct rr_methods spf_methods; struct rr_cert { struct rr rr; - uint16_t type; - uint16_t key_tag; - int algorithm; - struct binary_data certificate; + uint16_t type; + uint16_t key_tag; + int algorithm; + struct binary_data certificate; }; extern struct rr_methods cert_methods; +struct rr_caa +{ + struct rr rr; + uint8_t flags; + struct binary_data tag; + struct binary_data value; +}; +extern struct rr_methods caa_methods; + extern struct rr_nsec3 *first_nsec3; extern struct rr_nsec3 *latest_nsec3; diff -pruN 0.8+git20160720-3.2/rrsig.c 0.8+git20170804-0ubuntu3/rrsig.c --- 0.8+git20160720-3.2/rrsig.c 2016-02-04 14:14:15.000000000 +0000 +++ 0.8+git20170804-0ubuntu3/rrsig.c 2017-08-04 14:27:44.000000000 +0000 @@ -16,6 +16,7 @@ #include #include #include +#include #include "common.h" #include "textparse.h" @@ -25,135 +26,151 @@ struct verification_data { - struct verification_data *next; - EVP_MD_CTX ctx; - struct rr_dnskey *key; - struct rr_rrsig *rr; - int ok; - unsigned long openssl_error; + struct verification_data *next; + EVP_MD_CTX ctx; + struct rr_dnskey *key; + struct rr_rrsig *rr; + int ok; + unsigned long openssl_error; }; struct keys_to_verify { - struct keys_to_verify *next; - struct rr_rrsig *rr; - struct rr_set *signed_set; - int n_keys; - struct verification_data to_verify[1]; + struct keys_to_verify *next; + struct rr_rrsig *rr; + struct rr_set *signed_set; + int n_keys; + struct verification_data to_verify[1]; }; static struct keys_to_verify *all_keys_to_verify = NULL; static struct rr* rrsig_parse(char *name, long ttl, int type, char *s) { - struct rr_rrsig *rr = getmem(sizeof(*rr)); - int type_covered, key_tag; - char *str_type_covered; - struct binary_data sig; - long long ts; - - str_type_covered = extract_label(&s, "type covered", "temporary"); - if (!str_type_covered) return NULL; - type_covered = str2rdtype(str_type_covered, NULL); - if (type_covered <= 0 || type_covered > 65535) return NULL; - rr->type_covered = type_covered; - - rr->algorithm = extract_algorithm(&s, "algorithm"); - if (rr->algorithm == ALG_UNSUPPORTED) return NULL; - if (rr->algorithm == ALG_PRIVATEDNS || rr->algorithm == ALG_PRIVATEOID) { - return bitch("private algorithms are not supported in RRSIG"); - } - - rr->labels = extract_integer(&s, "labels", NULL); - if (rr->labels < 0) return NULL; - /* TODO validate labels, see http://tools.ietf.org/html/rfc4034#section-3.1.3 */ - - rr->orig_ttl = extract_timevalue(&s, "original TTL"); - if (rr->orig_ttl < 0) return NULL; - - ts = extract_timestamp(&s, "signature expiration"); - if (ts < 0) return NULL; - rr->sig_expiration = ts; - - ts = extract_timestamp(&s, "signature inception"); - if (ts < 0) return NULL; - rr->sig_inception = ts; - - key_tag = extract_integer(&s, "key tag", NULL); - if (key_tag < 0) return NULL; - rr->key_tag = key_tag; - - rr->signer = extract_name(&s, "signer name", 0); - if (!rr->signer) return NULL; - /* TODO validate signer name, http://tools.ietf.org/html/rfc4034#section-3.1.7 */ - - sig = extract_base64_binary_data(&s, "signature"); - if (sig.length < 0) return NULL; - /* TODO validate signature length based on algorithm */ - rr->signature = sig; - - if (*s) { - return bitch("garbage after valid RRSIG data"); - } - G.dnssec_active = 1; - return store_record(type, name, ttl, rr); + struct rr_rrsig *rr = getmem(sizeof(*rr)); + int type_covered, key_tag; + char *str_type_covered; + struct binary_data sig; + long long ts; + + str_type_covered = extract_label(&s, "type covered", "temporary"); + if (!str_type_covered) return NULL; + type_covered = str2rdtype(str_type_covered, NULL); + if (type_covered <= 0 || type_covered > 65535) return NULL; + rr->type_covered = type_covered; + + rr->algorithm = extract_algorithm(&s, "algorithm"); + if (rr->algorithm == ALG_UNSUPPORTED) return NULL; + if (rr->algorithm == ALG_PRIVATEDNS || rr->algorithm == ALG_PRIVATEOID) { + return bitch("private algorithms are not supported in RRSIG"); + } + + rr->labels = extract_integer(&s, "labels", NULL); + if (rr->labels < 0) return NULL; + /* TODO validate labels, see http://tools.ietf.org/html/rfc4034#section-3.1.3 */ + + rr->orig_ttl = extract_timevalue(&s, "original TTL"); + if (rr->orig_ttl < 0) return NULL; + + ts = extract_timestamp(&s, "signature expiration"); + if (ts < 0) return NULL; + rr->sig_expiration = ts; + + ts = extract_timestamp(&s, "signature inception"); + if (ts < 0) return NULL; + rr->sig_inception = ts; + + key_tag = extract_integer(&s, "key tag", NULL); + if (key_tag < 0) return NULL; + rr->key_tag = key_tag; + + rr->signer = extract_name(&s, "signer name", 0); + if (!rr->signer) return NULL; + /* TODO validate signer name, http://tools.ietf.org/html/rfc4034#section-3.1.7 */ + + sig = extract_base64_binary_data(&s, "signature"); + if (sig.length < 0) return NULL; + /* TODO validate signature length based on algorithm */ + if (algorithm_type(rr->algorithm) == ALG_ECC_FAMILY) { + /* + * Transform ECDSA signatures from DNSSEC vanilla binary + * representation (r || s) into OpenSSL ASN.1 DER format + */ + ECDSA_SIG *ecdsa_sig = ECDSA_SIG_new(); + int l = sig.length / 2; + if ((BN_bin2bn((unsigned char *)sig.data, l, ecdsa_sig->r) == NULL) || + (BN_bin2bn(((unsigned char *)sig.data) + l, l, ecdsa_sig->s) == NULL)) + return NULL; + sig.length = i2d_ECDSA_SIG(ecdsa_sig, NULL); + sig.data = getmem(sig.length); /* reallocate larger mempool chunk */ + unsigned char *sig_ptr = (unsigned char *)sig.data; + sig.length = i2d_ECDSA_SIG(ecdsa_sig, &sig_ptr); + ECDSA_SIG_free(ecdsa_sig); + } + rr->signature = sig; + + if (*s) { + return bitch("garbage after valid RRSIG data"); + } + G.dnssec_active = 1; + return store_record(type, name, ttl, rr); } static char* rrsig_human(struct rr *rrv) { - // RRCAST(rrsig); + // RRCAST(rrsig); // char s[1024]; //snprintf(s, 1024, "SOA %s %s %d %d %d %d %d", - // rr->mname, rr->rname, rr->serial, - // rr->refresh, rr->retry, rr->expire, rr->minimum); + // rr->mname, rr->rname, rr->serial, + // rr->refresh, rr->retry, rr->expire, rr->minimum); //return quickstrdup_temp(s); - return NULL; + return NULL; } static struct binary_data rrsig_wirerdata_ex(struct rr *rrv, int with_signature) { - RRCAST(rrsig); - struct binary_data bd; + RRCAST(rrsig); + struct binary_data bd; - bd = compose_binary_data("2114442d", 1, - rr->type_covered, rr->algorithm, rr->labels, - rr->orig_ttl, rr->sig_expiration, rr->sig_inception, - rr->key_tag, name2wire_name(rr->signer)); - if (with_signature) { - return compose_binary_data("dd", 1, bd, rr->signature); - } - return bd; + bd = compose_binary_data("2114442d", 1, + rr->type_covered, rr->algorithm, rr->labels, + rr->orig_ttl, rr->sig_expiration, rr->sig_inception, + rr->key_tag, name2wire_name(rr->signer)); + if (with_signature) { + return compose_binary_data("dd", 1, bd, rr->signature); + } + return bd; } static struct binary_data rrsig_wirerdata(struct rr *rrv) { - return rrsig_wirerdata_ex(rrv, 1); + return rrsig_wirerdata_ex(rrv, 1); } struct rr_with_wired { - struct rr *rr; - struct binary_data wired; + struct rr *rr; + struct binary_data wired; }; static int compare_rr_with_wired(const void *va, const void *vb) { - const struct rr_with_wired *a = va; - const struct rr_with_wired *b = vb; - int r; - - if (a->wired.length == b->wired.length) { - return memcmp(a->wired.data, b->wired.data, a->wired.length); - } else if (a->wired.length < b->wired.length) { - r = memcmp(a->wired.data, b->wired.data, a->wired.length); - if (r != 0) return r; - return -1; - } else { - r = memcmp(a->wired.data, b->wired.data, b->wired.length); - if (r != 0) return r; - return 1; - } + const struct rr_with_wired *a = va; + const struct rr_with_wired *b = vb; + int r; + + if (a->wired.length == b->wired.length) { + return memcmp(a->wired.data, b->wired.data, a->wired.length); + } else if (a->wired.length < b->wired.length) { + r = memcmp(a->wired.data, b->wired.data, a->wired.length); + if (r != 0) return r; + return -1; + } else { + r = memcmp(a->wired.data, b->wired.data, b->wired.length); + if (r != 0) return r; + return 1; + } } static struct verification_data *verification_queue = NULL; @@ -164,211 +181,219 @@ static pthread_t *workers; void *verification_thread(void *dummy) { - struct verification_data *d; - struct timespec sleep_time; + struct verification_data *d; + struct timespec sleep_time; - while (1) { - if (pthread_mutex_lock(&queue_lock) != 0) - croak(1, "pthread_mutex_lock"); - d = verification_queue; - if (d) { - verification_queue = d->next; - G.stats.signatures_verified++; - } - if (pthread_mutex_unlock(&queue_lock) != 0) - croak(1, "pthread_mutex_unlock"); - if (d) { - int r; - d->next = NULL; - r = EVP_VerifyFinal(&d->ctx, (unsigned char *)d->rr->signature.data, d->rr->signature.length, d->key->pkey); - if (r == 1) { - d->ok = 1; - } else { - d->openssl_error = ERR_peek_last_error(); - } - if (pthread_mutex_lock(&queue_lock) != 0) - croak(1, "pthread_mutex_lock"); - verification_queue_size--; - if (pthread_mutex_unlock(&queue_lock) != 0) - croak(1, "pthread_mutex_unlock"); - } else { - sleep_time.tv_sec = 0; - sleep_time.tv_nsec = 10000000; - nanosleep(&sleep_time, NULL); - } - } + while (1) { + if (pthread_mutex_lock(&queue_lock) != 0) + croak(1, "pthread_mutex_lock"); + d = verification_queue; + if (d) { + verification_queue = d->next; + G.stats.signatures_verified++; + } + if (pthread_mutex_unlock(&queue_lock) != 0) + croak(1, "pthread_mutex_unlock"); + if (d) { + int r; + d->next = NULL; + r = EVP_VerifyFinal(&d->ctx, (unsigned char *)d->rr->signature.data, d->rr->signature.length, d->key->pkey); + if (r == 1) { + d->ok = 1; + } else { + d->openssl_error = ERR_peek_last_error(); + } + if (pthread_mutex_lock(&queue_lock) != 0) + croak(1, "pthread_mutex_lock"); + verification_queue_size--; + if (pthread_mutex_unlock(&queue_lock) != 0) + croak(1, "pthread_mutex_unlock"); + } else { + sleep_time.tv_sec = 0; + sleep_time.tv_nsec = 10000000; + nanosleep(&sleep_time, NULL); + } + } } static void start_workers(void) { - int i; + int i; - if (workers_started) - return; - if (G.opt.verbose) - fprintf(stderr, "starting workers for signature verification\n"); - workers = getmem(sizeof(*workers)*G.opt.n_threads); - for (i = 0; i < G.opt.n_threads; i++) { - if (pthread_create(&workers[i], NULL, verification_thread, NULL) != 0) - croak(1, "pthread_create"); - } - workers_started = 1; + if (workers_started) + return; + if (G.opt.verbose) + fprintf(stderr, "starting workers for signature verification\n"); + workers = getmem(sizeof(*workers)*G.opt.n_threads); + for (i = 0; i < G.opt.n_threads; i++) { + if (pthread_create(&workers[i], NULL, verification_thread, NULL) != 0) + croak(1, "pthread_create"); + } + workers_started = 1; } static void schedule_verification(struct verification_data *d) { - int cur_size; - if (G.opt.n_threads > 1) { - if (pthread_mutex_lock(&queue_lock) != 0) - croak(1, "pthread_mutex_lock"); - d->next = verification_queue; - verification_queue = d; - verification_queue_size++; - cur_size = verification_queue_size; - if (pthread_mutex_unlock(&queue_lock) != 0) - croak(1, "pthread_mutex_unlock"); - if (!workers_started && cur_size >= G.opt.n_threads) - start_workers(); - } else { - int r; - G.stats.signatures_verified++; - r = EVP_VerifyFinal(&d->ctx, (unsigned char *)d->rr->signature.data, d->rr->signature.length, d->key->pkey); - if (r == 1) { - d->ok = 1; - } else { - d->openssl_error = ERR_peek_last_error(); - } - } + int cur_size; + if (G.opt.n_threads > 1) { + if (pthread_mutex_lock(&queue_lock) != 0) + croak(1, "pthread_mutex_lock"); + d->next = verification_queue; + verification_queue = d; + verification_queue_size++; + cur_size = verification_queue_size; + if (pthread_mutex_unlock(&queue_lock) != 0) + croak(1, "pthread_mutex_unlock"); + if (!workers_started && cur_size >= G.opt.n_threads) + start_workers(); + } else { + int r; + G.stats.signatures_verified++; + r = EVP_VerifyFinal(&d->ctx, (unsigned char *)d->rr->signature.data, d->rr->signature.length, d->key->pkey); + if (r == 1) { + d->ok = 1; + } else { + d->openssl_error = ERR_peek_last_error(); + } + } } static int verify_signature(struct verification_data *d, struct rr_set *signed_set) { - uint16_t b2; - uint32_t b4; - struct binary_data chunk; - struct rr_with_wired *set; - struct rr *signed_rr; - int i; - - EVP_MD_CTX_init(&d->ctx); - switch (d->rr->algorithm) { - case ALG_DSA: - case ALG_RSASHA1: - case ALG_DSA_NSEC3_SHA1: - case ALG_RSASHA1_NSEC3_SHA1: - if (EVP_VerifyInit(&d->ctx, EVP_sha1()) != 1) - return 0; - break; - case ALG_RSASHA256: - if (EVP_VerifyInit(&d->ctx, EVP_sha256()) != 1) - return 0; - break; - case ALG_RSASHA512: - if (EVP_VerifyInit(&d->ctx, EVP_sha512()) != 1) - return 0; - break; - default: - return 0; - } - - chunk = rrsig_wirerdata_ex(&d->rr->rr, 0); - if (chunk.length < 0) - return 0; - EVP_VerifyUpdate(&d->ctx, chunk.data, chunk.length); - - set = getmem_temp(sizeof(*set) * signed_set->count); - - signed_rr = signed_set->tail; - i = 0; - while (signed_rr) { - set[i].rr = signed_rr; - set[i].wired = call_get_wired(signed_rr); - if (set[i].wired.length < 0) - return 0; - i++; - signed_rr = signed_rr->next; - } - qsort(set, signed_set->count, sizeof(*set), compare_rr_with_wired); - - for (i = 0; i < signed_set->count; i++) { - chunk = name2wire_name(signed_set->named_rr->name); - if (chunk.length < 0) - return 0; - EVP_VerifyUpdate(&d->ctx, chunk.data, chunk.length); - b2 = htons(set[i].rr->rdtype); EVP_VerifyUpdate(&d->ctx, &b2, 2); - b2 = htons(1); /* class IN */ EVP_VerifyUpdate(&d->ctx, &b2, 2); - b4 = htonl(set[i].rr->ttl); EVP_VerifyUpdate(&d->ctx, &b4, 4); - b2 = htons(set[i].wired.length); EVP_VerifyUpdate(&d->ctx, &b2, 2); - EVP_VerifyUpdate(&d->ctx, set[i].wired.data, set[i].wired.length); - } + uint16_t b2; + uint32_t b4; + struct binary_data chunk; + struct rr_with_wired *set; + struct rr *signed_rr; + int i; + + EVP_MD_CTX_init(&d->ctx); + switch (d->rr->algorithm) { + case ALG_DSA: + case ALG_RSASHA1: + case ALG_DSA_NSEC3_SHA1: + case ALG_RSASHA1_NSEC3_SHA1: + if (EVP_VerifyInit(&d->ctx, EVP_sha1()) != 1) + return 0; + break; + case ALG_RSASHA256: + if (EVP_VerifyInit(&d->ctx, EVP_sha256()) != 1) + return 0; + break; + case ALG_RSASHA512: + if (EVP_VerifyInit(&d->ctx, EVP_sha512()) != 1) + return 0; + break; + case ALG_ECDSAP256SHA256: + if (EVP_VerifyInit(&d->ctx, EVP_sha256()) != 1) + return 0; + break; + case ALG_ECDSAP384SHA384: + if (EVP_VerifyInit(&d->ctx, EVP_sha384()) != 1) + return 0; + break; + default: + return 0; + } + + chunk = rrsig_wirerdata_ex(&d->rr->rr, 0); + if (chunk.length < 0) + return 0; + EVP_VerifyUpdate(&d->ctx, chunk.data, chunk.length); + + set = getmem_temp(sizeof(*set) * signed_set->count); + + signed_rr = signed_set->tail; + i = 0; + while (signed_rr) { + set[i].rr = signed_rr; + set[i].wired = call_get_wired(signed_rr); + if (set[i].wired.length < 0) + return 0; + i++; + signed_rr = signed_rr->next; + } + qsort(set, signed_set->count, sizeof(*set), compare_rr_with_wired); + + for (i = 0; i < signed_set->count; i++) { + chunk = name2wire_name(signed_set->named_rr->name); + if (chunk.length < 0) + return 0; + EVP_VerifyUpdate(&d->ctx, chunk.data, chunk.length); + b2 = htons(set[i].rr->rdtype); EVP_VerifyUpdate(&d->ctx, &b2, 2); + b2 = htons(1); /* class IN */ EVP_VerifyUpdate(&d->ctx, &b2, 2); + b4 = htonl(set[i].rr->ttl); EVP_VerifyUpdate(&d->ctx, &b4, 4); + b2 = htons(set[i].wired.length); EVP_VerifyUpdate(&d->ctx, &b2, 2); + EVP_VerifyUpdate(&d->ctx, set[i].wired.data, set[i].wired.length); + } - schedule_verification(d); - return 1; + schedule_verification(d); + return 1; } static void *rrsig_validate(struct rr *rrv) { - RRCAST(rrsig); - struct named_rr *named_rr; - struct rr_set *signed_set; - struct rr_dnskey *key = NULL; - struct rr_set *dnskey_rr_set; - int candidate_keys = 0; - struct keys_to_verify *candidates; - int i = 0; - int t; - - named_rr = rr->rr.rr_set->named_rr; - for (t = 0; t < G.opt.n_times_to_check; t++) { - if (G.opt.times_to_check[t] < rr->sig_inception) { - return moan(rr->rr.file_name, rr->rr.line, "%s signature is too new", named_rr->name); - } - if (G.opt.times_to_check[t] > rr->sig_expiration) { - return moan(rr->rr.file_name, rr->rr.line, "%s signature is too old", named_rr->name); - } - } - signed_set = find_rr_set_in_named_rr(named_rr, rr->type_covered); - if (!signed_set) { - return moan(rr->rr.file_name, rr->rr.line, "%s RRSIG exists for non-existing type %s", named_rr->name, rdtype2str(rr->type_covered)); - } - if (signed_set->tail->ttl != rr->orig_ttl) { - return moan(rr->rr.file_name, rr->rr.line, "%s RRSIG's original TTL differs from corresponding record's", named_rr->name); - } - dnskey_rr_set = find_rr_set(T_DNSKEY, rr->signer); - if (!dnskey_rr_set) { - return moan(rr->rr.file_name, rr->rr.line, "%s RRSIG(%s): cannot find a signer key (%s)", named_rr->name, rdtype2str(rr->type_covered), rr->signer); - } - key = (struct rr_dnskey *)dnskey_rr_set->tail; - while (key) { - if (key->algorithm == rr->algorithm && key->key_tag == rr->key_tag) { - candidate_keys++; - dnskey_build_pkey(key); - } - key = (struct rr_dnskey *)key->rr.next; - } - if (candidate_keys == 0) - return moan(rr->rr.file_name, rr->rr.line, "%s RRSIG(%s): cannot find the right signer key (%s)", named_rr->name, rdtype2str(rr->type_covered), rr->signer); - - candidates = getmem(sizeof(struct keys_to_verify) + (candidate_keys-1) * sizeof(struct verification_data)); - candidates->next = all_keys_to_verify; - candidates->rr = rr; - candidates->signed_set = signed_set; - candidates->n_keys = candidate_keys; - all_keys_to_verify = candidates; - key = (struct rr_dnskey *)dnskey_rr_set->tail; - while (key) { - if (key->algorithm == rr->algorithm && key->key_tag == rr->key_tag) { - candidates->to_verify[i].key = key; - candidates->to_verify[i].rr = rr; - candidates->to_verify[i].ok = 0; - candidates->to_verify[i].openssl_error = 0; - candidates->to_verify[i].next = NULL; - i++; - } - key = (struct rr_dnskey *)key->rr.next; - } + RRCAST(rrsig); + struct named_rr *named_rr; + struct rr_set *signed_set; + struct rr_dnskey *key = NULL; + struct rr_set *dnskey_rr_set; + int candidate_keys = 0; + struct keys_to_verify *candidates; + int i = 0; + int t; + + named_rr = rr->rr.rr_set->named_rr; + for (t = 0; t < G.opt.n_times_to_check; t++) { + if (G.opt.times_to_check[t] < rr->sig_inception) { + return moan(rr->rr.file_name, rr->rr.line, "%s signature is too new", named_rr->name); + } + if (G.opt.times_to_check[t] > rr->sig_expiration) { + return moan(rr->rr.file_name, rr->rr.line, "%s signature is too old", named_rr->name); + } + } + signed_set = find_rr_set_in_named_rr(named_rr, rr->type_covered); + if (!signed_set) { + return moan(rr->rr.file_name, rr->rr.line, "%s RRSIG exists for non-existing type %s", named_rr->name, rdtype2str(rr->type_covered)); + } + if (signed_set->tail->ttl != rr->orig_ttl) { + return moan(rr->rr.file_name, rr->rr.line, "%s RRSIG's original TTL differs from corresponding record's", named_rr->name); + } + dnskey_rr_set = find_rr_set(T_DNSKEY, rr->signer); + if (!dnskey_rr_set) { + return moan(rr->rr.file_name, rr->rr.line, "%s RRSIG(%s): cannot find a signer key (%s)", named_rr->name, rdtype2str(rr->type_covered), rr->signer); + } + key = (struct rr_dnskey *)dnskey_rr_set->tail; + while (key) { + if (key->algorithm == rr->algorithm && key->key_tag == rr->key_tag) { + candidate_keys++; + dnskey_build_pkey(key); + } + key = (struct rr_dnskey *)key->rr.next; + } + if (candidate_keys == 0) + return moan(rr->rr.file_name, rr->rr.line, "%s RRSIG(%s): cannot find the right signer key (%s)", named_rr->name, rdtype2str(rr->type_covered), rr->signer); + + candidates = getmem(sizeof(struct keys_to_verify) + (candidate_keys-1) * sizeof(struct verification_data)); + candidates->next = all_keys_to_verify; + candidates->rr = rr; + candidates->signed_set = signed_set; + candidates->n_keys = candidate_keys; + all_keys_to_verify = candidates; + key = (struct rr_dnskey *)dnskey_rr_set->tail; + while (key) { + if (key->algorithm == rr->algorithm && key->key_tag == rr->key_tag) { + candidates->to_verify[i].key = key; + candidates->to_verify[i].rr = rr; + candidates->to_verify[i].ok = 0; + candidates->to_verify[i].openssl_error = 0; + candidates->to_verify[i].next = NULL; + i++; + } + key = (struct rr_dnskey *)key->rr.next; + } - return rr; + return rr; } static pthread_mutex_t *lock_cs; @@ -376,86 +401,86 @@ static long *lock_count; static unsigned long pthreads_thread_id(void) { - unsigned long ret; + unsigned long ret; - ret=(unsigned long)pthread_self(); - return(ret); + ret=(unsigned long)pthread_self(); + return(ret); } static void pthreads_locking_callback(int mode, int type, char *file, int line) { - if (mode & CRYPTO_LOCK) { - pthread_mutex_lock(&(lock_cs[type])); - lock_count[type]++; - } else { - pthread_mutex_unlock(&(lock_cs[type])); - } + if (mode & CRYPTO_LOCK) { + pthread_mutex_lock(&(lock_cs[type])); + lock_count[type]++; + } else { + pthread_mutex_unlock(&(lock_cs[type])); + } } void verify_all_keys(void) { - struct keys_to_verify *k = all_keys_to_verify; - int i; - struct timespec sleep_time; - - ERR_load_crypto_strings(); - if (G.opt.n_threads > 1) { - lock_cs = OPENSSL_malloc(CRYPTO_num_locks() * sizeof(pthread_mutex_t)); - lock_count = OPENSSL_malloc(CRYPTO_num_locks() * sizeof(long)); - for (i = 0; i < CRYPTO_num_locks(); i++) { - lock_count[i] = 0; - pthread_mutex_init(&lock_cs[i],NULL); - } - - CRYPTO_set_id_callback((unsigned long (*)())pthreads_thread_id); - CRYPTO_set_locking_callback((void (*)())pthreads_locking_callback); - - if (pthread_mutex_init(&queue_lock, NULL) != 0) - croak(1, "pthread_mutex_init"); - } - - while (k) { - freeall_temp(); - for (i = 0; i < k->n_keys; i++) { - if (dnskey_build_pkey(k->to_verify[i].key)) - verify_signature(&k->to_verify[i], k->signed_set); - } - k = k->next; - } - start_workers(); /* this is needed in case n_threads is greater than the number of signatures to verify */ - while (verification_queue_size > 0) { - sleep_time.tv_sec = 0; - sleep_time.tv_nsec = 10000000; - nanosleep(&sleep_time, NULL); - } - k = all_keys_to_verify; - while (k) { - int ok = 0; - unsigned long e = 0; - for (i = 0; i < k->n_keys; i++) { - if (k->to_verify[i].ok) { - if (k->to_verify[i].rr->rr.rr_set->named_rr->flags & NAME_FLAG_APEX) { - if (k->to_verify[i].key->key_type == KEY_TYPE_UNUSED) - k->to_verify[i].key->key_type = KEY_TYPE_KSK; - } else { - k->to_verify[i].key->key_type = KEY_TYPE_ZSK; - } - ok = 1; - break; - } else { - if (k->to_verify[i].openssl_error != 0) - e = k->to_verify[i].openssl_error; - } - } - if (!ok) { - struct named_rr *named_rr; - named_rr = k->rr->rr.rr_set->named_rr; - moan(k->rr->rr.file_name, k->rr->rr.line, "%s RRSIG(%s): %s", - named_rr->name, rdtype2str(k->rr->type_covered), - e ? ERR_reason_error_string(e) : "cannot verify signature, reason unknown"); - } - k = k->next; - } + struct keys_to_verify *k = all_keys_to_verify; + int i; + struct timespec sleep_time; + + ERR_load_crypto_strings(); + if (G.opt.n_threads > 1) { + lock_cs = OPENSSL_malloc(CRYPTO_num_locks() * sizeof(pthread_mutex_t)); + lock_count = OPENSSL_malloc(CRYPTO_num_locks() * sizeof(long)); + for (i = 0; i < CRYPTO_num_locks(); i++) { + lock_count[i] = 0; + pthread_mutex_init(&lock_cs[i],NULL); + } + + CRYPTO_set_id_callback((unsigned long (*)())pthreads_thread_id); + CRYPTO_set_locking_callback((void (*)())pthreads_locking_callback); + + if (pthread_mutex_init(&queue_lock, NULL) != 0) + croak(1, "pthread_mutex_init"); + } + + while (k) { + freeall_temp(); + for (i = 0; i < k->n_keys; i++) { + if (dnskey_build_pkey(k->to_verify[i].key)) + verify_signature(&k->to_verify[i], k->signed_set); + } + k = k->next; + } + start_workers(); /* this is needed in case n_threads is greater than the number of signatures to verify */ + while (verification_queue_size > 0) { + sleep_time.tv_sec = 0; + sleep_time.tv_nsec = 10000000; + nanosleep(&sleep_time, NULL); + } + k = all_keys_to_verify; + while (k) { + int ok = 0; + unsigned long e = 0; + for (i = 0; i < k->n_keys; i++) { + if (k->to_verify[i].ok) { + if (k->to_verify[i].rr->rr.rr_set->named_rr->flags & NAME_FLAG_APEX) { + if (k->to_verify[i].key->key_type == KEY_TYPE_UNUSED) + k->to_verify[i].key->key_type = KEY_TYPE_KSK; + } else { + k->to_verify[i].key->key_type = KEY_TYPE_ZSK; + } + ok = 1; + break; + } else { + if (k->to_verify[i].openssl_error != 0) + e = k->to_verify[i].openssl_error; + } + } + if (!ok) { + struct named_rr *named_rr; + named_rr = k->rr->rr.rr_set->named_rr; + moan(k->rr->rr.file_name, k->rr->rr.line, "%s RRSIG(%s): %s", + named_rr->name, rdtype2str(k->rr->type_covered), + e ? ERR_reason_error_string(e) : "cannot verify signature, reason unknown"); + } + k = k->next; + } } struct rr_methods rrsig_methods = { rrsig_parse, rrsig_human, rrsig_wirerdata, NULL, rrsig_validate }; diff -pruN 0.8+git20160720-3.2/rt.c 0.8+git20170804-0ubuntu3/rt.c --- 0.8+git20160720-3.2/rt.c 2016-02-04 14:14:15.000000000 +0000 +++ 0.8+git20170804-0ubuntu3/rt.c 2017-08-04 14:27:44.000000000 +0000 @@ -19,38 +19,38 @@ static struct rr *rt_parse(char *name, long ttl, int type, char *s) { - struct rr_rt *rr = getmem(sizeof(*rr)); + struct rr_rt *rr = getmem(sizeof(*rr)); - rr->preference = extract_integer(&s, "RT preference", NULL); - if (rr->preference < 0) - return NULL; - - rr->intermediate_host = extract_name(&s, "intermediate-host", 0); - if (!rr->intermediate_host) - return NULL; - if (*s) { - return bitch("garbage after valid RT data"); - } + rr->preference = extract_integer(&s, "RT preference", NULL); + if (rr->preference < 0) + return NULL; + + rr->intermediate_host = extract_name(&s, "intermediate-host", 0); + if (!rr->intermediate_host) + return NULL; + if (*s) { + return bitch("garbage after valid RT data"); + } - return store_record(type, name, ttl, rr); + return store_record(type, name, ttl, rr); } static char* rt_human(struct rr *rrv) { - RRCAST(rt); + RRCAST(rt); char s[1024]; snprintf(s, 1024, "%d %s", - rr->preference, rr->intermediate_host); + rr->preference, rr->intermediate_host); return quickstrdup_temp(s); } static struct binary_data rt_wirerdata(struct rr *rrv) { - RRCAST(rt); + RRCAST(rt); return compose_binary_data("2d", 1, - rr->preference, name2wire_name(rr->intermediate_host)); + rr->preference, name2wire_name(rr->intermediate_host)); } struct rr_methods rt_methods = { rt_parse, rt_human, rt_wirerdata, NULL, NULL }; diff -pruN 0.8+git20160720-3.2/soa.c 0.8+git20170804-0ubuntu3/soa.c --- 0.8+git20160720-3.2/soa.c 2016-02-04 14:14:15.000000000 +0000 +++ 0.8+git20170804-0ubuntu3/soa.c 2017-08-04 14:27:44.000000000 +0000 @@ -20,64 +20,64 @@ static struct rr* soa_parse(char *name, long ttl, int type, char *s) { - struct rr_soa *rr = getmem(sizeof(*rr)); - long long i; + struct rr_soa *rr = getmem(sizeof(*rr)); + long long i; - rr->mname = extract_name(&s, "mname", 0); - if (!rr->mname) return NULL; - rr->rname = extract_name(&s, "rname", 0); - if (!rr->rname) return NULL; - i = extract_integer(&s, "serial", NULL); - if (i < 0) return NULL; - if (i > 4294967295UL) return bitch("serial is out of range"); - rr->serial = i; - rr->refresh = extract_timevalue(&s, "refresh"); - if (rr->refresh < 0) return NULL; - rr->retry = extract_timevalue(&s, "retry"); - if (rr->retry < 0) return NULL; - rr->expire = extract_timevalue(&s, "expire"); - if (rr->expire < 0) return NULL; - rr->minimum = extract_timevalue(&s, "minimum"); - if (rr->minimum < 0) return NULL; - if (ttl < 0 && G.opt.soa_minttl_as_default_ttl) { - ttl = rr->minimum; - } - if (*s) { - return bitch("garbage after valid SOA data"); - } - return store_record(type, name, ttl, rr); + rr->mname = extract_name(&s, "mname", 0); + if (!rr->mname) return NULL; + rr->rname = extract_name(&s, "rname", 0); + if (!rr->rname) return NULL; + i = extract_integer(&s, "serial", NULL); + if (i < 0) return NULL; + if (i > 4294967295UL) return bitch("serial is out of range"); + rr->serial = i; + rr->refresh = extract_timevalue(&s, "refresh"); + if (rr->refresh < 0) return NULL; + rr->retry = extract_timevalue(&s, "retry"); + if (rr->retry < 0) return NULL; + rr->expire = extract_timevalue(&s, "expire"); + if (rr->expire < 0) return NULL; + rr->minimum = extract_timevalue(&s, "minimum"); + if (rr->minimum < 0) return NULL; + if (ttl < 0 && G.opt.soa_minttl_as_default_ttl) { + ttl = rr->minimum; + } + if (*s) { + return bitch("garbage after valid SOA data"); + } + return store_record(type, name, ttl, rr); } static char* soa_human(struct rr *rrv) { - RRCAST(soa); + RRCAST(soa); char s[1024]; snprintf(s, 1024, "%s %s %u %d %d %d %d", - rr->mname, rr->rname, rr->serial, - rr->refresh, rr->retry, rr->expire, rr->minimum); + rr->mname, rr->rname, rr->serial, + rr->refresh, rr->retry, rr->expire, rr->minimum); return quickstrdup_temp(s); } static struct binary_data soa_wirerdata(struct rr *rrv) { - RRCAST(soa); + RRCAST(soa); - return compose_binary_data("dd44444", 1, - name2wire_name(rr->mname), name2wire_name(rr->rname), - rr->serial, rr->refresh, rr->retry, - rr->expire, rr->minimum); + return compose_binary_data("dd44444", 1, + name2wire_name(rr->mname), name2wire_name(rr->rname), + rr->serial, rr->refresh, rr->retry, + rr->expire, rr->minimum); } static void *soa_validate(struct rr *rrv) { - RRCAST(soa); + RRCAST(soa); - if (strchr(rr->mname, '/') != NULL) - return moan(rr->rr.file_name, rr->rr.line, "MNAME contains '/'"); - if (strchr(rr->rname, '/') != NULL) - return moan(rr->rr.file_name, rr->rr.line, "RNAME contains '/'"); - return NULL; + if (strchr(rr->mname, '/') != NULL) + return moan(rr->rr.file_name, rr->rr.line, "MNAME contains '/'"); + if (strchr(rr->rname, '/') != NULL) + return moan(rr->rr.file_name, rr->rr.line, "RNAME contains '/'"); + return NULL; } struct rr_methods soa_methods = { soa_parse, soa_human, soa_wirerdata, NULL, soa_validate }; diff -pruN 0.8+git20160720-3.2/spf.c 0.8+git20170804-0ubuntu3/spf.c --- 0.8+git20160720-3.2/spf.c 2016-02-04 14:14:15.000000000 +0000 +++ 0.8+git20170804-0ubuntu3/spf.c 2017-08-04 14:27:44.000000000 +0000 @@ -19,70 +19,70 @@ /* XXX * We need to add the following spf-specific policy checks: - * - record not too long (DNS name + length of SPF+TXT < 450) - rfc4408, 3.1.4 - * - record should match /^v=spf1( |$)/ - rfc4408, 4.5 - * - maybe check for other syntax features - * - there should be an identical TXT record - rfc4408, 3.1.1 - * - there should only be one SPF per DNS name - rfc4408, 4.5 + * - record not too long (DNS name + length of SPF+TXT < 450) - rfc4408, 3.1.4 + * - record should match /^v=spf1( |$)/ - rfc4408, 4.5 + * - maybe check for other syntax features + * - there should be an identical TXT record - rfc4408, 3.1.1 + * - there should only be one SPF per DNS name - rfc4408, 4.5 */ static struct rr *spf_parse(char *name, long ttl, int type, char *s) { - struct rr_spf *rr; - struct binary_data spf[20]; - int i; - - i = 0; - while (*s) { - if (i >= 20) - return bitch("program limit: too many SPF text segments"); - spf[i] = extract_text(&s, "SPF text segment"); - if (spf[i].length < 0) - return NULL; - if (spf[i].length > 255) - return bitch("SPF segment too long"); - i++; - } - if (i == 0) - return bitch("empty text record"); - - rr = getmem(sizeof(*rr) + sizeof(struct binary_data) * (i-1)); - rr->count = i; - for (i = 0; i < rr->count; i++) { - rr->spf[i] = spf[i]; - } + struct rr_spf *rr; + struct binary_data spf[20]; + int i; + + i = 0; + while (*s) { + if (i >= 20) + return bitch("program limit: too many SPF text segments"); + spf[i] = extract_text(&s, "SPF text segment"); + if (spf[i].length < 0) + return NULL; + if (spf[i].length > 255) + return bitch("SPF segment too long"); + i++; + } + if (i == 0) + return bitch("empty text record"); + + rr = getmem(sizeof(*rr) + sizeof(struct binary_data) * (i-1)); + rr->count = i; + for (i = 0; i < rr->count; i++) { + rr->spf[i] = spf[i]; + } - return store_record(type, name, ttl, rr); + return store_record(type, name, ttl, rr); } static char* spf_human(struct rr *rrv) { - RRCAST(spf); + RRCAST(spf); char ss[1024]; - int i; - char *s = ss; - int l; - - for (i = 0; i < rr->count; i++) { - l = snprintf(s, 1024-(s-ss), "\"%s\" ", rr->spf[i].data); - s += l; - } + int i; + char *s = ss; + int l; + + for (i = 0; i < rr->count; i++) { + l = snprintf(s, 1024-(s-ss), "\"%s\" ", rr->spf[i].data); + s += l; + } return quickstrdup_temp(ss); } static struct binary_data spf_wirerdata(struct rr *rrv) { - RRCAST(spf); - struct binary_data r, t; - int i; - - r = bad_binary_data(); - t.length = 0; - t.data = NULL; - for (i = 0; i < rr->count; i++) { - r = compose_binary_data("db", 1, t, rr->spf[i]); - t = r; - } + RRCAST(spf); + struct binary_data r, t; + int i; + + r = bad_binary_data(); + t.length = 0; + t.data = NULL; + for (i = 0; i < rr->count; i++) { + r = compose_binary_data("db", 1, t, rr->spf[i]); + t = r; + } return r; } diff -pruN 0.8+git20160720-3.2/srv.c 0.8+git20170804-0ubuntu3/srv.c --- 0.8+git20160720-3.2/srv.c 2016-02-04 14:14:15.000000000 +0000 +++ 0.8+git20170804-0ubuntu3/srv.c 2017-08-04 14:27:44.000000000 +0000 @@ -19,60 +19,60 @@ static struct rr *srv_parse(char *name, long ttl, int type, char *s) { - struct rr_srv *rr = getmem(sizeof(*rr)); - int i; + struct rr_srv *rr = getmem(sizeof(*rr)); + int i; - /* TODO validate `name` (underscores etc) http://tools.ietf.org/html/rfc2782 */ + /* TODO validate `name` (underscores etc) http://tools.ietf.org/html/rfc2782 */ - i = extract_integer(&s, "priority", NULL); - if (i < 0) - return NULL; - if (i >= 65536) - return bitch("priority range is not valid"); - rr->priority = i; - - i = extract_integer(&s, "weight", NULL); - if (i < 0) - return NULL; - if (i >= 65536) - return bitch("weight range is not valid"); - rr->weight = i; - - i = extract_integer(&s, "port", NULL); - if (i < 0) - return NULL; - if (i >= 65536) - return bitch("port range is not valid"); - rr->port = i; - - rr->target = extract_name(&s, "target", 0); - if (!rr->target) - return NULL; - - if (*s) { - return bitch("garbage after valid SRV data"); - } + i = extract_integer(&s, "priority", NULL); + if (i < 0) + return NULL; + if (i >= 65536) + return bitch("priority range is not valid"); + rr->priority = i; + + i = extract_integer(&s, "weight", NULL); + if (i < 0) + return NULL; + if (i >= 65536) + return bitch("weight range is not valid"); + rr->weight = i; + + i = extract_integer(&s, "port", NULL); + if (i < 0) + return NULL; + if (i >= 65536) + return bitch("port range is not valid"); + rr->port = i; + + rr->target = extract_name(&s, "target", 0); + if (!rr->target) + return NULL; + + if (*s) { + return bitch("garbage after valid SRV data"); + } - return store_record(type, name, ttl, rr); + return store_record(type, name, ttl, rr); } static char* srv_human(struct rr *rrv) { - RRCAST(srv); + RRCAST(srv); char s[1024]; - snprintf(s, 1024, "%hu %hu %hu %s", - rr->priority, rr->weight, rr->port, rr->target); + snprintf(s, 1024, "%hu %hu %hu %s", + rr->priority, rr->weight, rr->port, rr->target); - return quickstrdup_temp(s); + return quickstrdup_temp(s); } static struct binary_data srv_wirerdata(struct rr *rrv) { - RRCAST(srv); + RRCAST(srv); return compose_binary_data("222d", 1, - rr->priority, rr->weight, rr->port, - name2wire_name(rr->target)); + rr->priority, rr->weight, rr->port, + name2wire_name(rr->target)); } struct rr_methods srv_methods = { srv_parse, srv_human, srv_wirerdata, NULL, NULL }; diff -pruN 0.8+git20160720-3.2/sshfp.c 0.8+git20170804-0ubuntu3/sshfp.c --- 0.8+git20160720-3.2/sshfp.c 2016-02-04 14:14:15.000000000 +0000 +++ 0.8+git20170804-0ubuntu3/sshfp.c 2017-08-04 14:27:44.000000000 +0000 @@ -19,63 +19,63 @@ static struct rr* sshfp_parse(char *name, long ttl, int type, char *s) { - struct rr_sshfp *rr = getmem(sizeof(*rr)); - int algorithm, fp_type; + struct rr_sshfp *rr = getmem(sizeof(*rr)); + int algorithm, fp_type; - algorithm = extract_integer(&s, "algorithm", NULL); - if (algorithm < 0) return NULL; - if (algorithm != 1 && algorithm != 2 && algorithm != 3 && algorithm != 4) - return bitch("unsupported algorithm"); - rr->algorithm = algorithm; - - fp_type = extract_integer(&s, "fp type", NULL); - if (fp_type < 0) return NULL; - if (fp_type != 1 && fp_type != 2) - return bitch("unsupported fp_type"); - rr->fp_type = fp_type; - - rr->fingerprint = extract_hex_binary_data(&s, "fingerprint", EXTRACT_EAT_WHITESPACE); - if (rr->fingerprint.length < 0) return NULL; - - if (rr->fp_type == 1 && rr->fingerprint.length != SHA1_BYTES) { - return bitch("wrong SHA-1 fingerprint length: %d bytes found, %d bytes expected", - rr->fingerprint.length, SHA1_BYTES); - } - if (rr->fp_type == 2 && rr->fingerprint.length != SHA256_BYTES) { - return bitch("wrong SHA-256 fingerprint length: %d bytes found, %d bytes expected", - rr->fingerprint.length, SHA256_BYTES); - } - - if (*s) { - return bitch("garbage after valid SSHFP data"); - } - return store_record(type, name, ttl, rr); + algorithm = extract_integer(&s, "algorithm", NULL); + if (algorithm < 0) return NULL; + if (algorithm != 1 && algorithm != 2 && algorithm != 3 && algorithm != 4) + return bitch("unsupported algorithm"); + rr->algorithm = algorithm; + + fp_type = extract_integer(&s, "fp type", NULL); + if (fp_type < 0) return NULL; + if (fp_type != 1 && fp_type != 2) + return bitch("unsupported fp_type"); + rr->fp_type = fp_type; + + rr->fingerprint = extract_hex_binary_data(&s, "fingerprint", EXTRACT_EAT_WHITESPACE); + if (rr->fingerprint.length < 0) return NULL; + + if (rr->fp_type == 1 && rr->fingerprint.length != SHA1_BYTES) { + return bitch("wrong SHA-1 fingerprint length: %d bytes found, %d bytes expected", + rr->fingerprint.length, SHA1_BYTES); + } + if (rr->fp_type == 2 && rr->fingerprint.length != SHA256_BYTES) { + return bitch("wrong SHA-256 fingerprint length: %d bytes found, %d bytes expected", + rr->fingerprint.length, SHA256_BYTES); + } + + if (*s) { + return bitch("garbage after valid SSHFP data"); + } + return store_record(type, name, ttl, rr); } static char* sshfp_human(struct rr *rrv) { - RRCAST(sshfp); + RRCAST(sshfp); char ss[4096]; - char *s = ss; - int l; - int i; + char *s = ss; + int l; + int i; l = snprintf(s, 4096, "%u %u ", rr->algorithm, rr->fp_type); - s += l; - for (i = 0; i < rr->fingerprint.length; i++) { - l = snprintf(s, 4096-(s-ss), "%02X", (unsigned char)rr->fingerprint.data[i]); - s += l; - } + s += l; + for (i = 0; i < rr->fingerprint.length; i++) { + l = snprintf(s, 4096-(s-ss), "%02X", (unsigned char)rr->fingerprint.data[i]); + s += l; + } return quickstrdup_temp(ss); } static struct binary_data sshfp_wirerdata(struct rr *rrv) { - RRCAST(sshfp); + RRCAST(sshfp); - return compose_binary_data("11d", 1, - rr->algorithm, rr->fp_type, - rr->fingerprint); + return compose_binary_data("11d", 1, + rr->algorithm, rr->fp_type, + rr->fingerprint); } struct rr_methods sshfp_methods = { sshfp_parse, sshfp_human, sshfp_wirerdata, NULL, NULL }; diff -pruN 0.8+git20160720-3.2/t/issues/51-support-curved-algorithms/13.example.com 0.8+git20170804-0ubuntu3/t/issues/51-support-curved-algorithms/13.example.com --- 0.8+git20160720-3.2/t/issues/51-support-curved-algorithms/13.example.com 1970-01-01 00:00:00.000000000 +0000 +++ 0.8+git20170804-0ubuntu3/t/issues/51-support-curved-algorithms/13.example.com 2017-08-04 14:27:44.000000000 +0000 @@ -0,0 +1,16 @@ +$TTL 86400 ; (1 day) +$ORIGIN 13.example.com. +$INCLUDE K13.example.com.+013+18450.key; +@ IN SOA ns1.example.com. hostmaster.example.com. ( + 2014012401 ; serial YYYYMMDDnn + 14400 ; refresh (4 hours) + 1800 ; retry (30 minutes) + 1209600 ; expire (2 weeks) + 3600 ; minimum (1 hour) + ) + + 172800 IN NS ns1.example.org. + 172800 IN NS ns2.example.org. + + IN A 203.0.113.10 +www IN CNAME 13.example.com. diff -pruN 0.8+git20160720-3.2/t/issues/51-support-curved-algorithms/13.example.com.signed 0.8+git20170804-0ubuntu3/t/issues/51-support-curved-algorithms/13.example.com.signed --- 0.8+git20160720-3.2/t/issues/51-support-curved-algorithms/13.example.com.signed 1970-01-01 00:00:00.000000000 +0000 +++ 0.8+git20170804-0ubuntu3/t/issues/51-support-curved-algorithms/13.example.com.signed 2017-08-04 14:27:44.000000000 +0000 @@ -0,0 +1,55 @@ +; File written on Tue Mar 29 15:52:18 2016 +; dnssec_signzone version 9.9.8-P4-RedHat-9.9.8_P4-2.el7.0 +13.example.com. 86400 IN SOA ns1.example.com. hostmaster.example.com. ( + 2014012401 ; serial + 14400 ; refresh (4 hours) + 1800 ; retry (30 minutes) + 1209600 ; expire (2 weeks) + 3600 ; minimum (1 hour) + ) + 86400 RRSIG SOA 13 3 86400 ( + 20160428125218 20160329125218 18450 13.example.com. + 7LfQswmP8B9hr6Bg8nr9o8yd/fe6n86HDhs9 + pAByPITSjdqML6Rwb4NOHWvFDZJXVA4mz5Pe + TG4JVHiGYU7HCw== ) + 172800 NS ns1.example.org. + 172800 NS ns2.example.org. + 172800 RRSIG NS 13 3 172800 ( + 20160428125218 20160329125218 18450 13.example.com. + eses1PGFULOHDZbqPt+CMQHdYCIVNdxVMYba + YtW3iA9nN4mfvS6jls69J60bqSA4p3w4tD3k + v9dnDcFdS+tEUQ== ) + 86400 A 203.0.113.10 + 86400 RRSIG A 13 3 86400 ( + 20160428125218 20160329125218 18450 13.example.com. + 2QqqZ4i7yq1sCrK82aLm85pTSUgpWR0XsBzi + MVFyjcoW75f0ysZKZafO5lFJECKEP8ncJfEP + NEMXVuyAUJihSA== ) + 3600 NSEC www.13.example.com. A NS SOA RRSIG NSEC DNSKEY + 3600 RRSIG NSEC 13 3 3600 ( + 20160428125218 20160329125218 18450 13.example.com. + IV+0txuv6DNk7kRBUmkk4jorMjXoyi/klFC/ + 1g5ZK8/cZuFcKREuIW7bmpvhB4Mhj8yWpLJ9 + CVNy339z+Rt/6g== ) + 86400 DNSKEY 257 3 13 ( + SFycyLoVKBBL0re1qD6sezd/bOM9jwtT/mTT + 1KkW0yqIXixXN/szwzm49r6YzlIFHRDXry8a + 7aaIKWopkx8WBA== + ) ; KSK; alg = ECDSAP256SHA256; key id = 18450 + 86400 RRSIG DNSKEY 13 3 86400 ( + 20160428125218 20160329125218 18450 13.example.com. + OsKqN6fhvL4b0XK5TOEpZXrSoC/GcRMlCqIe + csfZem7xMmcBjUe333/fJdw0x1QKmA17BoX/ + Px88zz24dRW0Vg== ) +www.13.example.com. 86400 IN CNAME 13.example.com. + 86400 RRSIG CNAME 13 4 86400 ( + 20160428125218 20160329125218 18450 13.example.com. + CFfxilFg72g3rQerviVCO6jmf8kVodqusejq + WETSBiCAfMhcB2+uLsitmaH8LsAiNLNMY7nc + 533WnQjsJ4vsmQ== ) + 3600 NSEC 13.example.com. CNAME RRSIG NSEC + 3600 RRSIG NSEC 13 4 3600 ( + 20160428125218 20160329125218 18450 13.example.com. + IWqCg2pcOd9kX4waHb8Ij3kWeJxfXGKUBbpf + Fuc3bhOJ/rvQ2kPYO305TeZP5Rfcd7+efDEb + i8be+VqhOgf7Pg== ) diff -pruN 0.8+git20160720-3.2/t/issues/51-support-curved-algorithms/14.example.com 0.8+git20170804-0ubuntu3/t/issues/51-support-curved-algorithms/14.example.com --- 0.8+git20160720-3.2/t/issues/51-support-curved-algorithms/14.example.com 1970-01-01 00:00:00.000000000 +0000 +++ 0.8+git20170804-0ubuntu3/t/issues/51-support-curved-algorithms/14.example.com 2017-08-04 14:27:44.000000000 +0000 @@ -0,0 +1,16 @@ +$TTL 86400 ; (1 day) +$ORIGIN 14.example.com. +$INCLUDE K14.example.com.+014+01045.key; +@ IN SOA ns1.example.com. hostmaster.example.com. ( + 2014012401 ; serial YYYYMMDDnn + 14400 ; refresh (4 hours) + 1800 ; retry (30 minutes) + 1209600 ; expire (2 weeks) + 3600 ; minimum (1 hour) + ) + + 172800 IN NS ns1.example.org. + 172800 IN NS ns2.example.org. + + IN A 203.0.113.10 +www IN CNAME 14.example.com. diff -pruN 0.8+git20160720-3.2/t/issues/51-support-curved-algorithms/14.example.com.signed 0.8+git20170804-0ubuntu3/t/issues/51-support-curved-algorithms/14.example.com.signed --- 0.8+git20160720-3.2/t/issues/51-support-curved-algorithms/14.example.com.signed 1970-01-01 00:00:00.000000000 +0000 +++ 0.8+git20170804-0ubuntu3/t/issues/51-support-curved-algorithms/14.example.com.signed 2017-08-04 14:27:44.000000000 +0000 @@ -0,0 +1,63 @@ +; File written on Tue Mar 29 15:52:22 2016 +; dnssec_signzone version 9.9.8-P4-RedHat-9.9.8_P4-2.el7.0 +14.example.com. 86400 IN SOA ns1.example.com. hostmaster.example.com. ( + 2014012401 ; serial + 14400 ; refresh (4 hours) + 1800 ; retry (30 minutes) + 1209600 ; expire (2 weeks) + 3600 ; minimum (1 hour) + ) + 86400 RRSIG SOA 14 3 86400 ( + 20160428125222 20160329125222 1045 14.example.com. + 5FEzZuz1HrgRNTakg4D24h1RrO1Kx9IDzXN6 + S/00bsfO5AQ8hxVd2X7XzrYGdqs+gpecBpkl + WLG1MrEgzYvRVgPTVY0bL0U7GxmvqAp871WH + yuJKB8NFTkgQDA7cA2Do ) + 172800 NS ns1.example.org. + 172800 NS ns2.example.org. + 172800 RRSIG NS 14 3 172800 ( + 20160428125222 20160329125222 1045 14.example.com. + 9Yol4eoRhw52o7LJqCnTlDlQlFbaHFyTOGf4 + 3MAPNe5hx2NFCujCg9RxE66l+BE6otDMC+tb + hJKVPfb5U8+rpjDna3H1RSjV7MkS4crlzS0k + 0rximlQ9x7OIy2wkZ0bw ) + 86400 A 203.0.113.10 + 86400 RRSIG A 14 3 86400 ( + 20160428125222 20160329125222 1045 14.example.com. + DG685u5rAML7/ga7TnixPiLwBEHFzcGpQeRc + WZkPX2W/gJ8VyejkZbWDinYEZIVUeQaRTNW4 + RcXBSq7o5wDgTJUSih+fnoLh9Fuzlfch6voG + qGKMeWl4i+2eYF7QImB8 ) + 3600 NSEC www.14.example.com. A NS SOA RRSIG NSEC DNSKEY + 3600 RRSIG NSEC 14 3 3600 ( + 20160428125222 20160329125222 1045 14.example.com. + tPxJtlAhflaMsTI0zx0vt+R73cmU9zL9ly20 + xrhZlRWhScxZ4y8fAIs57rfbl4XCe1Rln6y/ + TZ3V0BcpXH2fl3vXxOJqcnsK/RHHxl57va7E + v704MwP3Je9qhirfLd6O ) + 86400 DNSKEY 257 3 14 ( + FWoMjTSsjInt9389me7cymDHNbntmNWejqPI + zSsifAs2CdBtfCoN98LvEU1eADIG4kkpKvVv + QTYnoiUP/jsFQa6Uz+PmfgKO+PpyNl1fNy+b + N7uEPJzIZhen3X6bIwYg + ) ; KSK; alg = ECDSAP384SHA384; key id = 1045 + 86400 RRSIG DNSKEY 14 3 86400 ( + 20160428125222 20160329125222 1045 14.example.com. + FD2AI0MGo8w5JRfVihohNNsgj1pVrCUxaehv + R7DH2eS7STiJFEBFr8e8UO1CiDGXuOGhgoPY + CyEay93XJfdHaWBA4iCPctZUkdyA5ZXrYrpT + iCkK6GK0MtbyH7W3H4Uu ) +www.14.example.com. 86400 IN CNAME 14.example.com. + 86400 RRSIG CNAME 14 4 86400 ( + 20160428125222 20160329125222 1045 14.example.com. + Y8knRqg1Hpta6KZ57zc+eY6XDgIgRLVYWZ0m + 7YESOgRTU0oEU8j8NQ+S1RPAZM8migNkHjB4 + NKdm9DCMnlD237546++VmZFUZgzGnKW3lQAQ + GpTe7MtqMUY40B+TxSIg ) + 3600 NSEC 14.example.com. CNAME RRSIG NSEC + 3600 RRSIG NSEC 14 4 3600 ( + 20160428125222 20160329125222 1045 14.example.com. + TnQB0LmuU2Z4WtQDOBslDrIWFguyh4rv17gZ + nV8GvUJnn1Wk8/djZv47chNeNK6Rxt+lUaDm + E9S6f7eSJiGTAP6N0Mgfg7BmFbmD+4ZOUez2 + t5FEl5KRUrPoiHQvOB8w ) diff -pruN 0.8+git20160720-3.2/t/issues/51-support-curved-algorithms/K13.example.com.+013+18450.key 0.8+git20170804-0ubuntu3/t/issues/51-support-curved-algorithms/K13.example.com.+013+18450.key --- 0.8+git20160720-3.2/t/issues/51-support-curved-algorithms/K13.example.com.+013+18450.key 1970-01-01 00:00:00.000000000 +0000 +++ 0.8+git20170804-0ubuntu3/t/issues/51-support-curved-algorithms/K13.example.com.+013+18450.key 2017-08-04 14:27:44.000000000 +0000 @@ -0,0 +1,5 @@ +; This is a key-signing key, keyid 18450, for 13.example.com. +; Created: 20160302102736 (Wed Mar 2 11:27:36 2016) +; Publish: 20160302102736 (Wed Mar 2 11:27:36 2016) +; Activate: 20160302102736 (Wed Mar 2 11:27:36 2016) +13.example.com. IN DNSKEY 257 3 13 SFycyLoVKBBL0re1qD6sezd/bOM9jwtT/mTT1KkW0yqIXixXN/szwzm4 9r6YzlIFHRDXry8a7aaIKWopkx8WBA== diff -pruN 0.8+git20160720-3.2/t/issues/51-support-curved-algorithms/K13.example.com.+013+18450.private 0.8+git20170804-0ubuntu3/t/issues/51-support-curved-algorithms/K13.example.com.+013+18450.private --- 0.8+git20160720-3.2/t/issues/51-support-curved-algorithms/K13.example.com.+013+18450.private 1970-01-01 00:00:00.000000000 +0000 +++ 0.8+git20170804-0ubuntu3/t/issues/51-support-curved-algorithms/K13.example.com.+013+18450.private 2017-08-04 14:27:44.000000000 +0000 @@ -0,0 +1,6 @@ +Private-key-format: v1.3 +Algorithm: 13 (ECDSAP256SHA256) +PrivateKey: X3Mr05PnOJKClnUa14y2CdCCHUjkUNFl6wh1knpRKg== +Created: 20160302102736 +Publish: 20160302102736 +Activate: 20160302102736 diff -pruN 0.8+git20160720-3.2/t/issues/51-support-curved-algorithms/K14.example.com.+014+01045.key 0.8+git20170804-0ubuntu3/t/issues/51-support-curved-algorithms/K14.example.com.+014+01045.key --- 0.8+git20160720-3.2/t/issues/51-support-curved-algorithms/K14.example.com.+014+01045.key 1970-01-01 00:00:00.000000000 +0000 +++ 0.8+git20170804-0ubuntu3/t/issues/51-support-curved-algorithms/K14.example.com.+014+01045.key 2017-08-04 14:27:44.000000000 +0000 @@ -0,0 +1,5 @@ +; This is a key-signing key, keyid 1045, for 14.example.com. +; Created: 20160302103027 (Wed Mar 2 11:30:27 2016) +; Publish: 20160302103027 (Wed Mar 2 11:30:27 2016) +; Activate: 20160302103027 (Wed Mar 2 11:30:27 2016) +14.example.com. IN DNSKEY 257 3 14 FWoMjTSsjInt9389me7cymDHNbntmNWejqPIzSsifAs2CdBtfCoN98Lv EU1eADIG4kkpKvVvQTYnoiUP/jsFQa6Uz+PmfgKO+PpyNl1fNy+bN7uE PJzIZhen3X6bIwYg diff -pruN 0.8+git20160720-3.2/t/issues/51-support-curved-algorithms/K14.example.com.+014+01045.private 0.8+git20170804-0ubuntu3/t/issues/51-support-curved-algorithms/K14.example.com.+014+01045.private --- 0.8+git20160720-3.2/t/issues/51-support-curved-algorithms/K14.example.com.+014+01045.private 1970-01-01 00:00:00.000000000 +0000 +++ 0.8+git20170804-0ubuntu3/t/issues/51-support-curved-algorithms/K14.example.com.+014+01045.private 2017-08-04 14:27:44.000000000 +0000 @@ -0,0 +1,6 @@ +Private-key-format: v1.3 +Algorithm: 14 (ECDSAP384SHA384) +PrivateKey: U2ji19bf3QQ3wqgNm1/PJUcD4Bp17Gb53UIcSCPe9yNd665GOvlRSCQaKbr+IXCY +Created: 20160302103027 +Publish: 20160302103027 +Activate: 20160302103027 diff -pruN 0.8+git20160720-3.2/t/test.pl 0.8+git20170804-0ubuntu3/t/test.pl --- 0.8+git20160720-3.2/t/test.pl 2016-02-04 14:14:15.000000000 +0000 +++ 0.8+git20170804-0ubuntu3/t/test.pl 2017-08-04 14:27:44.000000000 +0000 @@ -20,7 +20,7 @@ push @threads, $threads if $threads; run('./validns', @threads, 't/zones/galaxyplus.org'); is(rc, 0, 'valid zone parses ok'); -run('./validns', @threads, '-t1381239017', 't/zones/example.sec.signed'); +run('./validns', @threads, '-t1501789043', 't/zones/example.sec.signed'); is(rc, 0, 'valid signed zone parses ok'); run('./validns', @threads, '-t1303720010', 't/zones/example.sec.signed'); @@ -28,7 +28,7 @@ isnt(rc, 0, 'valid signed zone with time @e = split /\n/, stderr; like(shift @e, qr/signature is too new/, "signature is too new"); -run('./validns', @threads, '-t1421410832', 't/zones/example.sec.signed'); +run('./validns', @threads, '-t1561789043', 't/zones/example.sec.signed'); isnt(rc, 0, 'valid signed zone with timestamps in the past'); @e = split /\n/, stderr; like(shift @e, qr/signature is too old/, "signature is too old"); @@ -113,11 +113,34 @@ like(shift @e, qr/name cannot start with like(shift @e, qr/name cannot start with a dot/, "dot-dot"); like(shift @e, qr/garbage after valid DNAME data/, "DNAME garbage"); +like(shift @e, qr/CAA flags expected/, "CAA without a flag"); +like(shift @e, qr/CAA tag expected/, "CAA without a tag"); +like(shift @e, qr/CAA unrecognized flags value/, "CAA with bad flags"); +like(shift @e, qr/CAA unrecognized tag name/, "CAA with bad tag"); +like(shift @e, qr/CAA tag is not valid/, "CAA with bad chars in tag"); +like(shift @e, qr/CAA reserved tag name/, "CAA with reserved tag 1"); +like(shift @e, qr/CAA reserved tag name/, "CAA with reserved tag 2"); +like(shift @e, qr/CAA reserved tag name/, "CAA with reserved tag 3"); +like(shift @e, qr/CAA missing tag value/, "CAA without a tag value"); +like(shift @e, qr/garbage after valid CAA/, "CAA + garbage"); +## these things are not validated but probably should be +#like(shift @e, qr/CAA invalid issue domain/, "CAA bad issue domain"); +#like(shift @e, qr/CAA missing issue parameter value/, "CAA missing issue parameter value"); +#like(shift @e, qr/CAA missing issue parameter tag/, "CAA missing issue parameter tag"); +#like(shift @e, qr/CAA invalid issuewild domain/, "CAA bad issuewild domain"); +#like(shift @e, qr/CAA missing issuewild parameter value/, "CAA missing issuewild parameter value"); +#like(shift @e, qr/CAA missing issuewild parameter tag/, "CAA missing issuewild parameter tag"); +#like(shift @e, qr/CAA iodef value not a URL/, "CAA iodef value is not a URL"); +#like(shift @e, qr/CAA iodef value unrecognized URL/, "CAA iodef value unrecognized URL"); + ## actual validations done after parsing like(shift @e, qr/CNAME and other data/, "CNAME+CNAME"); like(shift @e, qr/CNAME and other data/, "CNAME+something else"); like(shift @e, qr/there should be at least two NS records/, "NS limit"); +like(shift @e, qr/not a proper domain name for an SMIMEA record/, "SMIMEA host 1"); like(shift @e, qr/not a proper prefixed DNS domain name/, "TLSA host 1"); +like(shift @e, qr/not a proper domain name for an SMIMEA record/, "SMIMEA host 2"); +like(shift @e, qr/not a proper domain name for an SMIMEA record/, "SMIMEA host 3"); like(shift @e, qr/not a proper prefixed DNS domain name/, "TLSA host 2"); like(shift @e, qr/TTL values differ within an RR set/, "TTL conflict"); @@ -338,24 +361,31 @@ run('./validns', @threads, '-t1378203490 is(rc, 0, 'issue 32: SSHFP supports ECDSA and SHA-256'); # issue 34: multiple time specifications -run('./validns', @threads, ('-t1381239017') x 32, 't/zones/example.sec.signed'); +run('./validns', @threads, ('-t1501789043') x 32, 't/zones/example.sec.signed'); is(rc, 0, 'valid signed zone parses ok'); -run('./validns', @threads, ('-t1421410832') x 33, 't/zones/example.sec.signed'); +run('./validns', @threads, ('-t1501789043') x 33, 't/zones/example.sec.signed'); isnt(rc, 0, 'too many time specs'); @e = split /\n/, stderr; like(shift @e, qr/too many -t/, "too many -t"); -run('./validns', @threads, '-t1381239017', '-t1303720010', 't/zones/example.sec.signed'); +run('./validns', @threads, '-t1501789043', '-t1303720010', 't/zones/example.sec.signed'); isnt(rc, 0, 'multitime: valid signed zone with timestamps in the future'); @e = split /\n/, stderr; like(shift @e, qr/signature is too new/, "multitime: signature is too new"); -run('./validns', @threads, '-t1381239017', '-t1421410832', 't/zones/example.sec.signed'); +run('./validns', @threads, '-t1501789043', '-t1561789043', 't/zones/example.sec.signed'); isnt(rc, 0, 'multitime: valid signed zone with timestamps in the past'); @e = split /\n/, stderr; like(shift @e, qr/signature is too old/, "multitime: signature is too old"); +# issue 51: support curved algorithms +run('./validns', @threads, '-t1459259658', 't/issues/51-support-curved-algorithms/13.example.com.signed'); +is(rc, 0, 'issue 51: support ECDSAP256SHA256'); + +run('./validns', @threads, '-t1459259658', 't/issues/51-support-curved-algorithms/14.example.com.signed'); +is(rc, 0, 'issue 51: support ECDSAP384SHA384'); + } done_testing; diff -pruN 0.8+git20160720-3.2/t/zones/example.sec 0.8+git20170804-0ubuntu3/t/zones/example.sec --- 0.8+git20160720-3.2/t/zones/example.sec 2016-02-04 14:14:15.000000000 +0000 +++ 0.8+git20170804-0ubuntu3/t/zones/example.sec 2017-08-04 14:27:44.000000000 +0000 @@ -14,7 +14,21 @@ $INCLUDE Kexample.sec.+010+01862.key A 3.4.5.6 RP some.mail.box @ TXT "Responsible person" + CAA 0 issue "example.sec" ; fine + CDS 50458 12 3 2e40b2a6ccd2760ec70af69d1c144064c8931e53a6b3eee78bdb9e0bafbb9c02 + CDNSKEY 256 3 8 ( + AwEAAdZOvnLtTdQjfdIqqH3stb7vI6bJlg27 + 3Tp4oRpnmnmgizDFtLQhnIv1Mr3AuwSWVIDe + avuiyWIAtfvwy0f3EYIv8Ys5kDiKs8PE1k90 + yQwfC53hxyH10GzGnAx4Sutrdkh1w4HM1nMB + dlTMa0g9yxjJ0vm/T7qHzj+3dTUi84s8Du2m + fMD6noy+leZ2IuX7lFca8SzDNmhUPTkXuFrB + /QUuoY2FyThfidT+nhOQpzftVtLcta0E0Uv3 + PcVDp1d7vBXsAEYGHr54r2vb3eXdOTmoFyh/ + byehUlPq1gDEH0mBRlWbUHqbGnKyolz0dR01 + u8SJYP6ULwx0mZ0p5BmoMH8= + ) ns1 A 1.2.3.4 ns2 A 5.6.7.8 mail A 2.3.4.5 @@ -33,6 +47,12 @@ _8443._tcp.www.example.sec. IN TLSA ( _25._tcp.mail IN TLSA ( 3 0 0 30820307308201efa003020102020123 ) +c93f1e400f26708f98cb19d936620da35eec8f72e57f9eec01c1afd6._smimecert.example.com IN SMIMEA ( + 1 1 2 92003ba34942dc74152e2f2c408d29ec + a5a520e7f2e06bb944f4dca346baf63c + 1b177615d466f6c4b71c216a50292bd5 + 8c9ebdd2f74e38fe51ffd48c43326cbc ) + delegation NS ns1 delegation NS ns2 delegation DS 60485 5 1 ( 2BB183AF5F22588179A53B0A diff -pruN 0.8+git20160720-3.2/t/zones/example.sec.signed 0.8+git20170804-0ubuntu3/t/zones/example.sec.signed --- 0.8+git20160720-3.2/t/zones/example.sec.signed 2016-02-04 14:14:15.000000000 +0000 +++ 0.8+git20170804-0ubuntu3/t/zones/example.sec.signed 2017-08-04 14:27:44.000000000 +0000 @@ -1,5 +1,5 @@ -; File written on Tue Oct 8 15:28:55 2013 -; dnssec_signzone version 9.8.4-P2 +; File written on Fri Aug 4 16:23:33 2017 +; dnssec_signzone version 9.9.10-P3 example.sec. 300 IN SOA ns1.example.sec. hostmaster.example.sec. ( 42 ; serial 3600 ; refresh (1 hour) @@ -7,237 +7,321 @@ example.sec. 300 IN SOA ns1.example.sec 604800 ; expire (1 week) 300 ; minimum (5 minutes) ) - 300 RRSIG SOA 5 2 300 20141212121212 ( - 20121010101010 516 example.sec. - L2S8qd2eLKNZZSLsCwPtfw6oDRyWSTTj9E7a - 7kt2uCnwCpNFFYuNSJp8NgEUkjWHO2XWbTSt - gpiz4jefzxG6wiLH7LjbDCNVhljKkwIlicP2 - srahJ9oUGM+MdYXHKKHqAUsgzeQQi87psTQL - KzDjN7dV9LfxBPXK1TybQg3ME6s= ) - 300 RRSIG SOA 5 2 300 20141212121212 ( - 20121010101010 44427 example.sec. - HYXfJCuz0aBt+Ye/+vnk4H4EOHvhTCBB6+BE - TJLzzSCuNtrOOdhftFi58IHBon10OSsbrp6W - SmiCAte+JuijZ0VNK+90foCnW5qVJy/KagrV - U8rhmUcL/vMsxEBHtKadu60UO0800FNi2PH2 - nS+VvXjM5kKA+F0HiPTaLcc9Z8Ez0sQslhmI - 9LHgV4kd/XvXJ5E7oJwnd0Ex5MCXUwnFjvgU - t1iL7s8Lfryfy0av0y9z9+yHqRgywoyHiaF5 - 4UtIpQeezu5MoqbLDh8w94tfiAMxGJH20JOZ - ObaYPtc887wpOlh+iDNvAl2xKqce5KbGbxuV - 21Pm9R6zjhEFlKlcvw== ) - 300 RRSIG SOA 8 2 300 20141212121212 ( - 20121010101010 48381 example.sec. - ICsoYt1gdoIS4d1VRon0e6DZ1c0nK3UDHlFr - +or12x+W7I63ZwFz2dOtV4nW2CN44ElhkxG3 - wpNzy2V5XKk5uHWrc0aMttwsOq7yguu3Ieee - YahgmGBzbsPmwBszuMXyIyGH21DOx3cqe38f - 6OT9RYiH8jYQtz7jhr/dR5eaLk3Tf54GrPQt - c9ltFgwgb/Z6nkKsOTu6OnjGxCsS++hfwLM2 - Dp25HeLxAfdwyDqvZn+tIBgqh7+SAtfrhZEU - 7wv0YKD7GCuxhc1ci+CQpDuHJOSBc/Se30Kv - EyPFRPCwIrH1IuVIU7SJ6UgNdDFcPGNiKmDF - Sl1aeg1YIGONZtlV4g== ) + 300 RRSIG SOA 5 2 300 ( + 20181212121212 20161010101010 516 example.sec. + ZUaelSGCJvMFzMaQy77tad0kbZp+dbTSPSrC + T3STmG8SlLx5XTU+gh9TC9gogFrBe5Yv51an + aMUSREyGWgjPeGQkC4nozxnvXsqC1THqjrZz + acHk96pKiUeLhCiqXXM3XLT7LS5dIwDQ6SUz + b6croHRgfwhbWakKO3Y2fjQjGxI= ) + 300 RRSIG SOA 5 2 300 ( + 20181212121212 20161010101010 44427 example.sec. + VhaLnLhWTPgDn9mxsaHekoDaoO2L2Y7nQ48/ + Qf+LphujRkprAUB5p/FP+FCpuC0ZFi+6DEeA + J9DB1CRxbrefursnTnM0HIGH8qv1pC5ugCWB + i7St+pPPUULdxbasdVlAzEAo9L8uMx+qDl/y + WEo/WCrV93FTM91rvLvd/6ZYDTHaIe4Q34xF + 5wgZ72UeYwh6yb4iCaY8BT7E85vpLnb3ljn8 + Sh7EyctWmJFUR6rHaMliVibGmPaYAjtl6NH9 + Lv8V0H8I++EntvLCzmrICcfr/ZHbZUUdvlyh + bYOhSCCbR3GEajLJ/isRJP9se5nNdmQKwOtj + gpjWyP5KqOZ0a+J9zw== ) + 300 RRSIG SOA 8 2 300 ( + 20181212121212 20161010101010 48381 example.sec. + JeQBLagZYcSSUcjMSKqDTitliweSc++0c/+c + MIbUjKIySJjFbCeDX6zaZ/R7xvCC5YR+nUVn + byghJZoNR7sATP5a6pT4+7u2oYOuEjryqKZm + Qo+KTsbcULnuyQDGMgyDtzQAoZMVSZF88AtC + bLKHHgQhsAPl+g+1zGgvFKyoqmzPHuCidSeq + y0pX8IITkES+PpqgO9VHC/orfwYiTRDdunoa + USPwiXUpRMXwuPH8F0/BHkf0wWnk0/9MkhZb + 5Xmltt9L8BU/wO9tFWMMlvVH/CQX4swNxRlX + UNDxNBboRczWb4mbnzjJRDm8V3RYlDVIh3fi + pcyDncf5QtpJvKCgiA== ) + 300 RRSIG SOA 10 2 300 ( + 20181212121212 20161010101010 1862 example.sec. + JwTWJEU0r+bSc1t5KXDRo+Ykd/EjTmpD25/O + 7X14X55IWELlUV1NKHUfGAE7JcK7HUFj4ADx + tKMYHU+FQRcbdzYhTLwtWLYy/kol1WHWP2Hn + 9iCzY6Lx1ZHkrM23204osCor9q3+DIuTF2rT + z6uDBeSF5SHCmft9SmJWFEgI9SH02Y1GDZB8 + FtA+EMe3pBG8o8yJOQY2soaTiKG03ZdW9Kl6 + De6Wdfg5nDeCN2idqN5l3AH+P773gnMfuaCk + kRhfZ2dK++J6H/5EJ1MHd5BZ1TN71r7GSqUh + +sLr/Qs68ZaSdNEF3HFLZ8Dt4gW2GvigoqTQ + 947r5ge941Cro4uP7w== ) 300 NS ns1.example.sec. 300 NS ns2.example.sec. - 300 RRSIG NS 5 2 300 20141212121212 ( - 20121010101010 516 example.sec. - Is2FN6iXMylX2qYT7PVbW3jzSwLV9egXRxN3 - Al8PGlBLZ55smhDdkDc64PiazFfK/u7FG6Qk - cx8SCA6MEVaDALtSU6qzYYZ89X/QBmdeQCUb - 5pb6A7rMuvxWKZ07NAZ+M+kNBrcasVSuX7m+ - 7+95oWQo0gnaGegpP7UTB25zpM0= ) - 300 RRSIG NS 5 2 300 20141212121212 ( - 20121010101010 44427 example.sec. - nTskckPf0Gaj3CFbzSZXRA6uBQ3hDGPXmJT8 - HahnznWdnMq2w/gg0I2VSmTb8PZ84To8bGu+ - 53hbxA1NBlAtydTFYrdh3H9qcAnP4ASJm8Pd - NrXWEl6N1iGiPXUHawBpWy44MGu5mqVqUHUn - tuO/ERBRNudhvp9zouLehgrtWcW5BMq2q8pK - R8OZxkd4YJtbVjv/1N1yVyRGkNg6XJLqbbf9 - pW/btCU+JPoOJ4g6G77T5v7m7PH3yYrk4rTz - 97KMrLMqh6Q4pzwr/BjjAV2vs742ieo8UKKn - tAL4GsBPOnd7EzFuadI37+EGrsSAHOMbnD09 - yp7Gnu33Ql5f4Zr63Q== ) - 300 RRSIG NS 8 2 300 20141212121212 ( - 20121010101010 48381 example.sec. - qifctVQsOnhFpUz+d0xcVK6nNu1F2IYwrUhM - H+kwNTFYJByMGmiZ8Q7ezWD/g40SOBw5T/TP - xwHyXHRMr8uqbMFQsEPhAM6Ly14bj4JygnIb - 8iuVfnTWzNhZAJficuuLFaX5u1aJY4N9MZCD - okYBI6AMIVuTI3GRQx857q1PxMdnUm5KmsAB - GqwplhjhIAhHuDygJ/2ZR6aQeL8GJTF9CdmW - 1av2rJzOdtRfgHmU056Fof8tvB73SbW9Mhb2 - dECJ4vYJpp/VfywREcLzcG4EcWDmgHvNgbzs - DhSEGXAj/ytIGRshPk8j8tIcHN//soqfV9dn - 3Xv42NZTk7xt/Q+bOw== ) + 300 RRSIG NS 5 2 300 ( + 20181212121212 20161010101010 516 example.sec. + l+fqpS+kssvC9xvQ06eiXo/j4UdAYdNDET6X + rL/UE5RLQMT1F+n4lqFawdGEFisSF9LszgRo + xS67wAHx5lrm6cfOwkVsRRL7isA/tM/RYaFS + 4M0LqTuoM3pPIUr9qbFfGFRPW0IW198q2KMd + pPveE8yc3AlJvaqh2/KzHNPrzUQ= ) + 300 RRSIG NS 5 2 300 ( + 20181212121212 20161010101010 44427 example.sec. + zU6ylvFVb7xbpUbGbCwgA0xRLt/J4iZ+qYSg + 93c1IN3tkNEJkcnbkJfTwxG2kpgAdOU782tY + lOyNMyT9sujFVSsdMxGz4MB5x2wefaznuJRc + ERGwfwxGY2Bdwe4z1/OGQhU/wppuukOR4n3P + WihMo2v04TqcY8lNahglBjvKYLPDWRiW1xJI + XfQg5A0pha09ykfjaDmMyvUZ1BtnWtk0r8N6 + gVXDuaSWc3fqS0lcRew4PW6D37Hr0Dk4uFnx + zNHY2QkejV1+FCRhZjVWzX4ycyIEHqXprWed + iXnIiNdR2oYfoP8uRaSpoIhYzaXtfSvtXLQ6 + KgHjjsi0LC1sb3N52g== ) + 300 RRSIG NS 8 2 300 ( + 20181212121212 20161010101010 48381 example.sec. + uHjuwG8FbPQqBkDSCaL5FIBq7tLnIPII7vGU + dLN07Fb8jrCqYKiYtBWXn44JSRnhr+lJsbrh + qTUkKmqL/jBSQwwv5nWs+Xq93/FHfzBLsM0b + 2YDVTCbFYY0ui0TU2BDmdkCeQbmcQXPI6Oer + l5GILqLmlsnW5ka/jBA3j3jUBRFtVM2uTKTZ + XUkzQAhA3F63UfnVaZUwA79ix53BvmnefD19 + V6yJ2fCs5Prw3jWtvQCz4qDOM+MnNmxeIYZQ + jL/iW62FadgScYPSq0pPYYCJbPTMJUnTlfsa + L2DRZ7D496e7XvgjP7yui+V9s5E+3/3fOZmw + 9hVp2SL65Esw48lmQg== ) + 300 RRSIG NS 10 2 300 ( + 20181212121212 20161010101010 1862 example.sec. + RqC1fn5PA7hDmsv8/ZywJWMGF5NJAsCHZbs/ + 0619xJe62kVDzky2pIT7C5XiDRwAdpvZeCh4 + 0CRYA6ejFqQLai3oVuvcZFSenQJNmRxzuH/Z + 2hq84kGz/3bsEL/GQd3zyL9mNO7xgm56dm7m + q+UIxNwx8FFOVVUBKSSDjsnCVNTZKYmwIZV3 + L2KdaKwOn6Jl4g4ZKuFlKyPadJM8tAO+Gjd6 + YJksXWWIiOoqpNwuh/S/9G9iveWxziHM35yu + 8Fs3Ty1oYSKnzWSDgfFfnKeGelcgNk/9KB8f + 8OHUWAApgWc2qbSxlhrs5McTKyhcdBAnqzbK + WjgUVosg4Jnjn6mkzg== ) 300 A 3.4.5.6 - 300 RRSIG A 5 2 300 20141212121212 ( - 20121010101010 516 example.sec. - REruNlWPhPdn0OwDISrhCIYEHLpL/9RrAAAl - JNlCRluGECUt4pKGBcNYsFl/BCu0ZSaGu0ol - c5gvD9CsP92HoiWhFjmJG8epEiblcUnQmYfK - cfqhRxb4Pwvaw5eP/p5ysBhhJhcklLs0eETu - UsqFT0LbnDHkLZL7SX0EvlMCNWY= ) - 300 RRSIG A 5 2 300 20141212121212 ( - 20121010101010 44427 example.sec. - Zs9ZU25qM+2tWswmMNbByYvJmFdC/x1Hzc0E - 5kdb5Z7x8Su7Qir+sINQtqZ/CmPextOV746c - bgH5Yax+G9sCJK7ssVQaCsNB4rcECELDpQRP - 6ca7+dOQ3pMGX5a6FGO+b3zucLdexkWf9VKo - zS0BTnjDl9R0sVr1FaN29YbjtRJpO65UVfKV - FkYFIaBQCS+E5/cLzTzI6iP8ZThhzgDd6Mux - cHxqGtb0fXKP5igpEcUHwh/+G5h5RthvSCn1 - nlo35njMb4UR7q5WPUSrHCv1LB2KdqxHBq5u - ckS96/q2X/grY4NnFr8f02+ZwhHy77VqPcpL - SKoobHQkkMSaY8F6ww== ) - 300 RRSIG A 8 2 300 20141212121212 ( - 20121010101010 48381 example.sec. - iYrO6bkdXX4d8SU6yay5yY1rm3RPcr6eQSbv - NIZSiP4T9oM96uEXTeVt52RNFSH5E3FPctBY - LJ4wgga8MemwCNi3N+SLtIKQztAFb1TxgrF4 - 1tJXnNEtsMSpJFxNSSDDWye1BgAMF6IE99Jb - dGWGm+n/GV/UOCZrHTJs7cI+LtDgxJq+3dys - ZD+ZO2uncAm0Z7o93HQqHpNzmZmhNOy6RTaC - D2RIPo4fwSfI8LmbvOpCOUhdU8cKv/ruhuaW - g9163lz3Nyxj30S2TX1Aj6QDAZbGYgi+t+Q8 - ad1dOqTam5DZx3ksjyjGDz4UEufJKFa7SG5E - UGLnRHbWGLZaMcGxcw== ) + 300 RRSIG A 5 2 300 ( + 20181212121212 20161010101010 516 example.sec. + q9IkSE8SR3e6sFKsFyHl82mKw1yDvlnHEUnH + T3dHAyymmteFobaCSQqLTf7yWu8yu65kam8c + g8vUm+VLDEeqAlXTXqDlNcUhPsIYQbHvdSr/ + 4toES5X9eWZL3Qrcjjn5qarpIcz3woiD6d2I + CHmeUgyU4ZCfgKp7kX2bmSj7a6c= ) + 300 RRSIG A 5 2 300 ( + 20181212121212 20161010101010 44427 example.sec. + ZKGRCTHYjDBFSHJ2tyeo0kUhJaUdKgpO3CPx + EYtOak3I4HBFUn20GvxV6gA04g6wqWUzJlmt + 1vzW/x954Fbz5Xz6N3JDFMmNRdXcqFqpGTXL + zuGyMA2yo3O3sFUXOl9Yp1P6/LDApHS6teJo + Kt8Cibn++ZrcgV9iF2cc8i3e0KJ/14LexPSw + d39iokwrc0K5FECT8BhQ1Tv8uuDjOOA5WOQr + 9cslS2bR96gcBXHCVF9IA2ZfgUvpbGvYX7gI + 93Ke5wWxfT7QQkhP7Ux0ulEsNVXTxbDkqgJV + 5CsyxBOKQDWCc5iQ/IgQY2N9BW8sd9lZ+lgl + XoFm3smgQQBd9lt4VQ== ) + 300 RRSIG A 8 2 300 ( + 20181212121212 20161010101010 48381 example.sec. + qfWdvC+YOs8XEdMzPOgk3QeWMH5pLTy6Emea + k53wChLO5J11ZVGRsILxP7ewn0VFmI+nzD5t + QTvhSeaJlotPkgGaL6UOZ1SKQ2TurGbU0zpO + /YkSTCGg9trliIPSafs6NEQrXCtyG889H8GZ + pCZJ5YhNz22/F9/0vOfGrVlA9ZCLYOOwlx0t + Um8cmyzWqOud7Et0AzF1t1D78iPxJ21/E0IE + T36lf14IsoJNkcSZcEEg8Rc27vSQsBSUfIFh + mjSmLmnHRwsAG26XqJ7enaGw2lq0XDDMzaFI + MvdTfsmmUmhXXLUyuLPtYURYkgCvygI4uZas + 2xs74kWMFcRY4UxTRw== ) + 300 RRSIG A 10 2 300 ( + 20181212121212 20161010101010 1862 example.sec. + dunBRK95/L3G4kIgV05yUMk4KeM1kuwpmtMe + DpMxGCt4sG7M43zmcTN4lvcBPVu+pJUPmiFb + 3DnF0+R/9wEpy06s4ldITPCxRZnfNpYZowUk + ThrnO6GK3CC7E3Z89l4p9waBb45Ej3igEZ0S + 8s4RNQhgKUdEnmx8uR9Qhzg0Ep48saui7vrv + gsmf6xLopwcyaIRYaKzhmI8aAeBSE22Dh3hd + x/Pp1W60r0ZHUcH9r+p8dpaesbSvRWbhKuBc + TUSEaL5adDUVLLfa17+waGlZOFRHX92P83zH + ChaLEKBDJt0RRversJ+fzFwRfxELYlOyYzD5 + qqVmnfrd+adA7SuQHg== ) 300 MX 5 mail.example.sec. - 300 RRSIG MX 5 2 300 20141212121212 ( - 20121010101010 516 example.sec. - gcagSolgEmDVIc5cU08Zt4K7abuJ5aXWxWbB - xe4F6fz2slHoG09n8WUxUz4duF4omLAtnuB+ - uW+79fdn7p+EwhzBZ8ds8WIlGSdtI5edU6cA - A5SL2msnLqv512puF1wXxrVoNYBdkcBgFjlR - VLpKMhBZR6dsYkr552R0qcJP0UQ= ) - 300 RRSIG MX 5 2 300 20141212121212 ( - 20121010101010 44427 example.sec. - XXsoPIEF4nldBqzujYDPNefWYdo2BO31uXli - nTd+bjPT5S5fhBcTGqWSSOW2/hTTdEjhd7sA - 9crpwCNex1BV4WySdsctwwwxSi/uQDbV4Ld4 - GBtef94RFwtAiDs4kE7J8LjDrM10DKmQxTTi - KCU6u8LRyQCTS8f2XcX0HnM9z41z0y7USNz/ - WTAJa0e4lVXv4wMPfQRel8TAgBc9RNUg9qyd - c8JFGlpxL09tXA7n6LvBoqHFDZSHf2eSBwDk - 2fwsqHw1FF1fcMkAvsv2R8P0yv+oJkbT5Dv8 - AKzyw2OVTBygImCZpREtz3OBs8R4vSN6RF1K - HTEnfuPVunKd89zctA== ) - 300 RRSIG MX 8 2 300 20141212121212 ( - 20121010101010 48381 example.sec. - qcDxTb50zfqGgiIsk8x+0pDm6AAFdCXy1+Oa - i3SfnVrUYKp+BUvvPPZasEj5+19O0Ih1jdPu - 2zB/Af7jS0pp2LwdN5dh2fJGvf4yId1sZfD+ - FjwRXli+F2MP+S9cEqiICk0aknEH8wEHNjJl - DkxtCWtYvfbNOJ15PhtgspolbDh+WKNgq0fA - JcCqkyaZIIQvV2YITqzXDHH0K+jZEqVIfa4m - SCbYidkbBkeX1JsaY/RX0u4mM/CcugGfrVdL - PxfeIZDJh9qJ+WxjR/tVSs1mhOBRTeBzlS3m - zNnlHJovqj1KRPFaNWu2Bg7V/9cQMr7HnoyB - hUkYh17aBRxZA50ttw== ) + 300 RRSIG MX 5 2 300 ( + 20181212121212 20161010101010 516 example.sec. + j6ABEspumt737VkKITDnM6TZ3hyGqUsKQDsb + yHl2FEoebBXr37+6e/0WvoH1NFovuM1PEDTL + lwJvv/YdNHgUmNphP581vUQter9/xMJXLwBR + 3BHcV3r1+djzRIJ1m4ZUXQ9Ph+B4hkL08/cy + QSiVR7FHEMLS63nVyo/YKhvMLWE= ) + 300 RRSIG MX 5 2 300 ( + 20181212121212 20161010101010 44427 example.sec. + qbcrNIqYGCAMB9+lVjpx+P8yAn43Y19uYbIa + YQza9Vf2d7p6cosbcONv0j2WjTTImXbvooot + RYyLHrwD9NwBMxhH4KD8am/tsgGouX6Bz7Nx + kglq9UbRSRDybtEXbbSRXHh5WqGdifzmvKMT + 036OX6FwLoKLOvgHcEx+CyiW9Ype10LIhkpY + VMedUPynLpXX8q3wqDOW3dK8XxEMQAr4/FYU + pVj4cySRQTygwOfFHpLI5yPsm5VuWNLQ1TKX + gLuDZfWLxrBQr/xK3RdVWTACo11JW1BDsRKQ + DNjHbcng7SOFzkYzgV+BnMXy8n0gXqnL+718 + PffuMjRCkljCibvklA== ) + 300 RRSIG MX 8 2 300 ( + 20181212121212 20161010101010 48381 example.sec. + yf1HatMaCU0CDEaCgtYKYzF4DlpnOBLQTHdX + tn3Lh6unhrn39WlHivLzDoWksGuE3HI/z831 + iRT7iG85aqRlgQpX8nldszwKQMC7KUh0R9nL + dsLZvHhEmUduo8dudHuGEcAjDUw2M0dT2ReR + wLZb0wiGowmDTT2u3RhHsSW3hDYf9KVsQBf2 + G4ax7Oa2jdc/1y/hFJJGuJ4RmADMKGBKwgU3 + LQyvr12onH+SomYv7Wufa+IKxwLVVHRcP1+X + yx9vTixTcTJc5iNKxa7bZwVwtK9HRYSxlbF/ + 6T4+JX6RFcY0pWwFfvkNl15NPqTZyiYJzdr3 + 5xcOWMMnvD7oVygz4g== ) + 300 RRSIG MX 10 2 300 ( + 20181212121212 20161010101010 1862 example.sec. + AgetqsB/CZ/UjSj06mTeO1WM1UzfUxmuKIe3 + Ls+P1yYJBwv7S03HO62uuuU3c2cvcv2S/vR4 + bAeU8cS80cz05xQHMOvyvU5qesJuSM7/x6n1 + MV2rnr68KxlFev/ihZTDxY/VNykr0Zh+abNq + aYrXROCjMak5XY7GJtxhhC/guZWTHKaYYMW7 + 7AyD/KJQy3t4horHs1qRMLYVaB/Hmg4wlNwh + HMvqfyQpPtKvq6fUX9DBo1WxAmkoJQ8C5VG8 + P84IlLD4raAPpmKeb1k+Y9uh3mU5CTNrYluX + mgVTyqQljzutS8efQLwU38turMxqgFdABEdT + 4Fov31RylTYYHCpq8A== ) 300 TXT "Responsible person" - 300 RRSIG TXT 5 2 300 20141212121212 ( - 20121010101010 516 example.sec. - W5OGt0M32rE9ap4wt0EOv2XYrHNL82jXfUHE - f/NlLZBTrsZgOtv/kUig/mfynYY9UT+Nabrk - GZ354v41yoMjRs8T8xYPW5d4U3CkeIGldzoj - ccJYgvbd0kfirTLnFozQmq/NZ6XPDeSUvmPI - zNzyu5MWG97toTkXWXwcoEcNOZw= ) - 300 RRSIG TXT 5 2 300 20141212121212 ( - 20121010101010 44427 example.sec. - inApW4wPqSfEMEHSrT+X9yJt/V9GJdSu4h8r - QvZurxth3xyqOezB1fdffF3Z37wd2tDdCwj4 - f9vuTNlFYjVaQe5Q8555tnEpVTOjXxwe7FfP - cPGJEj4ufh2R+k5PDLqLiom9HZuFMR7qO6+K - iSHbnThFCwN99hX70YtHxlv+tohZdHpRJ+4+ - 68bRfMkZ15gQLDRcaXG83zN4QBup/n73eSsw - zWPi6ZUuMbK7tKXqLNupXS00QsIqhe4AucP4 - 7bjlHLo6a0g4ds73l6LSHr6Mxow968mM0dQ/ - Uxhg6o4dFujGNjwEzv5bQ1LFnhgOyh2MG9ue - DgOl1BUANskW35uuoQ== ) - 300 RRSIG TXT 8 2 300 20141212121212 ( - 20121010101010 48381 example.sec. - QRfJNke6ca9HqkTzuIreT7bMmNbrEas3mArh - K84gox4s4Y0Ud7JPn4iusX7JyaIsY5Yzbmr6 - BtfHTM0DFC8WgCdO6i37l/illpJOJ1TEZ7Cs - CT/HUSOVxvpOS94T2hEoDXzDZbnBhm0mRERC - N7VWoio5zxzX7Gn/iyNeJiYOzyayKPQoOyrO - KgfvlWnbk8MsN4a/KVHYAZ7xEYDCbWNw17dE - zP49wVJTNK6mQ/inKXnzmdk2QVBoNhE+OPHo - owIUzavwBUI0MiFMFtD9OULrH9JU+t2wja/u - VNzHjz+i1Ka2u1Y879b1RHCTFcDaH725H6rN - kQSSwyiCC5yemHP9Jw== ) + 300 RRSIG TXT 5 2 300 ( + 20181212121212 20161010101010 516 example.sec. + hOqntsY0coi126BO7dw/eTlLhiVA1DDo7/cY + MHxaPAxvLpU2QPkvgie5T1eNwvJoezQPqieW + QA21Naq0hH4x4YAPSDVwhDmKQ7bZJm7HeWxE + EAA3TIr2tic5FI7kqhHeczvYX9CIB7lMA3Jv + kH7xUYJrBLO15f7vrEV7yifJX6Y= ) + 300 RRSIG TXT 5 2 300 ( + 20181212121212 20161010101010 44427 example.sec. + VoRm9hszby6JmfJ7rAhTTvsR3C78pkJVy63a + Xi+Bx6q78hXFE9bGKW6qBqKxG2f6j3S+z+Na + UL7QtlcYNLKVWgvaQK137pDFZMMWTp7tWYEm + Omgxn3+2f+JWT/unaPWcmphlfl7fCEYqSkOs + 1YYTnVuDXf91TNo+mOwMVKWu2gg7WR0jp+Ky + f1/2jm9jt8zv/0vlbOcMP5DqLU6ajF2Lqh0R + e2gr3812E3QigpG92E3Eq3H+mZUKdzuBqHec + B2j1iKEqfGpykLkzblvuzEUY1AL6nrOYvxkE + 4SnW7B09qh1A3opM0y3XZGm/DY+fjq32PC6A + DHTdTuz+ftk6tOMMKw== ) + 300 RRSIG TXT 8 2 300 ( + 20181212121212 20161010101010 48381 example.sec. + V6tkO6CFnsbBXhDYWuEnppbtLN62nD9q8LVw + fAv6/jRAfw9+gJw3rUNaFg9sFwjhK4wY7FZj + +JbUDX7izurv5udlORXkdMODC874kVdrbJ1q + sE0JMu6lrzmi6PopiYeb7AEduXFJzktFIaio + dCbhu9ZY3k0s7Z1Aox6cVzYH+KljAgvrsItJ + olPKJpPajjZGJeS7LMxIcuLs3+LMfVl27Ehj + Z8PBfomJ5AXShwdCJ8BzyD2ue3L0HKnMLG86 + +zTPVrjq+d+bxP4YfkYlpHQQ0cO1U0CkVlAz + 2yw006HbE5n9hjyLwNu+p51eDWBo57LHrxO/ + CkM5kIxNl7fyq2T7JQ== ) + 300 RRSIG TXT 10 2 300 ( + 20181212121212 20161010101010 1862 example.sec. + fC7OMWgo/mj4cPKb19Npao6fPdso8/9zhLjN + YAN8D3bTeAoioW3rJTCM6Jejx/KfPaXDyQ3u + JeBO5xC5rGuE/RpGphVmJOp/2kFvlamqoP1R + PgKfQC7lOcIQlr+LEE5FSUwLRgWsgeQS0waI + AiWbdH+X+lFPBl8Els99WWcG95VzzMqC9r5g + FB85E3LkLqLWoX+NJNGHVnA4c5M9m/OKBdF/ + 4BckVUbGYx0piazHcCEvPQC1vYoxvBw7U6ac + fz6vmYzNEBE+YAQi0bCSEjWxWDP/Qhl2UBBU + OuyKFo1TteeBnvPSkGU8YludcfYHOMyIlSCS + pgCM7uEM5PUAka1zmg== ) 300 RP some.mail.box.example.sec. example.sec. - 300 RRSIG RP 5 2 300 20141212121212 ( - 20121010101010 516 example.sec. - JuqZzfAFhs9gBrCGKSQPmq2cOzZSum4PzvfL - mCXjZg5zYXZUoW3HKboRpCIkQzuKKZWJC4PA - jWau/6mZCE1Fsk33AqkHB18mn+06fPtmFAZY - UyRjfWmbyoKzqewbfLrCzdwqjfAVQEhCjPfl - jarWyvCYn155l8dW/oW3/ib/d84= ) - 300 RRSIG RP 5 2 300 20141212121212 ( - 20121010101010 44427 example.sec. - HfYsVtUxudMxdmeRXfXpjoJx7700b938l0GC - rjHmH054yb7r/gwvQT/7ZSglHRiCeLINtu0u - K+3ejMaADM1SIUS2X0/K/Wv9wO8i826CHjp/ - EZ0X4GQLMKMqgvgpzVYldA1Vh2XUkPswu9Xi - /zvp/5SrjBPEAD7QlyO6M5odBvqIGUv4ZIJR - U6QaQakv0RB+gb1DLOwqwutpyPUZehMEGeIn - SnSZZwq1KUyS0Cma3KNC4aYUL/SboSeBEHPq - SXG8ueXAPNoa5fDP1DuiOB5haW4yomuRa0as - wBaFLcjw2tD5jDNwvLfUxB8QpslaUY+Js2M2 - F2m13hC8T8eZ6pC9zA== ) - 300 RRSIG RP 8 2 300 20141212121212 ( - 20121010101010 48381 example.sec. - BfTyse4P2G1V/6L6JNZlEKT4OpNEXw4zIIDf - xz1iMdFHyDCng53xlDrm4VLCcjkzMmllaPid - HtZ65SfHpdJncaLFsFSSmeiSg/UAe485LSmD - KGgTxCHBmFT+FFoFkimbn8L2Jr7V2FQQ2ILB - /CAuWpBSogX5N6vssiLEbVcfIQlWzqod1qV4 - TPC0xNinSmtD0eTep1L4ZVGJHq8ZI/+Mzzrp - RvUCyWEEAD2H9BBxhXY/D/qHeQsvpFVsJUwY - cahL/AIjdbksEMjkw/KDNTs6WZWRluskvVy9 - NfkzBioZk0xGzryV8xfiBNbdVkei708PZDyE - BfNPJodoCmqHS0w+Pw== ) - 300 NSEC alias.example.sec. A NS SOA MX TXT RP RRSIG NSEC DNSKEY SPF - 300 RRSIG NSEC 5 2 300 20141212121212 ( - 20121010101010 516 example.sec. - Q1MtdC/FeeI0yxUEuR2yE9LHjPdKttjFUPic - BpX7FaxE0YKgk3rlodPoL5dRz3rQWI7I1Wfl - EPQKOIZTWIFrRvjbDamwnsa25m8CCvIMUpbQ - CvuDHn5ycbpbEpaHfJi17sCylGoj3niCehwg - h/uOOigKQHLQK8DTgN0e0Ddxv9U= ) - 300 RRSIG NSEC 5 2 300 20141212121212 ( - 20121010101010 44427 example.sec. - bTXEqJah647l0EOnVO6SXO/XIJ3bQcFN/Ci1 - jFvtPipkyk2pQvkwuWlRUyt8ip4fjuHgCDPK - D7ODTzMEiHVZNuh7bSv7LoW7bpM11ie5qnO6 - TfyOYcHjR2lYHcDNjwGTUjadN8yiAFUBAXNq - 84h34yKA3slx5DQLaNoA5a7XWr0ODsslDll+ - Of9EwBGhjHvlyiJrXT3VMUg/SBGndxoIZrtN - CGON0mkNI1Pk/ZSqyib29N1U8POiP/wPAz1C - phG7IAlc6PUMiXegNDanaWQuPhOI4uV+f0tV - ZDFa/9mIAgF3rZC0mqHDk3h0GjJn/Ocbp4sg - RoGUCOcPuZnLlyJ9tw== ) - 300 RRSIG NSEC 8 2 300 20141212121212 ( - 20121010101010 48381 example.sec. - g9vjezK5ony2cpKX7v/ISk/XEW9VHFUd99pH - 4QV6SrX3J1OVQ5PzrKCyN/Ak1gWSVrETtIfv - fLpvxHxBR8EWZdunUUTi0ElrhVY0xW/UT+/s - GjaCTcuTHRhw/ee4bdcE8aH3S5FCFzZPa10E - w8K597UiFyzZUF/LqjXqSoI0fUvRTSwMQ/ZV - AoNtBi/3dP6ItrvIirJLMdI8QXR/X2segPyW - DnVfK4m6OzyNbcAV/9NaycsU2L6MiUpwPTNy - um5LdGwiUJXfVRMbD5+CI/UaXhozoNbAoy5K - 1Zr7mZzjl9l8a3WAkeAUWxT9H1xLWX9ux0FC - yO1REofyVJ0WPnGKJg== ) + 300 RRSIG RP 5 2 300 ( + 20181212121212 20161010101010 516 example.sec. + Po+c+7fuZHTa+aFAWg+6Jf7zkmr3qrISwh0n + 8sX+b0D1lS51TSH9ehLDSYjzVEJdGpkvun8L + CfapnT2cqFvRZ2KN+7UBEbRjCdIYSfLvDWaC + 9hqglmtxuKcH6mR3cbBFbB5x3qm3qQBh4CL3 + 5g/VH3btSpfLA5wq7DKJw4iEHB0= ) + 300 RRSIG RP 5 2 300 ( + 20181212121212 20161010101010 44427 example.sec. + KMiPSeGt1Go/WLm2Gzs3F9SNXtm2dndVRlfl + qvgNlyx/fpzNvW6DI0fLeTTTrZZy/nDsRgbr + AbEqO7aCV1wQbGb+dZLGyyNp+VUkN4fbzgt4 + yH0mYU5ba0e0Uktpnx7PZMdbzfcK6C1riNBi + M5B9hFphPcLZp7INI5JmfsZaWIKEOGrSCq6I + rKVrt9XA1m0lL3Wo7e3W8bz9xw9WKhObvdv7 + Txx3b/ofL/PQBFiM2DLq7aJq+7BzLQ37UxqI + mfbup3qpUPON6kKmMmY5PTTg5XdNcOqgTRzs + 3eXVJOkiXCaxnhMGZjPJJUOegRSpAguO5avE + 3qIoqGFSZy+WXuDzxg== ) + 300 RRSIG RP 8 2 300 ( + 20181212121212 20161010101010 48381 example.sec. + yGFkdmcp30W22O5x3rQ+mIBM0JUZUyAUKN8R + 9RK1RAqw4BWmUwH5ZY5srve7QGirPNQSU+sr + lUZ5dwOrqqd3wfqfhQsnovfsnXdrDOcpt2Nj + VJWnFY8uyUAfSPhhSPgOnzRJtV7WniV8G/vM + 6ctiwxQQZKigKEiPMAj61AO9nZgiR/Jp3Xav + yg8aeQvdPJ9TQF6xxlcRwfAINO1Ba3twvOp/ + t+nEETzM/KLyxy9QRh2WaosxdB8seDOoFvW2 + CU/z3ALKzwYtbNjxFNkJBfJqYl3GH+rf/V3X + rO0hqk/GptdPtQ0Vi0F9H3adMUYpCavAE9Dm + slXrCvKeq6b+16f+Xg== ) + 300 RRSIG RP 10 2 300 ( + 20181212121212 20161010101010 1862 example.sec. + DW/0qQc6HV/qEEjmi7c3blTZAUajQT8Wll45 + ASYH4rqfwwTgHt9zSujALbDLuvN4Hi5z6qu/ + 2xTGfnXj96YTvjYf7FHBWuCk/TH32bbo30zJ + SHK+tWJmeMvUg4WnIgutXlbH0veGw/dYXyn0 + UuTX2K1kJvDNl76AaaqfRjF5jMXLQdJ8/115 + jRRC2t/xcuPQfzzPmFlTWG8yzjYQ4v2q74T9 + 6W4r03tbvuLXlfC3+OBbyqQLCIIvgt2nmffW + IHuLZZm67TD/XdMbeZ4Skqlx/WjrIs6kOZGf + 1f4T+fUmq4SDzbTw7qZ/wpC7a/FMoewKshJz + CLI5G6UHTnuq098zvQ== ) + 300 NSEC alias.example.sec. A NS SOA MX TXT RP RRSIG NSEC DNSKEY CDS CDNSKEY SPF CAA + 300 RRSIG NSEC 5 2 300 ( + 20181212121212 20161010101010 516 example.sec. + A6DDPO48A6D8JjqHyvCPkPshwnEHzbfIQFtw + 2+U+JGmN/b2/73aCZfKoF7sOS/hTv1hOwFX3 + OJGMeDATZrQBdpuWEZmsxnJkOXTg+0cSrAsU + 9WfsJqPcP+9uy7vyUuNTjCodjqTblFlAugTB + r8BpDsXhD805y7/2pY9k1niJ7iU= ) + 300 RRSIG NSEC 5 2 300 ( + 20181212121212 20161010101010 44427 example.sec. + pKsw4iVWwNUEdboHCHS4yeatbMSHHJY+ZTp1 + 6lJUSVfaT5a0dnQul47LUCXJJ+E/pUl8G9ZA + O9XztxGh+4ixHpPDyro8QTkj8FQU/V5dZGFr + 56NwBTHGJTI5RgAtIPmPJaeuW6OCfQscGSwE + cfatGz+qCc7aK6ePVsFeT5yOD7+yutfmSgzr + gpRn+NJLR76NBTf3rzIIisICXens1A2GtKUZ + AuWmSRrp+wNBTpvKljRyyCZMd0rjTUCf7ZfM + QiEMFBTXUEDZskHWx2fjVi3BtRtIUHXONrNX + SAFQKqWDIQbegyQPhC9UWfqHaySU6Y7fj4C1 + u2e1kRAnAbeB3pmRhg== ) + 300 RRSIG NSEC 8 2 300 ( + 20181212121212 20161010101010 48381 example.sec. + VW+L1LdmUkZTXASOdkCS6536gjj2cy0aVYk2 + nMAJG409aub4yKuwEnZWQZ9w95+RClowHZAA + yjTW1vkANKbc/UYsIf3zZw5t6wcVDy31q/rm + 7juWmR7vQOmLYlsQfKjki5qBf6OuFwr/h5G0 + SNwcJjnAE0puBYzhhpTrcU9YIzkgxJFdnZii + 150z9V8EYr57R1HYRoSnVHx80KieBUilWT9V + EUkKAqrlKg0fXTYRlLmltWDt5BC8sg1MmbMJ + OwpNalmX761h7anEuIvWFSTtGHDDrwa5DDFq + fEfV4c1WeqtfIe+wLyqPHrN7X2X0jcZYWOjx + eyKHIEi3aUNDdzTVVA== ) + 300 RRSIG NSEC 10 2 300 ( + 20181212121212 20161010101010 1862 example.sec. + Hd8cbN+6kNpmQCAtjTIZC+hv8nqe7uh7bz8/ + BczipNlRYc5TQ8pdK0acwWTHZxNjmC9RlKzA + PTDGWmQHx2JmDSJ9aZxaA+xMfPZF5jc/Rn4G + 0Escxw4wCtITQn12adpm2EVJGp2uSQLm+W12 + o9ekxuVrJhKHpjqcYBNdcgDy7xD1pKVCJtKE + cTeTAfTb+scRdpFJhjs12DhUdwaAcHAKxnbf + EeW4yshT/UdvjD86Vb2BBySrLVtHqt2szk6o + 2ed/gMMvcFaaBQ7dVxv5dQcGqb3XjYV5RZ/t + RAqCGyo27eBkWdLVzu5WR2JIpgusUwULkNFl + vP/trHJpqbLnRUayVw== ) 300 DNSKEY 256 3 5 ( AwEAAbqjCxtmin71unORku1IrrQx2S49KTmw 45jnlNdreCH40YmhDZo26CMiVXbq29rvUDW+ ZEJqVT5fd5GrA1wEEGbrudd2LDr5AedBK7fY TsZf/LEm32/Bu//KzynrJqyB4HSN3GIPbp3K YyY/Hl7HawOvWAd+tUHgUtes4trE/4pr - ) ; key id = 516 + ) ; ZSK; alg = RSASHA1 ; key id = 516 300 DNSKEY 256 3 5 ( AwEAAeluubFtl7Qtw4TpuZl85abGI+HXO4ag qzv1kSLQ5tkYFGdpZyZwQcBU2znMrdw03o6d @@ -249,7 +333,7 @@ example.sec. 300 IN SOA ns1.example.sec t8er3cZ1y62yOSbPK0SlouSRplbz+ezNyqD3 c5zvz6F2AcZ4NqaTZOMWZbOowujQj3FxElaZ S+/ughQZKq3OtMN8bqc0tZ0= - ) ; key id = 44427 + ) ; ZSK; alg = RSASHA1 ; key id = 44427 300 DNSKEY 256 3 8 ( AwEAAdZOvnLtTdQjfdIqqH3stb7vI6bJlg27 3Tp4oRpnmnmgizDFtLQhnIv1Mr3AuwSWVIDe @@ -261,7 +345,7 @@ example.sec. 300 IN SOA ns1.example.sec PcVDp1d7vBXsAEYGHr54r2vb3eXdOTmoFyh/ byehUlPq1gDEH0mBRlWbUHqbGnKyolz0dR01 u8SJYP6ULwx0mZ0p5BmoMH8= - ) ; key id = 48381 + ) ; ZSK; alg = RSASHA256 ; key id = 48381 300 DNSKEY 256 3 10 ( AwEAAcZdPacjnWNuQKCF8CPmUW1/NUxI/G7x dbwrU9lOuAD3sw14rLw2NTzpbC/bubt2aHQ0 @@ -273,504 +357,824 @@ example.sec. 300 IN SOA ns1.example.sec knECGC8L/9o/R1zfSzSN+ay+dI45t+jOOLgW p5gmjsI/mXhoO6GqX8rbZoV7/DQyAR5rATJH W1eausJhOgE2wBJgl6V0XbM= - ) ; key id = 1862 - 300 RRSIG DNSKEY 5 2 300 20141212121212 ( - 20121010101010 516 example.sec. - RK/yubKLU0d+bs9z+qzPSNA+mSn+7Q7zDff+ - uAzcd4tD0QvVO8jIQaVAxVWOfenQ0tovTzXH - 39VuRH52UW0i4a9ylxlq1HFv96f9wsV6wGEb - sNGGMebDESHUkfMLIiZzAx7hmjX+YjlrYLEY - chOaBsoYc4pEtmWLHSL3Qc7TCxU= ) - 300 RRSIG DNSKEY 5 2 300 20141212121212 ( - 20121010101010 44427 example.sec. - DM9TZSWvwPIKkg2oB7NDRqpDMYGvl3sX3/BZ - 2MALATpbDPQqJt+4b2837rjXPR7hP6cGTl0l - kjRc/wSqG8scYqQzhcUJ/j76jtFVwwggPycD - u0pgzl9h8lvR7pFAEKlQHUz+MXtVs51eq3GQ - NgqFVd2Nze717phEJJF0Vpw05jsZzqokl8Ep - /Dps27AslVY9vyg8ZNfJ3rgCl/zSsAcuBVfv - 22+t0Y/crI76AxhqHIgxjyoQ3Bd2pXKU/1Dn - PI9Igw+1TzeKXoGQEHkN3ij+J8dL62EUgR27 - RIFl3X4U2snEaznDXZdGd5x0Q1uv6V6+g1T+ - rx3gnmitBrDbrhnV4g== ) - 300 RRSIG DNSKEY 8 2 300 20141212121212 ( - 20121010101010 48381 example.sec. - lepL7TovQDjJN5c2g9jMnrOUqljp6qrVjmeG - nSTWiTbxItUMzx6nWx+I44u8j9bpUYcPnx9T - HZBjOtGTqzDx6eepB0mWoUbqkUsj2dk9r/F5 - uSx/I75XeT7vma52K3TLTua5AsYwaXYFOoX0 - rXWRS5rlCY4FeK5TZUgfjvLYQAFrvonRtVcW - Tk/BdmDkKgvWm2FbJmCBEhQj5q6V8dIXnGPn - d/7mRQ0OmnQtqKIMzWhdD9Lpkfda9B6vzmln - tvOAUcHMgG9PGrEDAW/pp42douc2u0nDdpaA - 0UkIFm60cDmMuDM8TOXZJQ2l6uLQGNiAWrsi - z3e/fFbUIkccz2LxVg== ) + ) ; ZSK; alg = RSASHA512 ; key id = 1862 + 300 RRSIG DNSKEY 5 2 300 ( + 20181212121212 20161010101010 516 example.sec. + P4ilLbwbloDRSZMw3dHOXE2Zg/dNB6VmDPRN + 8jppzAKtKWHnZ83fsPeF35PvK2paDN2kFib5 + R+tcXaLVi5h97QacHoPhoqEujX9KdHkLG9yg + vuJJvTgMDaKyzZPMTYUifKlzIGD4y4ChixO/ + d6HUDFMrh7/5/8kpVRxndGotgSI= ) + 300 RRSIG DNSKEY 5 2 300 ( + 20181212121212 20161010101010 44427 example.sec. + YxpolCqYSlVhnOl82FFEdaGDj9KEkfl3+x0z + gHhGZ8Sbaa3MTFE6C2tsYJF3f+wsvKE/q6mH + WrGalB7BAaDFOmwRmjfV0DNA0MpN5h42yHJE + 5y9GXJt+5V1VXj1LdXKLLWAkNPitnrpNoB0U + Ysk4X5tvcq1KrHrRH5FG6qhxaqs2TY5EFhJf + HFPnLfSSOoWEADIhwoTCDtQ1EimNA/PXp45f + Wh3Sb1TZZnJEXpvO55ZIMkeThZje5eQbhd5E + LBol46Olx9qnCenBMuQV4JNt8u5Q+/Kznwll + DVTeiRYfPEUYcEMtZrkTu5zbk19lgonPFI1h + dBUv5/WqV80cQCq9Kg== ) + 300 RRSIG DNSKEY 8 2 300 ( + 20181212121212 20161010101010 48381 example.sec. + 1TfsvBo16W3Lu9h07C0n1KmRu+tOiwzQYccB + hTUWq34DeYLM3gZ1GLRzh4agva7bo9XeNZ+2 + F5MoHgZE+DZbGxAVWbPcL1Eg6KB251PtEqFA + 4z/Dm8VOLRWohucVwAEQOOLqDoV6pPCTYSRF + TRwuUcvwENzfHRNWIergssL1CzybyCmbHZiL + x1NI5yZrkioHDFxO8XELJIOqJmBkXiCgEQoH + TuBOl43ulF7vu/ZCvHKHTVdNRKacxd2+YXno + tlGxXp/9GdJiLqwfNqXb2eYCi9RPwIt59ggW + 2v45h/QaiM3QwHo0b92jUusZEtszxTO2AQgy + Eq7CncYxzcU6oavH8w== ) + 300 RRSIG DNSKEY 10 2 300 ( + 20181212121212 20161010101010 1862 example.sec. + GJ3J1Iro3+XVgVa6by2QMOOkgrIKK2yaGM/M + a48WDa4kfP5GU9ukoScgNTgp4rSB9hcJ1KfN + eL+HUCA3/Dk0KrfjlN3TTWcxmB09jchuGQLE + mdaas4WLf4PW9kMZaqP3KAddzd/B2cFAkK3+ + pVcCinD27AuhjiMmhHa98cNfNowFao9dWp4d + GEO9m8y8lsQtinaGSk6TL6r1C8LQe2DOtNX+ + vufx3dH/MO7B5iqqENGHNuJFJIhAi1h8Gq3v + d4x81B+HwNWDSWYYSFrBYxsKR2EM4v0amywA + njeJPrvl/9GH/Pl2tNbyQBbwa/o3g/U+0TCt + rThbMAyzhhZ9zLHcmw== ) + 300 CDS 50458 12 3 ( + 2E40B2A6CCD2760EC70AF69D1C144064C893 + 1E53A6B3EEE78BDB9E0BAFBB9C02 ) + 300 RRSIG CDS 5 2 300 ( + 20181212121212 20161010101010 516 example.sec. + e+fYaOwAOKNB89dJKd8eKB3wB8zvnzerm6fU + zIoeMj3xBnNxsadFJY3IwSjFsA2LhN8G8Nfo + EUYyFA/D25gT/FPLjfFxv2227bpEV/sxfMs3 + ax6jNEHyuXSxoSQ0XNu2msJc5cdweJHbjcn5 + SaeNQCqYIv3K5IOyXrbYBMcD5OI= ) + 300 RRSIG CDS 5 2 300 ( + 20181212121212 20161010101010 44427 example.sec. + Y8Z8cMmZhnW6vLI6aylycsAfrhS4PT9SOvD8 + jeNjLdL0EDgQE7+KXnpzVgbEh/NLte4ewmUf + UbHsJxUgpmr0+ak5cgSqeII56a4hEHYoseC8 + RI/gtcy7BQFwtKZs9c9SjQsCN7j8+gbJASfa + PIEaWuciKu2wsJkq6/oOFhB0Gu3232Ty4U0f + 4/oeddmd+t9p4sFr1jhWEKajJN+951Ux6cDi + IbiCrFhBORncjuXu4fEpgt5wRozrlKWbKqzS + ipV7G6jdhgcMv5ejDT2JrcdRcwtvSRWXoNl6 + VzbQVw4bwqpEyV9hErN+XhcYEC/vCoSpDfmY + K4nkkXXs1XGJl+/Czg== ) + 300 RRSIG CDS 8 2 300 ( + 20181212121212 20161010101010 48381 example.sec. + dlGP8OjPHifuzuJ+VSlO4XSRaG/ZJZTV0sYs + uLm7G7bLGn+WPQRJWfQcggo5KBgN23/SoMfR + 2xA4+3l5e1RxAss/tCHosnh/EeVyTcUuTzxB + 3/h/pwu5x9MtnlJ3Ybuzpp3fFd251f6o9jxT + K1GXZ5sT9E45bV22Mss4xppLrNY++e6cYBwx + weUA/abG5emxO7N+Y0mV61IkoJnPtORbove7 + HxW0EY0fIe0zQviUi9sgxR3aj/+S1ZkAlonW + dhWAP4jEGYRP1PIwO0HiAadRdpx1wf9ns3le + PRcxl/jVvwVsJc46hgVGiMdasFVuqD2Lot1o + proWTh/W00CH5mhBiA== ) + 300 RRSIG CDS 10 2 300 ( + 20181212121212 20161010101010 1862 example.sec. + EhHaPji1zb/BBgFoCHHFKQgLzF+i6ErJYXh6 + cw2QLRIEHirWgQ/MmOvAxGti9on56Pwtn1oO + D27t84B525KLRj3TJ7CVtlMR6YcJX23pfIrO + 9TZV4DPHFKf4lFmHjEy9S3QtEaKJDg+zxpnU + 0np89RRFeEXY/2xeDyt1AmyAyEuy/bdZPK3S + IQrG8EdG18PAfx+fNlF9DxHgY8gmaeUc7b8S + i6WCaOap+W+RFfazMm0NeppxCztBBh3gZsuH + nqTCLlF8wxayKgJZgP+i440FwhtnbEZR92IE + UVGOiDgb7g6FsgBmquGzXmCpG1gycBK72uLZ + 4QrJt3IR6XYZ7Elclg== ) + 300 CDNSKEY 256 3 8 ( + AwEAAdZOvnLtTdQjfdIqqH3stb7vI6bJlg27 + 3Tp4oRpnmnmgizDFtLQhnIv1Mr3AuwSWVIDe + avuiyWIAtfvwy0f3EYIv8Ys5kDiKs8PE1k90 + yQwfC53hxyH10GzGnAx4Sutrdkh1w4HM1nMB + dlTMa0g9yxjJ0vm/T7qHzj+3dTUi84s8Du2m + fMD6noy+leZ2IuX7lFca8SzDNmhUPTkXuFrB + /QUuoY2FyThfidT+nhOQpzftVtLcta0E0Uv3 + PcVDp1d7vBXsAEYGHr54r2vb3eXdOTmoFyh/ + byehUlPq1gDEH0mBRlWbUHqbGnKyolz0dR01 + u8SJYP6ULwx0mZ0p5BmoMH8= + ) ; ZSK; alg = RSASHA256 ; key id = 48381 + 300 RRSIG CDNSKEY 5 2 300 ( + 20181212121212 20161010101010 516 example.sec. + Q/H66+MGtrftHL5uJrHk72G52YySeOsR55YF + iO6h9obTrFOHGAmfSQbpl9c6BtXYD4Q0ka4u + xN69mHKv3qpfx75lT8X4eAw8dEB7LMSHXSUG + VTpoILN/l/o25RZHD0SNTre7l38Y51ldNyyR + 0Ow/hPH3bflqakBZBHxhItz1chk= ) + 300 RRSIG CDNSKEY 5 2 300 ( + 20181212121212 20161010101010 44427 example.sec. + aM0wQ2jtoBT4iGTjH2jrhCQ7uND715dnybkj + GHkoVu5iq/MUOB+j5u9RlbhWnZhzD2QjG9wm + wKJiXeAkcMfP0GhxGiZleIQw5JbAAluiMKh3 + aefZ62GRt8cgx7UoF/G1QDhxLfNxtgWCNUo/ + d0vqcBfTDlmNKfHfmoRj4nIvYC2HSo0jwGwe + eXF0ROzqyVuRjqiSMixqp0HrMf0pzCMu2eSR + zpL4gRu2ja70oDWpWbkO9JwqppVmcCLKT4kB + bYZoJ4GUuryi5EyrsaL+v53wtd+/Y9Skxv/w + qjAz46S4OCGlz+Nueep13x1azQ2VXj9ztAit + AAik5G5DcQuxAAjYhg== ) + 300 RRSIG CDNSKEY 8 2 300 ( + 20181212121212 20161010101010 48381 example.sec. + zqO8HvhNJnQMcmfdq+2Xj9eR60eWLVaPn018 + ViP7SXl/EILd/T23u9gd6/mI3cL/tYUQMAlC + 6IGnVwtC/pe0Hirotkuq/qaTYtRtDw+d5cwJ + pnshJKtVbgpPUNsu9K9KyXxld3kkQGhh06XR + Pp3WEoJoXfJOsRSzVCarGXrE0UVU3ekpQf4D + ofLndCuqDbMzlgPli3xPXhDP9M85fqFdkLel + FNyDU25OlznZCbylUszJ9Aziijp+D5+FPV2t + Avkj7TngL6y8Ux88FjK8RYy3YqVrKV0G9Izw + f07LCR43sLGwUTzcsgLkq+F0MtC6VIbjWLAc + bgZrlpLaDd+c9D/7SA== ) + 300 RRSIG CDNSKEY 10 2 300 ( + 20181212121212 20161010101010 1862 example.sec. + awyvSG3Fgti6GD/VOBhWKU7ULLz8YTLimth/ + 0w41WpGMwnNYI0Zd4d8cqzjubtFUmxQS9JMU + ICxmZohryh7zJYDUHv0lJTKO7ZoACqfwz6Mv + /xw0lMvHIdxtx77SbxwOXeLOXehqH7fDo5fL + g0fWLZ7AcK/98a92sd/6YOqxnwQxpmg/17A6 + MZwNwC4e5os11OGrEkurBV3TJAbg/HeYYacH + N2K2dx9ldGeHzuK1js9zrMATaCzUkW66fRLY + lZVlVCAgezGCk8hz9+fDxSC29z0Q8qArpwH2 + q8PVlkoL9tisnony2JXBRkoAcZRVVC5gk4xe + gxlNWk3j+HCBifW3Xg== ) 300 SPF "v=spf1 a:mail.example.sec -all" - 300 RRSIG SPF 5 2 300 20141212121212 ( - 20121010101010 516 example.sec. - RWs0sDBYmiqAGzP2gfRP0p6BzzPh2XqDpCHZ - LsDaCmlZI+XIdJy/dV9jGNwJ7+YWLNA/gIIG - NcIj8HElceCzlv14z84hL+8gkvOU90RX/bH0 - wIXMQDqo68JwQ+A65V498Hf5ouzKbRitAFu9 - zEGiW3TXhWUilqfjFm3H+qoeS/M= ) - 300 RRSIG SPF 5 2 300 20141212121212 ( - 20121010101010 44427 example.sec. - cpiGOZZZsTeROsxC22DEBjuCFs+GZOXwY6Wh - le/jrshFrjjANERcA2TrQRFXS+GCxkXb7dI+ - ZxnmaSx4uh8PHcJSn3cIJt0rZgPPGX12S0qI - vj3iKPG73VHhBXiXC8tq5+mEi3/2u9+HJLCk - Lfc3fFJUamhtsElaLsGX76qgnr2brb5bf9D5 - avjPRA1mPQdxCb6Sh8iC28bfXQBWdLolNDNO - EefhmVLU6H399dMD57mXzuBKWRrC6L+i5vIr - KfNKRqodm8AVJybAZImBONQybIkpjMKWNC5z - MoNqfYxskZS/W3N1jHAXFush9+MltyevFvxm - VWQ14I31At06oQfong== ) - 300 RRSIG SPF 8 2 300 20141212121212 ( - 20121010101010 48381 example.sec. - GILnbrIqzGeuNVHG0GigYP/SKkPvW55L2QYo - /Jmd7/DauvShmxW3KWZu1QD2ibJi7evbpysL - 4ktJ67dzhfTpWHFsKBPrMTG965iqcckIfWMk - 5LPs6hqjvCyTS1qWcCxu7vYsNyp8Dyb1wWgO - 5Y4zR0X5MYFVaDOZ3m/td3SFVKTgawkOtiWh - 24paSPl+lzbknBaLtaG6TYFS4MTsdlwpApw2 - V6s2zSaoKIXQbethxFAqWNUOmxp/Gcyusff/ - UKi5NM6DAsrWfuLRkmGD09bWbtf0aPIzTVZT - CaQ3Ys71cUBnJbb73qUCO3c9MGxIpJ9SU0wu - UIBe5nLshMGnv4voEg== ) + 300 RRSIG SPF 5 2 300 ( + 20181212121212 20161010101010 516 example.sec. + J1CgUN17y4TVrVx2Px5NBViQnRwZZ1rif58h + xAWraY5kbgB7yw+zocCb1QnCbGTgCelQIh8T + buel4rpUeMBz98B/ddmYyuzORK6IAB5fLmlF + oNZhHWG48ugKZye7C8ufjmlskIQeRvNl5kd2 + fq7t/paVl/zEZ0h0r4uJ8iG6u+4= ) + 300 RRSIG SPF 5 2 300 ( + 20181212121212 20161010101010 44427 example.sec. + QPQCtQuiqPtrebdPeC8ESc9TBfF3zl0rjhFr + wlNdlK8r2Fp4L6X7idnbctf8XXDidxNxmGDT + /S7B+h8j3mg5oFcGzy3oH7jMp64D6xQnGeLB + l4yKn/+ivG/wp2XqZXMTdp0+GJ7wQ20GzGZQ + dvhBZd8hbOXLxQhkNBXbxBY08M6I94FJxH+k + kGlVUaRQ9GM0qxJ4nCNfyyv/NqtRW3W+m+Pg + Fe0xLO5I+imEsv0CIFqB+tqHbtVLUp7dKccE + xqSIIF4ygsyZoFdHaw4GWELh1T2IwDL+Nh1r + jwAxojherHL6mcWELjYndTVGiZKrbhLthkYM + qG7o6+f7IUf5jmzNBg== ) + 300 RRSIG SPF 8 2 300 ( + 20181212121212 20161010101010 48381 example.sec. + v53uhdO0bwgxTAhCJjZ42bUwqB2P9vwoU0m5 + 6Sj7FsK66ulyw2+vCXJsHcMM2KuuWViag/Wk + NfYqWObu0K2yZXgrhPtQ+VYKeiB1WHlI4mtR + oFSIlUM3VVwJeUkzeRRyRJkOM+oV59ZIRnVn + lQ5skC2Oy9n7xK/XjmxvSady7f1eyB+L9iFU + ZMVHTo11KNT5B4T4tb/S5fb6sw1Vcmwyo0FN + sCOc2LGwFRcIsqzPWn//HrT1SQSdC9k0wx1D + KAg2s4cYl9BVcVtAx++Aj6+ym5dEEmUCyM7Q + BSptcl/7fM7cIZv4WcZbbrKuPRQJtIUWHk9l + wPvhWuJoLblxN7sqdA== ) + 300 RRSIG SPF 10 2 300 ( + 20181212121212 20161010101010 1862 example.sec. + gRIEs+4ZWNO30DTdZecDsPO95HLIaWdqiqhU + moVflYcA80XkyETHzrPHp5VM405LSbGn0eSw + ZYD4b4DFpW32JTYKB4f/8VzEPZ+AvXePGp7/ + 3YkBu242xZEXBcaqNtsxXnPcgmFKbPb75hVd + IkY4nEezPgjcxeDY6Ajnnwrhv8/g1yTX59pz + QvCc+IB8V5IOf7jRA6axauQ2CjP0jOBxdJNE + qVF4OKnZfaWAv5amGD4uNBn9kRSH/2UpcXJm + J73in3qfoWfVaSeUBo+U8RKrUA/n3qBjqWXg + ezkT7moL6GrpZh+0OWNtXgL4z3gpmFDZ6Ruz + 7cTpzI7N57Qx1ZALdw== ) + 300 CAA 0 issue "example.sec" + 300 RRSIG CAA 5 2 300 ( + 20181212121212 20161010101010 516 example.sec. + Tg2gLgMkTTPnO9hug8P6TthqlZ6wnTiBq+Uf + 14qlfD5tV2N8MgxSoLtsTxFvTjeGyqUgEAER + /vhVAfPWsIuNSytedrfj2EEqeakpdX+b6De3 + ZK2jrV4qSl0XQB4qw0ysjmM7stASKavOqsOY + Iwf2+42Xcd+YkIbLoqrSDfko30g= ) + 300 RRSIG CAA 5 2 300 ( + 20181212121212 20161010101010 44427 example.sec. + gpg6iv7/pWHCzCF1YBKVzA7ShtvV8vnXNxxd + ojv1wlxkyI5LADHaKjdkzjtQq4CF2UIJkRsx + VY1y4KC4EW1ACUIDvBDMtN6i8wMLhySsdcjJ + kkUoiZc+h5VM664Nezhf1bU+1AT1hx0vC+ol + dXqs1w9EPj9i2iId4Pd9tQ3yiwH7KthYLXap + DVKxtGb5CzgkRfeZfJABdPs3eH8LWHc84sSk + YWD7/T1wjlR6MtAeZcTTrYeq8o1dBtBndqGx + gi8q8eCGdeUNAJ33fUWmcuF50IcCAmCm01lk + pNRxGOXjmEChnCk/diNW1bAo/11EVATR87Tm + LwgrQGG3zYsglEs6bw== ) + 300 RRSIG CAA 8 2 300 ( + 20181212121212 20161010101010 48381 example.sec. + Zdnsv+j/2VJ30qQ7jFzygrzbtiaSbJACPEwD + pojI7+IEGeYWQoUdTRiZjg8Tay4iql+b1dao + +HOlfIxvl/w+Vp4TgonTtydcYICCKZKZdrYB + Hf0GSMJrdaCU5HV/uCTdrww44dXDISYTph4l + KTmdeqIuDDk5ZZ28XaqGdCYJg76YorZxzS3e + 332BzPBKjcWpWhPzbKXYF1070AgXlvNsboGb + JlFdYBNBsMqwsl9PolxURfsEKsnrz99cTAmX + iV2xJGYHZjSY3+t7Uqt4VtD/8faeW0kgkMe/ + Rktevt+UQJGnqif6dDNgJOLFvtOvb/rZWXNi + 6kRM+l0MghRD2t4ldA== ) + 300 RRSIG CAA 10 2 300 ( + 20181212121212 20161010101010 1862 example.sec. + FnjAGBYlAWL7ggOc1aoaCIkF3VC1032MYoVn + 6MRBImO7EUnTn3K1Dx0n8AgIcgvMeg9yZh2q + tojGJa/mtZK4EOdAOhFu5uRxbnKJkLaNeezA + p3opWnDyzjGn7svDJyR3cQOqXK+cboNNhOso + xOvTJ0MHrvewpouObAcI0Mlz3mLeZ2G0vVF4 + 7Bkkd6vIj3yYLAf1Kg1HoDFwvlInz/2ivNhK + xULcE3F8UA3b22eXVZELVhHtXrO+c4svKAcN + 3OF8JxVNlerqnknf8yth9JA6InizyvkYWBHj + RAIdSn+7LzDfK2xHGxNNTZ5U1l0ILujJETx9 + ej96BYwhqb1uKmyV/A== ) a.ns.delegation2.example.sec. 300 IN A 8.8.1.1 +delegation2.example.sec. 300 IN NS a.ns.delegation2.example.sec. + 300 NSEC delegation3.example.sec. NS RRSIG NSEC + 300 RRSIG NSEC 5 3 300 ( + 20181212121212 20161010101010 516 example.sec. + N/dKyieQ9YnNG5ryp9kgvgZ4AfvdPQmNcSaO + FA3qougSU3JVYOQ4bxep5jTEetudM7fhgGwD + I7yRzgmc8oohiHZkG7yDIeC6CG98nuq1mWSw + xX1AtsxfMHsujDeXf6wNuOsspPXyVBlW2t8D + s5urv/DxCx/mG2uUMJCOa1mb8+4= ) + 300 RRSIG NSEC 5 3 300 ( + 20181212121212 20161010101010 44427 example.sec. + XJWlVH5VeNY08IT4AJVGBgTynQtXEfmXrXYx + qjE78snQZCvPeHMi1U200oRQm0Zmd2b5S3JZ + 8LhEl+4kyBuUQC/cldgf6/3s2PT+usLt2yxA + jek+W8y70jKsZDyCE77+o6vP5TNpSl6VyxKe + uvUReVYe/i/0elQ3kj1wZHTjt597j3ZIdpgU + phKgDpMnubf/oT4jvvJrbDqUwjZZVS8Q9ZNl + NLkqbNt3pri/tqt7iQkSeZBN8dZtLk3GrUPT + cEGqeqUPDan6N07uUU+/dkJZaCN4cF4a0foD + axqfzCZwqTw9cIr+1or0AncRm6571VU/CSuh + EejAYmuqnQtGWoLT5w== ) + 300 RRSIG NSEC 8 3 300 ( + 20181212121212 20161010101010 48381 example.sec. + MZN/l5ivOmOOhExQL79guD4yuF1LCMVJZ3PQ + RT7SLcldN2kS/NTb/0k0lHR9/1Yq5G4Vc8Lv + F5A2Gji1K8V+l1ZQ2m/033/ykTcNO1SO+ivH + 5IRStznBsusEGtfRb4FT9Y7mCQJgXyACCFeh + 7meti9nykB8ncGNC78QJtPxp+SF4DpUhmSVT + OVBxS8RsZJt2AB4iW1cRsv4DF6M1UuuJ1oUG + uOVXwkfITlhdLt745l2T8IRZeMrmv7oWS76r + UIJmQDevvc8/nCXVFVdfEwQ5j2aE5BEr0DVf + zhMJ5hGix+XI/s+kW4b04nyABcYnX3ZNdB0k + zg56eg+gdrZiXuMVMQ== ) + 300 RRSIG NSEC 10 3 300 ( + 20181212121212 20161010101010 1862 example.sec. + mgFMIU5xdIzb0jgvbbMeEmWbpLJN6Q3JZ+oG + bfAm4hJHf2kAyKJTRf2HEFfNCFb24JTVNAmm + jhpcVOxXSQgSD3ffrLEUt2k7qSNjXuCigI9E + OvRhoM2fP2F0GqcRVYbTI9Lykf5QrP01w4e1 + wG4Ho3FCF65As12coaPO61Uh0xBTnNf/mHfC + NAc9PMrhh3p9m0/7H61ZN1IYlNhegyIODuXu + fTdp8ajmcku01RQf92W/JacU1dx+1kvqj4dZ + aqykIHIOzqjxoe/m9eiVOHd7cegzT+jwB4Yh + svv70irBU1uZimJ88ES0PI4vfl+ALKMcf+jj + 6Q5apgo7p8DXVUafjA== ) +delegation4.example.sec. 300 IN NS delegation4.example.sec. + 300 AAAA 2001:2010:1::feef + 300 NSEC ghost.example.sec. NS RRSIG NSEC + 300 RRSIG NSEC 5 3 300 ( + 20181212121212 20161010101010 516 example.sec. + bNEy+yaf6tq+ZH3QnqILlmvI4ldeebL2mbqR + z85MyEaz6BTDkarnglIi1X1lBZQcHrdYJ4Zm + IMSqzR2Mk05r4uUOvDSosTExbp9HNB1C0SB/ + BeJ1uQ9HsJHNDAM4F3f+m3tGQZndW9yG+iAi + 5Zs5MJJWvQoFDHcH5GbRjCDogMg= ) + 300 RRSIG NSEC 5 3 300 ( + 20181212121212 20161010101010 44427 example.sec. + pzswCphGA9sNJ0h69aFI6KaTkcNZ51IN1t2q + aIR+EE+vjpcSKCVJPJq/UNWcqy3IUjDogL/H + T1ez18wmjK7MWmelQty2EXm827Z+CJy7Wbnl + OytU5grXG38bVS06wS90YtDLbIww+kfoyJsY + k/CqMg3mNA6HsTlmvD42M4tZIRHOUFQ2bQKd + nuERZcn0drH88OS7XCbiWkVWNmI0p6Ud432H + obKFUJf6U3+B90sPPiCOF3JckzBJ6yJPj18k + 8fLbEP9c9zkvb+SOa/SxxftI3E+BtD84Y6zY + SowCCa3xSNdgVKpasZAttESD9xLvEC2E1muy + GCCB2d1XvqANp2rgLw== ) + 300 RRSIG NSEC 8 3 300 ( + 20181212121212 20161010101010 48381 example.sec. + ZowFOEUjJl8qIdNa2VGuREBPDx2PtBEicdWF + giLk7tJNxOgwyf1waNdHiuGsAaE6M5UVDOA2 + GfOQ/ip0R62WE5uAifSxpiq0MmV8X1+UonIf + bWeNWYwtmq9Y3rAxzHK/3b4P44DxxicQyZSX + lDs2XbfhhGVWAUIFNVYNlA+2eDSEUsKfJ27J + 7s6AfdFdAAvWEGPolHKJ7glnldElabkxhLR3 + 5z0VVuJ+zQg8bWmZ+WkwE1Z0tcvtQzH1fH9K + VvMLjDnOVhFJtd4fuEpQA0pquEsEyUUvVlh1 + SKNk511c07lXNTOZcaVtU7ZTuMmtJdELerW+ + LX6+Owt4Cfi38f6Zfg== ) + 300 RRSIG NSEC 10 3 300 ( + 20181212121212 20161010101010 1862 example.sec. + VxyoGuLjUDV2f2ENKsLnFdoU5Gv7+xs3gkC8 + 6Vf73QLVIwFbVXfwZ/PocbotObAdgIpg9XTv + 0NTeKjwu4/3PdeVeHc/+AhNWpdIfi29Fxl5c + V3Fyl8IUbDOhaBxNStjddyKcuLCtE14t4Jss + SLGFP4oDt6NZlWVXSyOj6Tdhllj6B7ggtFQF + lePkeKkSRYsXQPx778roj08/7k7I3BED7irn + 4D+mG9cDfB1hK0CIPD3ROfh8ER8rBt1mBT3S + FBSmz9F5G9cz4YeWiAMso0zHTOZSt0pAsg6i + YUrh9mxA5uFILjI+4U4l+xi/CbC8mquemg8q + FaXnwHpcxf2yNqL9CQ== ) delegation3.example.sec. 300 IN NS delegation3.example.sec. 300 A 1.2.9.253 300 NSEC delegation4.example.sec. NS RRSIG NSEC - 300 RRSIG NSEC 5 3 300 20141212121212 ( - 20121010101010 516 example.sec. - CD0RsskZkRqESk9FFf6Xs6V05y34ogZVMQxb - xFTmXwGXFJujPot8Y+r524aHtZ/TMT+5jmZC - 272lf5THZa8L6GSmjOXEShEzE/NxK6QPi0A/ - 41hyTDLfTdMeS434vEArzjCte8vFi3Gs1lke - ALxfuXEPFlqShzRH049QIiKVb7E= ) - 300 RRSIG NSEC 5 3 300 20141212121212 ( - 20121010101010 44427 example.sec. - aA3RBcFysyza0jCN2bN4fRv/K+NTvsseUw1p - eM39ciePCxg20JhsGDWIMCqpSz5R3BLPemSg - ll+B8CuHMCQPLWcb3vg1WOTpSPjIZxgt97I8 - VRfGga9FWxyKk9qohvjVIBKOiROE15OKEnVl - 1T5dk2I32BaWKvOxQEbjxYUcnLwPPsostvWQ - L6e7vsDpFPh2boW/x7tc9oADCX770TPVtS7d - 0Tn6eAganiw2SzgDHsRcOv3Y3PvNCuBxxUla - dkOsPk0Aeho6Go50N6Pq5u9P0EXZQuMN9NMp - cuwn3kotN0XoYBX5fIXnsEsZceiyCDntsPdf - sOXRjg+PmWiM5L/nRw== ) - 300 RRSIG NSEC 8 3 300 20141212121212 ( - 20121010101010 48381 example.sec. - bnK6CJhATrnBj+HNVW55je0rBI2Xsvqfhv/C - IFNaesD3eRA5Sq23rZ+kRJuZb7JlndzPKfCt - axjm3m/9GGXf0YVUvMp/vRvxgemllQn9ANyh - d9KTnEK/L9Fn6KgeT+tti4RkIJB3ok2Yllv7 - uYg3IUDKKrDjETppQeoFKuiflHbAnN3s9wta - HgF5Q1/jI204i9Ausup4wBjFYpJTx1J2Z0ak - zg7zjw5H0fgnKXDGcmT+ErWWMsYYsHMUx6CO - qFrqpP1BnRdOBZ43Nt9OTgUQMTJ+fTJwC+pS - Qxa9+P87gbXCGoV7vyCiYcla3oB9bP7Hnztc - 3gxrjI1G4oUg2GdHbQ== ) -delegation2.example.sec. 300 IN NS a.ns.delegation2.example.sec. - 300 NSEC delegation3.example.sec. NS RRSIG NSEC - 300 RRSIG NSEC 5 3 300 20141212121212 ( - 20121010101010 516 example.sec. - fvrYyP2h+pG+7CEEE6CjzruLRi+9yentUTE+ - AOxJs41pEs11Uw7MR1wO+TGPxanzJlJwvJCs - 9xIBZE4PQta2AKqyAML/s1DeK4a392qPUHrQ - 8N7evTS2KoOKH6F7pdXOPv6xOIhm54ufg7tb - QSr2Ngn3jQFH+rqQqAQluTNXjys= ) - 300 RRSIG NSEC 5 3 300 20141212121212 ( - 20121010101010 44427 example.sec. - SUDQwaDyaGV0a554BvxUbJzFjh9Jhp6Xr98B - /pFXzUvJMcW9gvlAZiWh+Uu+h0w5449aFAFU - I3DByimfOIJJG+iPQ8A8I9u5W6goVeeB6WzT - QL24+e8vAjLrLCInHxlxAQGgkkX1hhFMceRW - +pZyxsS2uBt11jCVM8y8qzVkQE+3gU/DODO8 - 8a7zd2gNNNJ5RIdigzvPxvVq69FGfl70nRLZ - kMBnQQ1Ot/E5KysoprCbEeYSVF3wglFxCmcs - QAJQ9Fj9jsTrBO4M3cQFJcB5KjM0BE7+R57c - yxg7ZKMMMgqe/ubt9NvFJXQFQfQjSmB/3yR7 - Zczk4Z8FScb4NQlAPA== ) - 300 RRSIG NSEC 8 3 300 20141212121212 ( - 20121010101010 48381 example.sec. - ItHnrTkwSbhG9tYZQKAC9XCRmKkt4lSWrXjB - fn5Vwm4cf66uVFkj6gHNGapR5w/Vg+snvffp - gzAGUsgkLk6+xxbFcGGoeQ/VwflWsDWTtOau - XsChTTVnOiQ5vTRhUOmDOHXGk/LF60FaBMBG - R8p9kTtFe6sLtstuVvmMw/e7gfJrYMO8IZ1A - Wy4rnBTzf1MMKZBpJJM8CAyDq3dzinjgFkA8 - /cRwH0+7ODBbEo7r492VOLMzbMWXPBJjs0kR - yZeI9lxr1Ah52WIw99mOAWQ6TW/w4RxsP8J2 - Xj34MwPmIMR3Qy8sf+yeHeUD4cS0woHOlpyu - ButVE7zeuDPgS+Bojg== ) + 300 RRSIG NSEC 5 3 300 ( + 20181212121212 20161010101010 516 example.sec. + Sa8w0Gtmmmt/koUXa1jM+pR0blfDb8uQjZ5z + sWR+Qtm9pUeVi6Im7ZsLF0UvThhPB4M7Cssu + e8mZq8djWe24yfoROn/CM3Za+Zt+pN/CBStQ + wecdIEwY0NuUTqDpc8eqMiMfi+FQkMwyxO0X + SXi+6wfLZMPqa6E1Xko1mHO0VUE= ) + 300 RRSIG NSEC 5 3 300 ( + 20181212121212 20161010101010 44427 example.sec. + GxBmASFjw1z882KzO6qRQuClpk9VCSyJIljM + qCqfjKKdGKqLkvcn2DsfsYj3ZbJo5hgJKumR + 1DPrHFbRBmjAWrVZ7kXxTTvhZgqekSldo1wf + cT+ssNVmFTm+VTVY3Cz8msNjbtv5VLiE5RTI + fX370c0+cCK/6svDtnYgw0vj/3bayYxQ5sx/ + R/jE8CumJ2FNuGx+6+/kDO7MZsNHJ1glZqTW + FCS/2wybR/N8ErEihov35j6Z5NIKAZqG3oXJ + g4WjhuHc9fhfZLn3uRVd+USn3SNnjm35UODX + qS+kLeFvQvLiWYuiJQTiqPoYQuup3DpILMxo + vX9mMUHILutOYGYuFg== ) + 300 RRSIG NSEC 8 3 300 ( + 20181212121212 20161010101010 48381 example.sec. + w2KrHdEoyXYzPAg9cqx8vF1hhc4zdjSvEjIs + +sb+ZgrHKPRMrezf6zQKIjfeZ1DyeMN8nKsS + cmzUOuDUKoytvX8Xo9FB2nUqU+Y8RRao36FV + 4PXOqnmsyHdTAQYFAGaDXqYzQvt3Ev+KRa4I + CjGzwVhhuijSskv393NNJVeTKXIR51Etz0DO + kdk8SamYpitDoGSLr7oKX3nw6Fv//+faGdk6 + zQq+tcj4Gu09nrfe4I2RQDcsMXJODv0RwF9y + 64ilGuRZxsN81sM8849uzBUDdNQIxd9Tod+w + Gg8P7AFxWyFhhhfO4lTS/OiLCgG1yYT0L2l/ + pU5AWah3d8VT1PzULQ== ) + 300 RRSIG NSEC 10 3 300 ( + 20181212121212 20161010101010 1862 example.sec. + kMb4PgqThtSZSJUiBRUeSOJl9S4toailINo8 + Fs7wG0yqMzI4jZ3YiI6myWiw36m/y66X8P7d + 9eYomaEbO4/1QpUNDtbuBams4KzWVygStswe + 2AK0VrZV1o7RhaJfQ5PwWc6tYMyepE4NwqUe + 0t1JF/ktw7yXiG9vcy4copaYnqLSnfgotG02 + 3sc8f7YAMthm4/o9lAtYVCWGwd7YIiLz6CHR + kcbfRn61GqNKUOTJU98AEhIqaQ99iIrD9gtA + q2p6eP9YH+jR6GqXjKKo93hrcdev0rWPD+Bp + xHVStzs6Fu0frnAjzPJCNjxD4TZN9dqp6Ffk + CfAF8X41YLSdbVmSHw== ) +mail.example.sec. 300 IN A 2.3.4.5 + 300 RRSIG A 5 3 300 ( + 20181212121212 20161010101010 516 example.sec. + uBuhc3/9thGl1UkMMxLoI2y0Pck5siv2bm9y + 8ZZ+mj5n5CxMtY1dKg1Ie5AnWUklOceXespb + eImHlRcr05gVBSAYkH00hANMWgnoTSWp05G9 + 78/14rMVC9XfuHHYqL9rlqZfRpKTELPYuI4T + YReeJL4DG82WN46CGipmhSFI6rQ= ) + 300 RRSIG A 5 3 300 ( + 20181212121212 20161010101010 44427 example.sec. + vHfCAnnCsulD6AXdpDClBtnNThqRSxwC5Wxf + Pj8toyQqEvGV3I8bh3/jq6yWv+bjTHBLy6qQ + X8Vob50ezCFcdJ6qlwVlVHGjsPSL3wXvaxKs + tG3yClwy/UmI2Ey4UUy8KBRrPvOHhn5f+LAe + yOM7IfPPDDABkDoLXNJpXLIhUrTjhB01jhvn + wcdGmR77QBF5+I9eZsrQC2Dmr4xwOcOWYRwQ + 398LmCuZYh10X/A/IEcTm8SxnUwfAOw0Dg2J + TRnU6Es1ag0nEU2dOvwVVefqm4F4H3ZeEaZD + qZiKvmf8vTWaPF0X0RKwdJVu0sZnQdNFwliN + mhVCgnMLtRLm5f6QEA== ) + 300 RRSIG A 8 3 300 ( + 20181212121212 20161010101010 48381 example.sec. + etcmhIlYcyL/MJWcI1HWKYQRKlQN83SJglUw + tqMEDQYvC9aIl/EnWp9OMlkEytl8dIdpNMIH + +kttjnxmoyY/CFUXXbNKGxc42AZB8NCNeT15 + EI3YE2LNP4kG4dYDi/2K/05eel6U6JkuzByW + 0vC0DCRqvkI13r+igDp73hVta+Ee9JcfrokV + RLO6X0nK4P4a1RxI8OVklVOQ9Vu5fWlxLjd9 + ki8MI9V2kNiVvNVyQFb4IW1d9qjZQgsFQIco + uL6IMWxR9QCQd9cGRxOD9hodqObsm2E2YYPE + /CtMpE6hpAjVm6oSEyby1oHjFH+Mzzv5lfvY + AsBXgVPKeK14Q5P45Q== ) + 300 RRSIG A 10 3 300 ( + 20181212121212 20161010101010 1862 example.sec. + Iixa0xKHw5w70HJ7xYdvFk4iJLyMJ/4puisU + NQZKnEZqzFEND1HdtplcWI7/GW8QWG+D9Lhr + XPCbaPSIT6al1gHmLUpf/nCsI1fL9VY8Wyc1 + ZHhsyItDJHwErbXBFo5tWpqM0WDjeFAwJGI6 + ZjC1VeRX1FWDelXcVPMP8IZgQ4fbGrdC60Kz + Wew2YFEPdiHXmCZ2t6t1lfBdkVKlNqLEWwiD + Yjl0liXKOy3t031LLN9z5PJ+gpWePwFpdlgL + Od2kmXBTOKqB54J71py1NZagoTrEvXGNna+F + MDVkqdOv7ExXbv221atZOF92xIxuzrto7Grp + 3c21bdJDbX10e7+Q0g== ) + 300 NSEC _25._tcp.mail.example.sec. A RRSIG NSEC + 300 RRSIG NSEC 5 3 300 ( + 20181212121212 20161010101010 516 example.sec. + UydDK1ifmnSxlnDhmxEwiku23EYm1B6LEeUs + AOEFtlkFDCBtn8LUir1HwGsOwRNBTPi0ofN1 + VpUdcAF91RQoZdVogjJKKirldqci3CFH+Cop + YV6WTOLLSidi+O+lykt3ejflrrEBwuKUcu0M + UWfVKWQQcEE+1KIS6A8MGLCtxFs= ) + 300 RRSIG NSEC 5 3 300 ( + 20181212121212 20161010101010 44427 example.sec. + UYRGOZZaoYg0FnsImfKW3p7J0CEMIzYBHYpn + PSHvUKIuBVID44uQVNVqJ5KDaO4squ0FgrC4 + PKqMjExEcZAi3e57xuXWciHf0uQT60mvXqMT + LA94SOC9CYF13Qft+XY0TMB0ufI0BWTuBDK0 + qDpYKa9fdviwmLHJnXyrJxYI2kKFE0fOkoaE + vGa6B/fSzSzT4xpk1zrsWbfhWM2X6uY/Wv9d + KKnVw/S41EshBwsUWKLGqRigyn8/XOI+baoZ + We9+JbSu/mbIi5w2TqBndKkFwnb7mKUCDz0Y + SLkCeMywApytF3EgQggb68sDP/vApt0YVuy1 + oJphlerS+RsWUUSHXQ== ) + 300 RRSIG NSEC 8 3 300 ( + 20181212121212 20161010101010 48381 example.sec. + thTuKDb8SXg2IgbU0MKhtlU1109j9UGeo1OW + cJAqAGfNUC9vT0qzYQxmmZiCBDBzsBu95Gtk + 9k2cORB/Hvn/CY8Rso72t0Um3ergBfCcA/Dk + 57XAb+oDYV0sIBnXOvYpNAO1pIhFAgfMnqUB + pKuslPOMyHR+E3lrbGHplPYlDizLqJu89WhC + TVU1yHuCxFKte8G8ViRE8RyScNC8ESAQQ3bR + HA0Ido9+iy//ZnsLeDjnOicKNo22NS906s7+ + DAV1P1BaW2c990zO03dJa3mFAR9p8nbwsGLa + MOtXlTufHBjG7WcMq8sVpQSa4HGP85TAxHzP + SKalXVqikQeiV5P0Ww== ) + 300 RRSIG NSEC 10 3 300 ( + 20181212121212 20161010101010 1862 example.sec. + jGUL3AKnEao3XDQBPr2ZErCmowkDihF1kPB6 + SZfKAI1VisPEFn6kZrucHNAW9842HS3ihvB+ + KbIVa00iy70o0O9CHTeGherk9iNwiBI8YEFd + rkZotXFk+fxpQ0n8G+nkCSaHLSoXvp+i91Qi + /1Zi4hkldcfdblH3mprbZMyFsaxBIPjNma/4 + fzYZ0hVl9RA9mHtU2Ef+/uS7X1B4iu5OrRIv + 8n2WMz4F1KzLzoPglO2oEoprNMqpDfvxhQ9J + d+jEsiyciHPPT1us5hWnPzfQx9POSCUn6ZJz + Mzup6QnKCWT9eTJ39BNgUYPK/0I6vypmlb4M + eOsytBhJVquQqQl0Hw== ) delegation.example.sec. 300 IN NS ns1.example.sec. 300 IN NS ns2.example.sec. 300 DS 60485 5 1 ( 2BB183AF5F22588179A53B0A98631FAD1A29 2118 ) - 300 RRSIG DS 5 3 300 20141212121212 ( - 20121010101010 516 example.sec. - HBXFIbzthhFqFB7YUceWeSHsb3jlbWvhJaqa - xqhh4G58Ktbq/eD/ODKJWpTwDsrwK9neYp1P - En/ZfvmBZe8jS8SmdTAWt0Ov3yMMN/lk3rEQ - vE7xlsCFxk2MvJubUBaTGK8Ixf4mSJBKiew6 - 2lxjroBoK2AV84tScm2mxTS8GMg= ) - 300 RRSIG DS 5 3 300 20141212121212 ( - 20121010101010 44427 example.sec. - zf2WlfNwFRqt888jC5ORYqgHeMp0TLkO0bWP - tPcw/hgyCF+JdqIXuEDyubiqGZD7QQM0xEoO - jLprcOG8ZdTMjhW5JXBoyOY4B5MfD1Ucy8Of - 4onnUcP4Pfm91xuXr2Rb3RbTDyfqCyJ1fNsA - nAh7nOChJmxHJYz9oH0AfQvvClUWd16inwgn - XIOdQxDmKkEtdU2u42FwAk6pSiOzR6zbJ1yo - lXWeINVxL8TxWjVfq2XIzwXFEkWMftDQjTwH - /LX2aueermN2xa5uqOqDVhsLG3PHR3sQMFTL - heIY3Vietpxu0LMZgiL2IaNTLWEW+mhCvtmq - aaxKq7kSKxjg+VU9pA== ) - 300 RRSIG DS 8 3 300 20141212121212 ( - 20121010101010 48381 example.sec. - RLaaahYnGiGwt0y3MapNhZ1wrmaK4pxp4fMx - LgK60SNOGymW6JfnoLIEDLIYG3m8mLVhdEvA - nt/5739u2Nu5HN3LQLNeeF4Kcd795Ns+Lggz - bte1nVdvj79L4xd+5woTs4FgD+gO0iV/i93n - Qy0MlnkNDN1js7VU1ONSb6GZu2ggVO6lY6hl - +HeOX+9xIdD7lsJj2UDZWKV0SLLT5kBDxLvs - I9ZA/u9tce30uEEpmZIopF0UABHzqZqm4vNs - Qcr3jP85Kuw25E47Bpgg9RIirITAooac4jjs - qVh/ydgLMzoklcPB3tISSIh0x1iKvnWVevMm - aloA6DajwqBSlcA7nA== ) + 300 RRSIG DS 5 3 300 ( + 20181212121212 20161010101010 516 example.sec. + FFR1I0RCKnQAiZjnbYSa0IChopcJV6xwrejk + g2yhwUF55yLgmICr0qC8OyfcctHIzTl6At9Q + s6u6wG7mDqCxvD4wv90DbJb4VheGO2rHC3Ie + Ie5M6TKqHbcOxGKxPpJSFBiX+hnOwAjcOaez + +fT+MPZavgQWjfYgIORMjw4JULo= ) + 300 RRSIG DS 5 3 300 ( + 20181212121212 20161010101010 44427 example.sec. + qGi/8U4Z1lYF54aGwcxLdgZ7vm+14atpACBN + XGF1qFQjL1W4d/Vw/19KaPuXsjHJPOmK0Zce + 4qS1hosa5wPnJOJBUmUOkRW2tVojpnmkKaSS + jbjcQiTlKHcUNPMJrNVrwJHtOMyZjCwzdzFs + mnzLa7yW+CNoP6mHd25bErC4iZ6MDi7j6Q3Z + +MUi63BbUUNxL6tuCl62m+pr+0ShsCvwd0IN + l5+OI8VexQOydES2o8NxoRwR2yE7a0MELM6K + AurhtViy95nQ0kOYJ/0sJkTrVsbZ/RHnnlzK + czn/6D156tN9pL5O5YYwPWDQRC0Mq4DJMi0j + POol+ZTFys1OfnVfrA== ) + 300 RRSIG DS 8 3 300 ( + 20181212121212 20161010101010 48381 example.sec. + 0JohpJrNEFwcDbffWpOAU/L6O3e4zO0aK9aK + P5X8BQMj0NHvQGZXE5PMvB2pZLTyi5zq9udg + /4Vv10Qbn2AMV9NpIyj30nhsIZrG2ruDjaX6 + I6xW+Yp+LeS6ddDekBCFtvgvxP15H3T1kAmc + kpfHjCfTnKnoxgOBqaNjYe1YPwo7jXJ+qOVs + SZdEglCSJeVTMsj0W/YQdJmwOI+gbWNA78jn + TMAgWMbbsG2k7B2VDhYLwJQgZbm9vIhtfJLW + JxdEbMCgVB3d5O47Su2nPTXOv1a2QX91ahRn + BFxhhCn9/9SHGxe/OuK+XwzxefjfMyhBWI+3 + OecSui9MhQtAhwIaHg== ) + 300 RRSIG DS 10 3 300 ( + 20181212121212 20161010101010 1862 example.sec. + YkXhW2eX/F2Y2G4/eH2vJ4PEN24vLCFmbHho + RR048doWiquWN1qmVsvtrVxOs+akCqItazVO + KyoVAGc5Nc2OM57Rz+4kH2V0crWCrIRZb88I + +5/e0RFGe3+CDnhIl1V8U9JqlmFq2QYknjbP + gu6QcwUwJbxff2mFWO9RSmm2/ARFMfjMfk0j + VVA1o3/e9R18njNijmnDVtVd3fp1aUQCr4R0 + C7VbsG7+pEicPaY4B6AjWp19WZQLU56JyTyj + E52NU67U3QcED0gQhj3Bz2nivJDKnq2XelzH + 0/EC8vV9BdqDBLjMhnXq+Q9jREKBWSNjaPCc + ieTw0KM+YQIAtMjfag== ) 300 NSEC delegation2.example.sec. NS DS RRSIG NSEC - 300 RRSIG NSEC 5 3 300 20141212121212 ( - 20121010101010 516 example.sec. - syy7tcQTts42hPpDms1kF92e/4duPtn5wuuS - CXMw+C7aIIMEm2EJ5BHtjLfQ5Qh5QRieCgJC - S6aT6hr9DXCfmXa1x+Ing97VBoYll1GxNDup - xiRR4nXam9d8T9UM7I82L6pV4qF3NSVDGiVN - VqW1wTPWEwRtGrrRBOdUvn2KyXI= ) - 300 RRSIG NSEC 5 3 300 20141212121212 ( - 20121010101010 44427 example.sec. - EK6oHG96GEBKuirll3p35bCKrDylDYOj65gc - 9G4AwWaayurXBAu4iHZhA3ZjBZXixobktlJL - vK+B/KshG5zYwVeKDnqYNMuCxJ9+u2Py7u2x - 9uqcQyp5KBF63aPbvS7+Xg6alNsaEKQEwWjc - 7J3ZbvMgG4Q4fVR0LO7CeGcX/tlOc1WpBH1m - txhACsZk+Qmy78hC++X9EVc3CA/AwLoGvdhe - UMpclz6uk/C/ZklNyRH6aRZlJz834wBL1Ziz - EskVYIosekKpA0ZCYl/V258dnetBE7lvQ9Nh - qE5JngQyOQnM/SGPFwDQAfGcXIlOJWzhug43 - EhL6uVCHe05lN072Dg== ) - 300 RRSIG NSEC 8 3 300 20141212121212 ( - 20121010101010 48381 example.sec. - Mq68uAgzCUU9wD1ybPMBlyEFcICEkgLbS2iK - ZlvdlYfN2GQeiBznSdg7y+Ss2eXoNfZd8ouT - 9FIAEbWoKjg9k1B3/HXVtzW/QsdiLFSepgmL - nusgNfgcSIwNbN12g8YMgETNLFnNon8te2Ry - SWuSK6tJ8vKPGT9CA4AaF35qnouvAStYplKh - EaJ//UGoWLvKxFPCmTP+RAyLgqidOvJTAZmf - gLELI+A9SxWI1oB4tKd1Vc2Aq8NbNBx2Z19b - cvOQwBuAuiHRmqiRzHPP6jVBBE+pZ/wI4izT - c+1oSOo49QSpUUQlLIGGjnXgh3IRV229rSiF - 0nPycKu/3BOUo5cxjQ== ) -cert.example.sec. 300 IN CERT URI 0 0 ( - V2Ugc2hhbGwgbmVlZCBhIG51bWJlciBvZiBt - YXRoZW1hdGljYWwgaWRlYXMgYW5kIG5vdGF0 - aW9ucyBjb25jZXJuaW5nIGZ1bmN0aW9ucyBp - biBnZW5lcmFsLg== ) - 300 RRSIG CERT 5 3 300 20141212121212 ( - 20121010101010 516 example.sec. - PdA5ui/NfwgzxQhNBSwqyniuI9QpQedtQqOm - 7waMIAXEi4MWEeZurjJwA9ak6EZYHkR2V77Z - n6YoD1gXUp9iE2iX50VRLjDMawHVUmovD59P - /ArjKvm1msx+dtkgqLAXj4v2If3LLcyzO4s3 - 8mjrp8phLeGPISo17Fen+xUeaJ8= ) - 300 RRSIG CERT 5 3 300 20141212121212 ( - 20121010101010 44427 example.sec. - qFPPehUwkyZhjdJRqXk9ZMJ5ysPmR83af3hF - 91OGr9i2wnC46II2o1sxfgiL5F+jNhOYyUv7 - QnJWJn3+iqIomGnCHqSYy3JoGpG/fkZBSwek - icxxnvyzEN73tf/EOJ5v9akWPOy2PPyd0L8p - xQWJlqF6EZlAuC5a+OAbANZEF94/2YIGsoKg - wXy2cwTZ701ujeMzvivyuuJG/rhrOZUXDexs - FH/UvREmOLuqyKwelfB64BEJBuk+CuASeabt - PE1b86qzs+rU9nm0O2EtUaImRDVJSWXP3x9b - VflYJbj9rnzB/4edkLLNuMtcpLvViHb9FRVV - XU9PQ7/uGgPyPRdnlg== ) - 300 RRSIG CERT 8 3 300 20141212121212 ( - 20121010101010 48381 example.sec. - Rf95qrkQoPedfcRlD7NfdpGeti7JdKouptkP - YtLUrzwhsb4kEvcI0DC+Ua3jhpDhPKCPZfrN - VBBhmeAeAIZdn/MT7wMKtChGA4VtgI61jmir - 2/K2a2/HFqW1PRwWx8NqgFz77C0PbTpOesim - qxsjYCyGJF6HOpKhQ1DBWb1+twt2n3o6lj3d - wYBnveKohQBkK3Hl8LklRFjSkbAU0Qj6309h - OZI4p+WQrZ34+92ZcgcZ9JLYDv2qXcaj4bOq - E5lThX4NLRIjx44fTzrLxW10W7bEXPzgKZAH - vKoRC6GHp6hh/xsGdTCX9GPNf6S0YkVzDsaZ - ZrXvo2sNO9PmPNuBQg== ) - 300 NSEC delegation.example.sec. CERT RRSIG NSEC - 300 RRSIG NSEC 5 3 300 20141212121212 ( - 20121010101010 516 example.sec. - njMBdqH1BnBZyawcmbUHT5WDDroJDBAwc/S7 - YYUAUwoXwrPSRiW2aGYHdAKZCbH1M5wrynoz - L4xfEkZlRD+w8m9bN56ydnY2y34RgoRZUq7V - 2Pk0n/2P5f0wB/34J3KKkxH8ynxv1Jm8IA8g - XY5PuJebRYA8mxXF73/R+NyR25o= ) - 300 RRSIG NSEC 5 3 300 20141212121212 ( - 20121010101010 44427 example.sec. - lOgiQTRHuvOXU2k4XBQ50x693t6Tb5Hz18Lw - tjrlZKsXHb86IbqP7pgD9c7GS2ov2RpQBh1q - AYsmibLelbjFPppFh8EQz42WqjTL1PM7bunF - KQSgd6pea32ewp7RMYfss69A+nsVD8t0HFNP - JyzUkIAjM1knIYXGPeHfPBQu4XpOzVeF9783 - ADEQs1c2oFAA7R+xmuoQh8jX/JDQJuUKEwHa - u84k89GZukCr7pLssqLybZmAYvsH6ajR/NrA - Gv4pjGZWz4wy2s5h1mNMkEFqm/qf5RWqsfKw - kO40Yr2jfKOfTUrmsQjLdvjqBMzgzp+JnAqw - tOzTeEWGtkxb5JVWyg== ) - 300 RRSIG NSEC 8 3 300 20141212121212 ( - 20121010101010 48381 example.sec. - uRSh10E+hDBZH22j8jZqRoLvz/rzQQzcWR8Q - /ayzqu+xizpC08tLr7SGBjqlqkFCvhvGoYkT - X/C46ItvNtx5YDLMuZMeuxOd9RcaTPeVbhfe - TjfQ7Smw3bCEx2PzZvC3urA5Owvi0/JnFvBW - +lWGmDTnHxi632QrfEQ1DoL/dJCBkDUCcYRX - 4lYqzXXO2vdJo0GrghtIor86jBy7C6nVrLb6 - xe+oNfz7aBlXm8JGXTriXKa0LUbX/xu0Rox2 - ETgm1G1e3HwfjXxQ+NCrHLUOxHYeq/GDi9NM - 9r+jXTD1gNvMpMCTidufsGDpYMwuGEhCSXTr - 0q4c+Z8Vv5GyEEb/Gg== ) -alias.example.sec. 300 IN DNAME anotherone.sec. - 300 RRSIG DNAME 5 3 300 20141212121212 ( - 20121010101010 516 example.sec. - hN5znng+AmkGWTmle6Vm+xCIEgGtZHOX7wu1 - L5tQbdQygpRWAL3AEvI2B7zqOURAokvl9Dqp - 2O6JhxtxxH7hTW8wk0ZeL8SAWXGe+Dmw7OYi - lnDuO8DahBZmg3rMQHFo7jlWqRB2BYicSAmh - 78e9JVIwZE1zsdJBpvFjVgYWWPw= ) - 300 RRSIG DNAME 5 3 300 20141212121212 ( - 20121010101010 44427 example.sec. - lQRMT04a7jSKtyoPyhCoa9cEJU0Psria1SqB - fFq4pccSeBTjZcbiXs322ogGc3cmUO/4+YRC - 742YEd9/iAiCILrEZXPpCprgymCIqZ2uJxIK - Vk2QUNDHOaJOjbZ7U4/g9T9K6LlCqBwsUAuG - euur4wDsiuEQPln5T+9hIwjS8Jbhx8jPRs1J - QXe+G8zwg733I0GSU7F+IuNhzgt1N6O/8J5y - OzLPLdUwLs9ty9B2rbyU2zMySQgiWaD+wSnp - bZ5iJLrg192nxIZhaeOZ5Ig4mwk3UdF8baCq - UpxAUddSdSLtd402+F/6dQV38mEeez4FOdv8 - egjnfq59oLOSiQxA8Q== ) - 300 RRSIG DNAME 8 3 300 20141212121212 ( - 20121010101010 48381 example.sec. - nrFN+doVZOaYEk2HLbNCwBEreN2Z+nB86rfE - u5f8Xb99sppDFsSrc5dnsNBsOyzmg3OhjmeN - 5vXZ/dOTlaAD1AJwYPUEXZ+SPaF8nFusHib1 - kVfcbUSMKaGBIaQJmIBQELL0E5u6Vx85PwwP - gfujuUSs29VoDmXkRj2978PVihb7U1mX9fjw - az0ZYmbMDKzlKEYKYEz7PnDIvl1HBmYxSZlx - HLLLeImzszHMJMdzeH7wSmH+INj69bPpNREn - SO1F1AJvFW5vjHtoa692Ggk8kUyYJhRFMNDV - 1JDTQxNeEikvp5glE3ywPKRRVxVDWCXVFgJP - m67Q3r6pfzRQbP9obA== ) - 300 NSEC cert.example.sec. DNAME RRSIG NSEC - 300 RRSIG NSEC 5 3 300 20141212121212 ( - 20121010101010 516 example.sec. - arLwaxZ/s64IufkYQljXb1V49hgVY6aOA/4G - CrFOB4KO/eEaHiinFBuXznKlE9ePiKKtGsbm - ALz4gP/zeUEsYuDYbuFAYixWvhHG4wDMKF3y - V3Hfxeue3PYulOreyPuRriK24sZJDhy7LVN3 - Ps/z1TWJ+HWnMDeprU2qjj223YM= ) - 300 RRSIG NSEC 5 3 300 20141212121212 ( - 20121010101010 44427 example.sec. - ew74MRufBg6jYSbb/cDx3f6kVpPxD7lfzp0G - kPVIsgqaRARFbl4cLQIUCaAhRIIjwR0G56gl - 2EqrjXKWr2hBDIsvhX8Pgdom5j4vGC1TS0wI - 0YMrfuyuviNXnutdyxKqEPhgtnUa327/suTX - Z/aoQoe4Um+EI7AFBpVuHdAYxgYF3qiDCNqO - nzNxQCuW/Tx0NzocmRHxw3sl/MRknbQvKUgi - 1inJQizjxtncLdjNPxn4UoJcb+QUE55letYO - TuIDyaBc9kuPnT4l/1GsnbZuODDAiRI/f565 - h3dw18WeoaDk7sJKdiGZISt9hj99ARrGgpn9 - u1w4JRpoO6rXpgXopQ== ) - 300 RRSIG NSEC 8 3 300 20141212121212 ( - 20121010101010 48381 example.sec. - Xzl+kKu9k2pjKyeg9hz06MD5ItGIt9SkWHf4 - fXcNtSQ+GabNVNtSlCPbaIRycHSLf6/AluJe - SSijB/dEaSSnPogAATefm6NlgF6Tc9NjRM6S - dz0s1sFNP8pnGP89JSA6HTk/13hcAbIhkXUg - aWMUpmTn78+g7LnzGmnCPTsEKr65x0IETfsh - 06/0zjZJXLOmNr270cuj11SHNtEr5Y6qw0v+ - FzSeWn5GySsgShj+q0ZZY7OJmdQFjW3j5ic5 - YpHwaHGq8Fv/VoTiKUjE+Or7cZFW5nFkA2L9 - KYR9z2bXY4uteKxU+VfpIn8+BGtnTBR+LE2k - y8/ie58TOaga3W3yWQ== ) -ghost.example.sec. 300 IN NS ns1.example.sec. - 300 IN NS ns2.example.sec. - 300 DS 50458 12 3 ( - 2E40B2A6CCD2760EC70AF69D1C144064C893 - 1E53A6B3EEE78BDB9E0BAFBB9C02 ) - 300 RRSIG DS 5 3 300 20141212121212 ( - 20121010101010 516 example.sec. - dbS4zOt4yPFQz+tp6SmfVPSgWF1bSkJBVq5b - y13h2bZayms064FdTJmdGNErN29VVnZXiaFe - 1gf7kmSdR2YLYoI2U740DD01NUC+3eH/E3cu - IWmjQKkwhB9Iwe8UaX7jqaG00bxNaTJpb/Cq - +zMy2gjMcG7KvQvuQ6SPzdmCUC8= ) - 300 RRSIG DS 5 3 300 20141212121212 ( - 20121010101010 44427 example.sec. - DsjOIOocYhuHZJWNijzIj02FOxQPXFlaUhPM - u9hBsWEOA2CFyuAdpshG9EQJa4jISUT3Setz - 9RZA5UZAV7/ERHsLdDKAZez+j5v2d/MqwiNA - d6SdhSUWlZqPUMQluM81RfMCzqYbcNE5sw+N - 0MzzBQz2iHdO2+tJ8Tvg+4ek0aaCAIJ+IrRT - f7wiWgiUmiMkWTjjkuFxGtOKotTZp+W64KuW - yEbt0ApmpahDlwSUKruXs76FVZPk9OLRM9zQ - agLs4pVKpwP8OK3KUVUiR16W25JrycEd4TKU - IuDAuodR0SRrXatBj3X/Qm63CT4gjQf3F/Ga - nLDeZKDi7aL+86qPzw== ) - 300 RRSIG DS 8 3 300 20141212121212 ( - 20121010101010 48381 example.sec. - Ske9cNhh15n9cJxkozsENJtlTgnEPDIi/7Hx - Q3nj3UPSx24JTiTHdddQAcFwmnDj2qVuVyoG - sDq4GBdj20soTcP6+cGrQ8ELokXwZoQ8ddGy - uaJnkqh4JBcSXNCv3OoimAj/tVxse9zjpFgl - d9c/C2LF7/4rEtflLybmgLmlFwVVsDUCpQ9X - S+Btx+fgQNvpK6BbeVaDEr57X9ysLBy6UxJM - mXyV6/oDEcK/8enhqTIiExOi40yhx2woQRMy - X4szYS/jwLrS/yUrUrtbpcOHwpW/ISqDFCuC - LWqEfQtPAr6U/H3SXs73++cMAoBuEdbeRUcq - OSZMxNY8m4uZvC2EOg== ) - 300 NSEC jumphost.example.sec. NS DS RRSIG NSEC - 300 RRSIG NSEC 5 3 300 20141212121212 ( - 20121010101010 516 example.sec. - jcw7VqEW7YR70DJAV+oYAKxSHQ9H5vQBLve8 - zcW1dge1L/EQppk5I0zRj7yr8f7pTrm7IhNn - aPv0YbFGRGQJI6w0a/xVr965LyQt/LNyp56g - UwLO07msGUvxr9br2bsYb+lI5esjmUeI38K/ - GkO77+5iWuv4WcSfx3X0KtfKyRU= ) - 300 RRSIG NSEC 5 3 300 20141212121212 ( - 20121010101010 44427 example.sec. - KDx7V+aqRbzoDaY7QB7PTsuH4IrtBimwJsfx - Oth/fSUdmFfPpByVmY+Zln6HzAcCDMAapKEA - D9QV9f8qPssd8uQpAVKylqfSRcYHkZzeGvvA - ho4bmrNPz2wQEz9XFvB0hXJ8YI89a55HYN/s - TzdNmGtK0WVZO/6A6nALCB96r5FMLTEhdn7s - 8iLV1k1DojkWkD44Bojj3Vkq6r6o21h2FVHd - /lOjUQSjEwQvt/1ctI7bJMHnFvMewVCt/oQO - gu7oQijwsyFMGJZl7FDmIQXRLxywHhrTkysH - d05krTNL7A1K6y+GFdw7/Zv2kfqrrVSyRoxH - XF8zxi588nrfOuqcRA== ) - 300 RRSIG NSEC 8 3 300 20141212121212 ( - 20121010101010 48381 example.sec. - Cao7WSRgcLLlQRSTUCB+1AMcfTpkzLAVqs1U - zfz3o6xQHr4Eb6THmF29W4xEx5sYMC+9yLws - sppmbfTRVISRXZe5MoajC8DWBC0lqEbQjMPM - MG2xZ4kinEGPvzM7Xx5TFejV/n3yMRFm7QHp - LBIB3pIfgXWMvpLNINCChUVdwBMXJ8vopULk - rdTJ0ZMtnwO0iMo4W7YmgiWqCD4f8i8+6MWG - 4WUFvsitaogroKkvOJgj5hxEL6OXLyAWNgfX - lxF2jBpK+tLCJb8cTe91slIOkus83rCxVmAP - wjwt57GQrn8REiw2bbfeXc+kZzoPC8ud7Hlz - eOYtpW+EfZQhwqXyoQ== ) -delegation4.example.sec. 300 IN NS delegation4.example.sec. - 300 AAAA 2001:2010:1::feef - 300 NSEC ghost.example.sec. NS RRSIG NSEC - 300 RRSIG NSEC 5 3 300 20141212121212 ( - 20121010101010 516 example.sec. - ck530M3oNpf6MB6IOEKlAG31GUvfMGvrnmvL - mc3gFj4YkH4cr/Mue35C34JsOITZ4eCAr1qm - 90I1ZZFirtznpK+XSoJ2OmpljD7ukp1v4fkr - xcBi4DRVN33O9NvMGo5ByOq83y5Sr5DIZn5B - K1xnLIeGNYNiNabKbvYsL63GNBw= ) - 300 RRSIG NSEC 5 3 300 20141212121212 ( - 20121010101010 44427 example.sec. - KvynUaRjew0Llu0ir/Dae+y39m4n2hiFGEld - U9/ka9ebYwbULECDoZlppm+1VQ7aPfyEtm/1 - MulIQHWplHwjxGw10nk71XTLgeiSUsVYCdDN - qK0dC5mJ/xnkaNgR7Q//e4YSg8Z7aVGojkh5 - ewXCyVzqg+hLSWWe2TSQV5CeakjBkTmew8hS - Ugg0vRepRtZ+VdFa6A3RX3/35Kj5YE1x+QiO - RKpM6oIaeinSpNcJgOKAUIfsm0rMlGqYwun4 - GqDJi+X3rqKmg3ooVNXjq6FqQr8hxtPkO52f - mHQxeGyOczc6odQGMMrlpEEroTmcOLP+r25h - zFicoZjtVpMCk3Im/w== ) - 300 RRSIG NSEC 8 3 300 20141212121212 ( - 20121010101010 48381 example.sec. - u9kemCEEjLcWoyHLMgQiMESYDWJJosTnqbxR - p/0wjbjjtcDCxheIMq1QVzgiM1dlEJhyGgry - en4VD0ap+RAMP2LRTudtoTogAEGb6OuFYOM9 - IBV8tYkq8AXAKKQeQ0HDiveQFC2Af66XJbZu - ioTdNy9uJyPHSVQK1FPwyHrMpDkkMyc2pmJo - T0qUGMHTZCDX/JcRkA/tuKpftpkaZq70/edG - oK9ZRF3ke4YnrW8RiwUp64dSmzAWqth2ht0v - W1BmNAoR/oCdBMmMYzPJxNDjJ1BDaZiNUH49 - I19wMnvrFdYVz6VP5o/TfJ3wLyejKUMAQi0H - AJcNAWb7T6czVkIXIw== ) -sec-10.example.sec. 300 IN IPSECKEY ( 10 1 0 192.168.1.10 ) - 300 RRSIG IPSECKEY 5 3 300 20141212121212 ( - 20121010101010 516 example.sec. - JzUbP5RijuruLZs7gOepWRrnChCfEGad6nPE - np1kuc5cf1z1FpPDntbxYzgLeyc2sY3PDZ/j - 35OWKuE9zNR/M+uqA29ehZMqegYPcJZYIFD7 - bPOpacCiwnoB2OYa4y8FKhWIrrLMtUKoYHRA - yKuAiduwr/7ndJXLsW348vbyKRc= ) - 300 RRSIG IPSECKEY 5 3 300 20141212121212 ( - 20121010101010 44427 example.sec. - LbM/he+aYiOZUenKh0WA64OJaljec26uvxYf - PS+NCp3Oe01KlRTvl1odasz+BO7hs2qo/IzK - YezdKU6xyxnP20yqxmOaeQ52S7QNCQciKZm+ - YcFfmmrYMMylC8ca4RRzH/lhzM37PSOixCk+ - 3vUI0jfH/tnYpX0pWKTiU0cw1+yGqbY6yf6Z - KEdTVyLR/x84XFkvEHumDMPLfYwDk1qkpNhC - MqmSPqeRUHrui3DXUv2uhOn9McudB655IF0Q - gEbAKFRZW8/ey+rp1YByJKJp0jlbewBBwKf4 - LKTRk+1N0V0QYkObd5zkA0JnjYoLqjit7ckV - wi7HwkcgQzBJ3scTBA== ) - 300 RRSIG IPSECKEY 8 3 300 20141212121212 ( - 20121010101010 48381 example.sec. - WMRM2N9um8rfzVrZDZlZpv4KWRf1unIS/99G - WCyG2RjWGwMSEmOQ3BUaMKGIsd/2qyp8iUf/ - NMLxu4L4KnkCbsh0tIujdfh3Y4NhhTLsI/CQ - CbCJ3PBuAqEsQsBMtbQr6gPAVAqIdQRUGVf2 - PTQWOoQ9iQVdHDoVUDrfWQjhvv9f0gov5VPQ - M74urfDVM4IqSm6VInygAG1i8jNsZBHOLjgQ - Xt1e97mkSbs3ZAqKUcIdDSzwem+HYo8dH9fG - BiciNg1uR3gqis9mJ6mgYcWD1dielZ3113gx - qd+s4+ZTVKEk79MP41RupkCjC7/lVT7mtKWM - +3hnz+R7kkZVwuatFw== ) - 300 NSEC sec-11.example.sec. IPSECKEY RRSIG NSEC - 300 RRSIG NSEC 5 3 300 20141212121212 ( - 20121010101010 516 example.sec. - tW2EHpJUeVBFWDDrFkXykskPkxFOY4BQY4K1 - TKJKN7Q0b+Tkdfy7q7aQSfd1oISzZn0w5crz - 0HGaTJzZKx2iMYK9E6HVH/FysCRge/p5lfpo - +Y31X2ldA1al8TtjVCpXqh2hyJvkP5+gD0a5 - BXhB3s/q0FkdEmM23SfGK4XqPwM= ) - 300 RRSIG NSEC 5 3 300 20141212121212 ( - 20121010101010 44427 example.sec. - 0adnfzBJLo+kwjkPR9xFCAyY0J8EFzHgVYbg - bob4jNAZpKEBpCIWivxlTGzN6gb49eWLefgy - CdujmqzRwUCf2fXESYp4R0hLq8gVPbOF087/ - 4cwajOTeDLGVo9OlQA/MF5hrya4DCDNC/wiB - Mp1jFDDd3rPQIhVRW55UUAUcK67SazvxSSGB - Tnca4Y/q7mXOV224n6E/m6n7drmL17A/rr/3 - fJaMH9b9JOSK65k2eqSCbWBaLFt1uYqGJC4M - 0bs+QWc4oXV2985AsZNqShtGnNKgEJzKDZDq - h0zCspnlt1JgxzpQukXwrS9CbAYYlgRD4BvR - 1i1P6OSSAT6XoJfkew== ) - 300 RRSIG NSEC 8 3 300 20141212121212 ( - 20121010101010 48381 example.sec. - aIbGlRGSMBzpR3ZJDGHbbCjVFVUAoVSUjHLH - Tssbx4zGbRQ+V7agcRsRznYgDxgzuhgiWjOA - rYvjnXDXWGFx0HzWjQ+CbHouuF69eWJdHyUe - RFPzZ/dzKLlo4ucrX1awAf+3DcreTuWe0KcA - 33ptJSJGvYILxwOoKpnVk6iymlVpkw1jPQP6 - Q7hAD5A9W8z7hXn5tu4qknqU9BjwekkIqm8V - 1eoIkGqHogWQs86aFMgeNAHvmklBgSwzcLc+ - NHI96eqzfvqkS03MtdKyldUjq9WiCRlLIBbc - 2Ra5fHN4dEEaYIUCu6tMhUwNQSjgev+a3WU7 - DLivnEX79tIEEyS5bQ== ) + 300 RRSIG NSEC 5 3 300 ( + 20181212121212 20161010101010 516 example.sec. + rljjcD5SsIUxIvEB56UoMLkvV61h2C2x46tD + kGH48cphkaCQgZDxYnuYo0FLtMFy+JOnNJZE + AcGII1+mH1NgQ2hvPW07TY0DVChq5sbZ0uAf + 7jYIpKYC5N4xFM/SkzLtrMWAW8caA71teXq+ + /1ChI0L3V1aFLEGyslcw2nSPAPM= ) + 300 RRSIG NSEC 5 3 300 ( + 20181212121212 20161010101010 44427 example.sec. + s8FLFgQBXexonphsXRr+8gW+BY0WKJZx+qHr + 38fC9AC3bK3dD1w0jRVyKTE1Se2vwRu7FYbV + b1xV3HKuHLtCrgW28UYffKnJLHLeIXgeZlJV + 6YufW6iEPJUhl9db6IHnD0rtJCesu+Mcqxjg + uAIgq1YlWOGmJ3edYFyZzy3cfOGROmag6g2g + 4BlQ6kRtpeQujfl44bPmm30v5FZi+kIH9ba6 + RpXOmdbZAJqer3hoBohmD8JABpfT0PqnJSFf + fAlojw3WnNE44yUxhuMalER+BgK0u5bkwLYO + SvkIEawgYFht1BEG9G0xjI3KOzZZFtZloyaR + uiAa1K+46gGjMmPJWg== ) + 300 RRSIG NSEC 8 3 300 ( + 20181212121212 20161010101010 48381 example.sec. + g6N0eggix11si7ZI6TBgO3Pys7fxrsysAQmX + HK2Yw1kMAAsLe2kwW0ZmefNCrkkNNR0Ln/wc + NfMHBEf5iU8ceXfiF1+3xZdH1U46l4YX1gUD + gKL2TQI1A+xG3DHpHLQknhKqtwfPCKQThxsg + X3NYYfct3GLkdgbaMzLaTa1UHAaPvxSrfSzG + /eWSW6jWLU6VsLXOdNCzR6WTwMev8W1p+YG2 + 7dyRyfFfA3S9hBrXFINnzvglCGWBryVXnXAE + VYFI535zkjT+mSMEATERoRb6hm/XNgzy7Y3l + Fj4bIoZFNebYbCD9HmI6GZCuBBVxOSmhrdfC + fOL3mu1i2cK5U7vFgA== ) + 300 RRSIG NSEC 10 3 300 ( + 20181212121212 20161010101010 1862 example.sec. + QqcY0N+DmPDaREk+KMd6ivo2xBcUsTEiPVJB + gy/7Oq9x3Lzo9NvO2YKF+4HxzGk8GnkEVrmh + WU8jFr2R5wfZmDgBCLMitew+jYU7CkI9vYst + sNmsF4x0KZSVMlIF6NymdSZGW/2QkVzxZjmF + Vgh1cthUGkOl/M2EU0TJmt3GU6bZNw/wW8bh + Mjn2dJnR5MQrFHfoXjbQm/SXdcpl5IAiEK6A + m30OxVFijBINNJzfkHLhpNT6Bza8trKBnP1J + 93hDJz/debKkxxruIMH/409nN8hexlG8Zk4G + J9FWOMnSAvyitWAoKB2ykBa4obLyDaAt2NuQ + iUt4du7WLqn5dSUXMw== ) +sec-00.example.sec. 300 IN IPSECKEY ( 10 0 0 . ) + 300 RRSIG IPSECKEY 5 3 300 ( + 20181212121212 20161010101010 516 example.sec. + MluJokV2J5dK5n5hSqbmf5huLI77QYEnZd82 + 8JmiDlILat+xFkgGrZlKMIvpGJVLWCgU98cV + Z8rO13ZK7gr/ifFmocvgocchTrj+lw4J/aXW + b1IHHPkhGeCJy2etKc5H+cln4PEt8h7to7IH + +XSN4TNaQnQiUcTESdTAhuF3syw= ) + 300 RRSIG IPSECKEY 5 3 300 ( + 20181212121212 20161010101010 44427 example.sec. + dr7alfFGSizXT3Vbm+KM8/gD7GNsmxReRIg0 + zH0QrY9+kq9fKthsKrHhO3SkWmEACZzv23mA + qggE9OpNS7mbOTCP2p3lvNtkbFOTunkYWK4h + /EJqgs4J3QACtsU6h5uR5dALFjtODkegEo2v + aQ5dV7XPfLK9UOG5v/NKamI1rBPwvLoAFLxL + hx2QxLYKfsWjdNvK9YV2Bjw2Tvi9mk4M3EZG + bEsvuRVDeT3M6THyt/1vV2yJBPey98dZqiFi + Jzwrsufe8/PKT1fCGJVepkFqAzCPOYo8giTG + t5rG2R+pfiXwKKTBWZUHt0GOR1JDrh33FR8O + bH5mi/m4wh+6+6/lvg== ) + 300 RRSIG IPSECKEY 8 3 300 ( + 20181212121212 20161010101010 48381 example.sec. + BFyy/6BnJVa4IiTFkxiL9XjLHzEsdBp/vBSe + ozTHysTnxfcqe9n0eQ4r1HCofwUgmnDnA+TO + k0ojN3EK4QY0ksooBVAWSQDXGzhQc+rMeave + 92YyEglaNehWsBzM1wz2IXKS/2fLvA62KW4F + 87TBO6Ic6TZpNjNrKR/QRjKGXaxyLJ/9zD6x + xGWUhGIa5gXoaLx13Zh4VXwCsty6TzNsV7EW + elwSCSZmp0XrVz1+99qJ3Z2JjBCuXVA3uW8g + yy1POb3bBskf/k3imiMmKz1FvXv5DjloUAUp + ERYwByiFOOJXKgpiKoWb7RaAk0+etHrN6t5/ + tOHE/G6Qv4ewdwppvQ== ) + 300 RRSIG IPSECKEY 10 3 300 ( + 20181212121212 20161010101010 1862 example.sec. + Cf/VcD01yZOu6S3flMqW9ORT1v8g1NKIPKJ2 + Cat56avdz9g4HM9grub+K2he2svt68He4GVU + x4Yn6JgHKXHIqD847kwFuOgn+gsUckUK2c8V + vIoq2eQd2dwFfk5VAHtWXMEupBEixbBnbr6t + Jn84/FIxabYBm0ItZTFjjPUO/RlmT4+7sqif + AZl8pUit9cy1hR5tJCc8QGjUQi2m1E7tUhm0 + kd3VlbBJYZ7Gm8ky4vgeyQxxp7vbjvD50uCR + 0GS6O1CJUqdsk6xJW4O7vV5zbMEREZ2twHl3 + 9Xq+nD6A6ZDdtUQQ7WrLrjRHLiD98o8v2LN+ + VG4MJFijTZqOIn8Bqg== ) + 300 NSEC sec-01.example.sec. IPSECKEY RRSIG NSEC + 300 RRSIG NSEC 5 3 300 ( + 20181212121212 20161010101010 516 example.sec. + muTWQdST0SXHIiJGTAvdhxFOHTne1ti82RbM + DqXJynyYEgm5NlnmEZn+U+MyPAkjUdsciukW + UGo2640qt78WTL1G7WuIWS3KmRD3WTFo61gm + DdfMOcxBuyvDl84si6E/sMSjsM/GZJ8Z2BFn + hUZB5RlhNbCeC/9O5rP591a84D4= ) + 300 RRSIG NSEC 5 3 300 ( + 20181212121212 20161010101010 44427 example.sec. + W8RduB+y8pfSQ7343Pqa57PgfUqKMAylt13R + tsTvudxywnxclvafjl65sREgHuq5ujwfOn0N + qTKpmCCmeuUdWoeRLnl9agRdh6INv4u/lTXz + y0xcmJeLhaI27IqjYYcsHmhlOy6w0OaL91Gp + V4dTsr58H+jbxY6Z01NujZvaa3dC1ZjDDYMH + DpyIj1RqNN6gMK+Dfcsh23Ok3LGyQgYw7byo + bMmtOi8T6MZ7/kZ8F+iejAr9MiUGKIBQdNVu + m7IpwWGJmkOQ6T1fDHLRuhrpyZx/PDl9kwxL + XD7+sYke4TAlRiDokIreNR7zwLIqKY69JHx/ + GiX2a5hp9PRlYaQmRA== ) + 300 RRSIG NSEC 8 3 300 ( + 20181212121212 20161010101010 48381 example.sec. + YT2sKENrTnNOOGhnRaVcD3YZAGDf04z7y5P/ + WcitVjRKx3ow9gIpFiI62yLi7ZQ11Hugqreb + HDTY3F5PMuiDK0Fd4F9WkD5M8vJApfVfmrYQ + 2hDPbgzs88fHWtTHvReS3rNRk4RLFdvU/YoX + zzrdpLqZDJah44eQWprr8WctjBk66slNhGgy + T65l032BSi7Qh+fQe3R0IzgqLwxh9WAee2VU + 1nLRkszwzNygcfjE8trdf7pwtyauqZY9zqDj + sKNsFFabP9pYvHi7dfweR/C7cGcbMLFJVSIp + iEit3cMKHoJdU9nOC4AvUCxHXoXcpDByU8RL + x9/BWaVFGbGAZePlZw== ) + 300 RRSIG NSEC 10 3 300 ( + 20181212121212 20161010101010 1862 example.sec. + mHxAhUL2naUhz8gY2u68zZm0JDQAE0Nc8IPN + dlsMHBA8SdSmZ9M3TwWxoB7/EqylOiT8GDRf + QzbYqYgNChWdYc6Sc66czbdB5zPnwcYf4UT2 + YXkunPuTXSxWFAha9W78YeNutHIJwJ4Osuuy + h3pO8UfJc3oSyDM6SeknxH15RzHs/dr1S/VY + NlBByu33hC08VQ49MxJ22I7zQHjCEBcXoB6p + LQ0z7JlDpRJimZyHLx3QIoDXXH58TxSrUPwf + +faL6nMDGQfJGwYWpK6gThg/ZWFWbeUruZeZ + BXjtM4Du9GirSGujpHAG9NAkcBxIvmZ2Y37t + jsSwdr45U50mK6LLoA== ) +jumphost.example.sec. 300 IN SSHFP 2 1 ( + 123456789ABCDEF67890123456789ABCDEF6 + 7890 ) + 300 RRSIG SSHFP 5 3 300 ( + 20181212121212 20161010101010 516 example.sec. + isolD6Ge9KtgMdZMFeR6SD8eu8gie9LMIGjd + 4Hba7ebnUi8d83e9DRfURbOYtZTjPJqmwSrp + I0muhs3KaAmT8Sw5GxDp9dtBRYBexV7dDGvb + wyFqICy3OfhOTORdumW+pxEKfgdAfsNv9VYJ + EZIYm9vfX+qsIANXFH3D++7sNgg= ) + 300 RRSIG SSHFP 5 3 300 ( + 20181212121212 20161010101010 44427 example.sec. + 2D7q1ELbpNl9Ix4KrAizQSFPr7aG7F6OIc/W + D0R10gAjkHZhH+t/JpwvzcDqGkd3590cAWn8 + 9MV+zRkUnR/qj7+POaRb34oBFbYAA8f4mARl + BybDjTWxfbF0VTfMfixM1jz/PbJ0o0I3FBdB + zUx+g2nYmipcs7DYNAoWik5hfzalREH/fBW1 + gQg/BDbn1TvEQC1jVEfQ3YR7VMF/SMm4eoa2 + UcbjaBsDN/Mev/Nokv9+BaH34XBIh/lzSF0X + mX8MAJZEzzwzgrqwYk4Ocp7EBda5pO55Lc6Y + UQxVPNvgsrOpk8JkKlsrt7aD5nPnjWKy602j + aaZizMEvU+hpaUGQoA== ) + 300 RRSIG SSHFP 8 3 300 ( + 20181212121212 20161010101010 48381 example.sec. + k+jHq5IPvjzWCPmDKKfd4VWmE8GuvBcHENDU + bgMAUw9x6Q4630/KDOR/euZWUS65HPALZdqX + PibxJSI6xumkMIUxN2hh2IUrXlyLIVeY+DFg + //Jdwo9kC9NZrIcynxiIXYcEQpFE+ICk3qIZ + 3rp37ysrX7P8OCNYa3zXT7M305iTkRVTG4Br + 313e1OAvM1cWp0fIMo32+UM9yegMMXu2DL4C + +cD65Cd4BJtEu7dF4yUe7B2t78HzqZOxyWGK + wO+XYaSB/rSOuqTNl/0bL6NA89O7DDWCAJoR + mw0N2k+ujDF9gUOFhs9yzAgHbXppC4zocmwQ + imYF2t3Bf0u+RVaKwQ== ) + 300 RRSIG SSHFP 10 3 300 ( + 20181212121212 20161010101010 1862 example.sec. + Zjn8vpwvq7lAfqlM1SR474M+d3xffCkiEXaO + W+AxUEUAJ+yi9uAF6fsA1wpCbKjaIvPbrZgr + kvOczZlBiX0W/3cCL6KhGe7Lsd2YKqGO3TRe + cStF9Ylj/KnFFfXnLPDdODXLQChQEEnLTB86 + Jk+ZtV6psNwOjSCimSSgc2x26i3rR9VxYIf3 + 5s0K9XN/D8NR+T3NJx2ejsBzPoxQeJIb32iC + EaimzXrnSJqLuDSKezP6aqtz2Jrc/Q+E7XeL + 1PJpgG+xBmmIxIf4SijxRTCG2a656lS4hcY8 + yl36lzj6QbwQk/EE35SLuyXRjvbowwhALRK7 + PcNjz9yClFecgRXxbA== ) + 300 NSEC mail.example.sec. SSHFP RRSIG NSEC + 300 RRSIG NSEC 5 3 300 ( + 20181212121212 20161010101010 516 example.sec. + aMan7ISnjzaeoqSZNWc1qqnAHd/Uuw8Viqwq + 2AKYBv2aN8gWkpj5M+61I6RJKXEqoK8PXVMu + tzaROubJXbi1qC1gAo6H4sPqQWdJ2MuJ7G7A + +VBvKz+U4R5P90g3/mqpBjE4+BGHNkAZ+SKE + pZcgPBhzFOsKQlZQ6DWJyJVlG4A= ) + 300 RRSIG NSEC 5 3 300 ( + 20181212121212 20161010101010 44427 example.sec. + jx6Tr9aDQu1NWU+iArkQXSJu/dhsQ/+UuiKU + Q5JF83RlPjiqQhFhlyKtlARN3PepXbxOmzkI + W3T2Jnd9HDfzy5+b4tJgh6vVDDylDu72G3Ij + 7kQErZ0gSQd1FDZSU6LMDDNidUHryWMcQQXT + 9286y9ia/zey4ZawbgmdbC+YYVeKZRBkZNM4 + F9+vuOm8laYrJwj/waUAAuuvtlc9rGOxb+hE + LP4H2PkKVcMbO6jIR6qbXLl87vx7fsqzzPcK + RS7HSDAAZhmFKvvOPVMXfk1GZi0F7jxzoTIt + Gl4B1rvR941G6VxejaqvXmOA+sLs49drSCn4 + lyBW45ylAW/ZW/Uxlg== ) + 300 RRSIG NSEC 8 3 300 ( + 20181212121212 20161010101010 48381 example.sec. + r5wkR1XWQcuQ/bINl2pHKgWDkk64NJZe5N6o + EKODsgCysToooedN1kCkkaCNkjb7u7h9+tBG + YFJmHFv3Gek0PW2ldT80wMSyVn21HVPmpANX + daTkl0EE3NkjnAu7jCC8MZHAUJ1S24dEedGB + PJuDwjTlFBt/B6/dOUCVxDW5+xRbC+w6mF1v + VLsXhzq1VCb/udhbwoqfQXdztDbBNGRdkyBB + tc6F68ceUhRVWqjU2cLBl98wrxD+ZbdIXqyX + qwJJb6YtCy7swYb+8nOfVwZpAwcNkeHptDNB + zEoDFqn5Zl+vCDIgFozwj9Qp8cCioq1jZzlw + vSdWL609KjdlUbN9RQ== ) + 300 RRSIG NSEC 10 3 300 ( + 20181212121212 20161010101010 1862 example.sec. + FQEazIPqzHedFVbV2IVHLqfS538V1bNZr0S9 + h4i+jAnWSz8bhyGPcIwY4kw42wbD6J6sffoK + NlUS9F/DfoIgCpTwPLYRaq+2QD5lyUDA9uFX + 5L7JVgWkZI0dobp33sTelqvxZjcOl7rXO+z0 + MoJVJdAr0J5kPP3nz31+EWFL9g4Wu3h7ueFb + eF0zA0DYqsgD2G5DtycAwz8M2RUZNbi/Io2P + +DvjYLng9eiXJmmQ1HGBC7Vp/9D2OHm73ClM + Xa82lu6onm2ScyO5+0sUuNXCDZf+rVgtr3Ac + AsBUGjkVFgvLxKaRGZZ4ND/tuQZJrVLxwVfn + mwntrMBMVL3khHfldQ== ) +_25._tcp.mail.example.sec. 300 IN NSEC ns1.example.sec. RRSIG NSEC TLSA + 300 RRSIG NSEC 5 5 300 ( + 20181212121212 20161010101010 516 example.sec. + r+qJPmXLdfqfW/lGABbtRauhF1ivwtJYgYnL + JP6Z2UyGcaThmBnGCBh+ZVqsTF5ye6RqvfBc + pVzgLwclRHclZv3gawRptRdKRCC9cVAagAtz + oO+jt4Hz7ZmELS4HVUYd58bHYjHqGK3JCpUW + Rtzc1MzQXMerzT4kcV4te+0sem0= ) + 300 RRSIG NSEC 5 5 300 ( + 20181212121212 20161010101010 44427 example.sec. + FwiVZ84+pSDj4Ai5nM1IMg8FFMV5Rb9GbLP6 + 0oyEVx54dKBlc7aet+L/jLeptXdvf3RoU00i + C89BgPhXYBqi6IBevANrL4HnI0VLD7cKGQw8 + Bh53d5rTXKYlCgvQh5lSLdbTtnUAmhjz8Gbs + xob0zTpVuLfKBLfJdibdX3YD3k+jpyvAPfXq + 5ABOy8UJIerhxTIHvo2iPa/M/b7EtBD2xPje + +4hHq0kR5gdhg+RhNdSTlHE+LTHFy29l1gvQ + m32rYOhv+l9NnnzPbVPcpAp/UXIvZ5sSJuNv + UFk3bQ1bslh2Kb468PqnBd6uoTZXb6zmkpbP + x5BUhkWFBwL/LdvDSw== ) + 300 RRSIG NSEC 8 5 300 ( + 20181212121212 20161010101010 48381 example.sec. + n/Q1maoE9ygqDPu74PBnkZ8te2+yF2Rx099K + GUkf/s/bBD4gYYkzELdpF9+qrHcQlh0dpsDt + qtOAVwaU80VpYJCTrci3sEWZN+suwsfCVan2 + tTj8Q54FCQhbxkqcd9t7YbuyJi4ASVhGQW5n + MUdlop3M2nrvI1FadBWuiMe8RAYziiPsA3sb + X1vJpl49bgguOzp5d81LT3YrVQnIGuRSqZhH + xo+3zkGiBa4oBTf2SGKC1EO7ziul8JVbNmRv + EG5UhYBfQGmJ21a6bBftMOqvSKS1jmKIOivI + dzVJ7w+KyoUQsH6FHaxDHh8mKkKJJmDxXbGy + 3TkgwAq9Lw+qh2IjOQ== ) + 300 RRSIG NSEC 10 5 300 ( + 20181212121212 20161010101010 1862 example.sec. + VNERZktOVwpJwneQu5jisBU3ffMS2MoWqDIt + gtFzswwJA1WFr99WpCE8oKPnVY/QmHSZK3ol + rcl9nTjjbWx4aFO0UVooNR548Hi/G8nQE7s4 + WluaGEMJzmcClTJ1n6JLE0goXb4930Q+Ljmd + /TS0Y5+k0UclxSII0TErC8FllJ/N2uqGIx1a + aev+HYvwWdnr5tkYE+7ieqLeAjN5sU4zkwyW + Cj33djkBkguA9KqqEtVD2SaWBdh1rCRdAt8f + bwKK5bV2sU58wERVBKKupiUWPy8dMUeIAEky + 5cS0vDQIRTF8f+joTiXYjZeLwsbmTVSInTdz + zOjEvwKKAQMtVCVWlQ== ) + 300 TLSA 3 0 0 ( + 30820307308201EFA003020102020123 ) + 300 RRSIG TLSA 5 5 300 ( + 20181212121212 20161010101010 516 example.sec. + EUrc8WLvZmbuSRmymBPExTiotQIGn+zcIX68 + AiUWZKQ0wvltwKM2o6ilQLK8goxcZ5qZOmEb + 6hEivCKoRP0ov4yhJcndCJieQ0saa2+5DOZJ + mf6BTSyRmO65P6lVANTJpi/fSh/Bxt+qFerF + snrmHQSGVjzFBySCg5GhXB/oVP0= ) + 300 RRSIG TLSA 5 5 300 ( + 20181212121212 20161010101010 44427 example.sec. + vVF5lbC0wOSj2ISUul+4ss46jRZ3mmXbf9NY + XEQ+ArA+TThi0031cinFCbSU+4ELgDxRw0YT + T2AwhFCnEHVYxs9RoynIIiVPbnmNVtDKrGc+ + VNjDFcGQ9XikKqw6w1B1dUyRUi+I5rYa/V4C + mnDSrynMAgeZOADFbFI/JWo0p8JkPjsVakTi + RufzRg+S3ViSaAIheUxDggav2h+BbCa4MTbl + 0BIyNDrrGEwLETtDnYu51SQbJgfDam1o576W + eaEmSX3vf1hccFJem5ITVrCj+tWZY6MLGhwm + DfJSt8Umhwg+TWbQm2hXd0AdAbQVSkucY9Fy + TtYfK2gDmtZq6Fs1XQ== ) + 300 RRSIG TLSA 8 5 300 ( + 20181212121212 20161010101010 48381 example.sec. + GTsa2uIy2wS9syW/ErQ5YGemfacsG95datpp + CBeCplKsQw/Vh8oqgZRn2r39NaSroEY6rUMQ + AWtcl/LUeGsKGMAjJ3QLauiWNFXc5kqlptRL + iqlBhNSpMzROXEqpwu6o2C2MF2hFkUEtUnj/ + BZxGKbQmn+a3fA10iy9ADXAHQRXvVaX/V6S/ + yOtuAL53BC+yDGrLKKivSLW2w7y+iOf8yBA8 + Vmolq/p3+M8naHZl8LzmWReRcoBITOUMmIf0 + eq0BJ2ddwEAoneGg+168vCASDbTarXpUihDV + XlS/EWfpnG9eRSEEyFq+pj4pdb3lLNxLRY1G + RWvv8/A3n7H4rhtLMA== ) + 300 RRSIG TLSA 10 5 300 ( + 20181212121212 20161010101010 1862 example.sec. + kdBkuHzOk9CA9UIAvW00ghDCkNTqmpxjqk5E + 16e7RaCrKA3UY0Hi5iXAiBkOhwTyGCWgRuQq + AWgp2KwYnzs5ZuN5YWBqLVied0klCOWeWmAU + mb7IGK1f2veAlTM9db3WLDmSepvmbkdw3F+K + JrrqGn/sGYSj3LtXZ1oggHv/9cZWbHfipwZi + bY1NfA7matOb2aNhO70Jvym72LFtNVbwanlK + sesybPh+dHyRzMAyQLibm7tapJahko1d+KnR + L/O426UvkFEGeu3Gm7xhN+hx3TM+URDfc7zR + oWvs4rod6IZBIi++ZB/LuO+l3zMIntIy6etY + y4ZQr6lSwWqCZQIaFg== ) sec-11.example.sec. 300 IN IPSECKEY ( 10 1 1 192.168.1.11 AQO/C76MVA5WN743YYeE537SLNffRZvQ9yxo QqJP943gqs4QATtnJWHQ1SDWiRE2aXl7SJoy @@ -783,134 +1187,182 @@ sec-11.example.sec. 300 IN IPSECKEY ( 10 br2pQnZ5ul5NCgkhhcr26IPPiZm2eww6ougs ogj6kPdSSQYZYayHzVnl8NFQ9uCwbRTryepP zZP5Vd2t ) - 300 RRSIG IPSECKEY 5 3 300 20141212121212 ( - 20121010101010 516 example.sec. - EnEg1ej/+kvQzICpJiLxQG8cQ9/cIR+6R1oB - aFIPxhIdoqWAvLGjAbZsgxajFsTK3nLrZ4V4 - AknNa72DRIBsQ6CvLK+UHQU4nGnHg4933/zD - OW7CAXg0dEUYUReiKxukUjJcGQvs7zL9tyq/ - 1vk7gGxrNaR5hHurD9kpmwQB9Xs= ) - 300 RRSIG IPSECKEY 5 3 300 20141212121212 ( - 20121010101010 44427 example.sec. - NTVi/tlizek1k2PbjlpU5aPI0U0c+zLsFHsM - Kce2FHauoGuItfoRXRDryYw6hJ1xAdqhh657 - SCsMYCXOfzmU6qsstKpTCMH+cM5TzuVzyIYL - gmiA+y7qq68LVdArrb0ht762RpQZ8RrU/4MI - YJKX4cqvqXvqHtenBXeqtsklZc9fuQCH2OKu - wUxLNoXuv08FVEXGQb5BV3Pp8JjoTD7z/SL+ - qicgqSQkyO+TdUOQjtQIC0yRaUw2evvh46cC - pXc5uXRMukdMU7neSI7MMFoeDYTLip5xas2D - oeecHXrqC3PWGgP8mrnOT7s8ztNZ3BtU42XP - hx+ZYqumRqu6+zVtVw== ) - 300 RRSIG IPSECKEY 8 3 300 20141212121212 ( - 20121010101010 48381 example.sec. - UKuKZlAvsrmOd2k9PdEwz5x3TlVazEmfZEts - iV4z7nhKECj0LFE0YjC9dVWXQrJ451ulpMhO - RPWd1lKpJkx3rPWxphsFrP96cx+MnUOSaCxE - FoeSNHc8ODtXBU8CR2oXQwMAHOABpfE0M7d+ - laGQBtEj/izMuNwSVGNd9TAHv+v/1zARaz6n - 0owOBRoXvszAvKkyEHvV/8LZMJ+aMZLvJmCj - vb0E6Szky2dBgBKO3JEk73Avb6GLtxo1s6WL - s8lYmQxpOlqY4pJi9jqCB5PeNa6BQbRbIyFh - 6nIPgi/QT64MTPRzI12wcvqLDJczgtD23K78 - hBDZRe5WoJHE7bnMbA== ) + 300 RRSIG IPSECKEY 5 3 300 ( + 20181212121212 20161010101010 516 example.sec. + D+MmZHKbVmQCIkTu8SchY0UjsB8y+UtTC50R + Sd/5DekXVogIw+f0QY3PEZXl4cJVBlKS+lRp + tHtS5/244I2N+cRSffdHwhBlZpt9iD7S7CL4 + yhPVw1oRqhSlNv9rPTiXVwiX6HmCeoxQCSD5 + G3vX0k3zSCGGdkqlk0qtO1QT694= ) + 300 RRSIG IPSECKEY 5 3 300 ( + 20181212121212 20161010101010 44427 example.sec. + xyMK4+VtzkwjdR8ikxuZ8WR5UMntcaS9vZ0J + dpMSTk6283PEtwurrITYxkPLNnrQPgp8R9Dt + JHUpU2HSMOgYMeCQ/Kn+0/bI3zAuv6RfPzaO + s5olCS6EYYn1+cCeowLETTiL/OV2zmtuCRx7 + Bbl82788cTEydVlLs+cFT+J4RzWE3f1DW+Gf + Jf1o2TQtQKQSZM+USCfLD+Ze0EHkQZkffWgF + 5RwLxeeI8AaXDDut/ZVQpEXqFvUMTVa5RlMq + QdITIJ3f2xKs0eeeef9xRS3IS6/fD0uEBg1+ + MRBMezzbYl//99R2MZVEOOLQ1XeY1m/akTBF + OIHxzGEjLuhXEhv9ew== ) + 300 RRSIG IPSECKEY 8 3 300 ( + 20181212121212 20161010101010 48381 example.sec. + DuOUhn590KHaanXsaZkjxlGLnconU8B8QlF3 + lmn8GBViqcpegxEMKvqkwIazJDLGsPoDZeaP + eSEFGxC13dLJiAeMpTnzzv24EjRTJS+NamJM + CKHQDSKqgJkOzmiyUOlPfA3vfZLaPZADrXGR + uGFwqPcEH5lkNKfWfr5QT2mjosIZtuAvjnpG + Siz6LnaTLiFffin2iWKXkgcjRCYr0cgTDUvt + 8bWBwxS4RD1yZIJmHx8UwOptUKrBZnPbbqXZ + 3Iqm4NeOzVIKlx19p3MXqUWl5dgPGBr7qUbG + r4y1zmnu0DbVKiCfezgM94Y03Rfff7T7dCga + dwjuEsRStvRKig2DBA== ) + 300 RRSIG IPSECKEY 10 3 300 ( + 20181212121212 20161010101010 1862 example.sec. + DRKBmqio3VJ+jnJ4F45B2Wf1ZXNRMUDKUwfB + ECFhRTBG4fAko58EVJDvNF2j+Hx+MRFjokgm + ZKeKZYleu/jo0SbwZjxsk+LZnUmRte7A8uQ/ + HVNR7CK070H7gYS4TE+F2IyMd9S5z1GH2e2f + VgsMwlA9TSZaqvb3VnvoPNw0IZiwbmw+T6Ie + DvMp6pVC91GRc472mbqmfg01GApuAYvGRvLz + 1tU+g+tOLQZzxjFw7cHkbd20a0eRBGxTSN9j + wmloooDznXy9aiSxBCQ+aYh11hvYMpzoIoMF + 1F2mnT3LT3FFgCnbLH2o0P0MpOYvKj55kdrB + o/fw2K2jN9bINLrhfA== ) 300 NSEC sec-12.example.sec. IPSECKEY RRSIG NSEC - 300 RRSIG NSEC 5 3 300 20141212121212 ( - 20121010101010 516 example.sec. - ehNmR/L+tbSda5bN5mTUfSqUMd/OL66QnwXO - v/m8msSR8bfEs2xVqkrWTVgXkw5C+UBBU+3b - 2hfcsvseeaKxeOSiaS0zNNDTNLmK5AHE7r0l - f4bo2QeCjcWr7BlToPUeqMCKoMNO0dQH374v - VEFH2EKCLM1g+CF7bFhM33//sTQ= ) - 300 RRSIG NSEC 5 3 300 20141212121212 ( - 20121010101010 44427 example.sec. - YuvKjeXvCexLL0JicGPIaKEo1PwTr+oS4p4w - LuqZ0neZosi5dpelpmT0Jn5ZXJNstCS72cRZ - 93DyIdvUNcgf10razoOsPPRnRMAMM0iGRN/7 - JQu53DGHV8xHoRleyddNcre9/XHK/HYGAEbo - w4cFlnzwxTtNLfx1tv3qEVjEIBSLxiZDDj1s - VnfP/YHYhTxSQliakrrnKKKWe6fx4NMptJrp - O6YMXD21vlajzqtt1aA4m8mIAMSNkNRcbTVf - Dw2DJEe31agigtBRFZPICiZrq8YcH69rn5V7 - rOy+InUYTozL8XOUTThiOvAE3gZqAB3J73PN - LSACnFRq1Ntt3mqdNw== ) - 300 RRSIG NSEC 8 3 300 20141212121212 ( - 20121010101010 48381 example.sec. - EJfIAFT8ihSZXxRlLLV/0vJ8S5P3ml/97dNW - Loy2ifAL3+r1qVFIf8ZOGomN6ZF98OK4M1Cu - Rk8TrXbplE4CiQFF7+vWwSes4NtcSMTJTA3Q - V9Ehk/zjiEgrvUl8o6IEbMo6Li9Neo+/SKCw - A+GmSmq8mr1QGbKmPuwgmpSkij6SDN//xuCw - x2AMDppwnKahVYeeA/fn5d2Ja2KhEwoxkM9X - GGVdPBKxdG6r25v5xImows4AWqDiJysBjT9P - XrhA+7IEzh1oujMimZ4nV/f0h7rknxaGgkjr - 9pweheUpI0xb2qGVf9+it36fHSJL7Y7BvFP/ - H72Cci1DGCXAaZ38uQ== ) -mail.example.sec. 300 IN A 2.3.4.5 - 300 RRSIG A 5 3 300 20141212121212 ( - 20121010101010 516 example.sec. - j3or3OPRZZcy93VY/A9mWcZkPxqi/NcPz52a - X5jPjXoHVcpwM6/SbQmnkjv8H3PdfVaWwW7/ - KOD2GOMEudZC/E1LiA09IGDtMR1Sz+7Ythq2 - uGQ3JPlWAmFq7sWegWVSpIDeOKRuJN91/Y5F - olyY0WTYk9LZu5Jhjp1YcD8FoxE= ) - 300 RRSIG A 5 3 300 20141212121212 ( - 20121010101010 44427 example.sec. - brufiALVyphNdDEA4NLWVi9iQUVEB63Af+Ro - 2uig2q22XPTUOBLg1hrNJDUkdczG8vCUBBC6 - ZKiCQ/z6d7cm2gBTrFBZZs+OzRKZjZDY5mfL - wz0JJ6pH9befaznow5RUGOA9qvf6k8Ob0yWM - /JWfN99n0e/RJxBqQeo82tYW23/O/RVinmZx - TmabPHJYybSzlNAd6yBFgzqz/Rm5Qqz03re/ - tghkgALM/H77NoWKzO79l4wChQqPrG5XNV29 - TKQ9+p6tR/9HxR2SPeMHhBCQSR9WHcaZp4Wk - jYXD1Bo8fnz0dka5D+R6nKCuT+TfuUezQmjK - sJKM6/tRBryilBBMRQ== ) - 300 RRSIG A 8 3 300 20141212121212 ( - 20121010101010 48381 example.sec. - AhsXyz+TztaueevZHV3V1YC8kMsz1VisZ8Ja - T4/LtB+ZaJYGgSqT66AovcGivXfhv73lM6cw - Kp1VnlvBhr4f30sPkXuOsC80KSLAvsLp6yCS - QnSMLT6XVCNgZwLc5WPpsOthAOjhNxiNbPz6 - O+odMa/rW/EooC504a83KJkcLvvX1okacSG7 - ljnVqtO1XCFozTi5aImXf3dO7+AzK/6Dl0Wi - Os3bme2jb9gPuyjwtIYbC3ej6IwDYJ0upV6l - G6ibkUWEPTQgoRPa5opBOod3vHd6sEEqr9V2 - 4pRuK9k17NujJrcgmPtI4Vhqmfy2eQmp29TY - dgftgmEdr810yDlAFg== ) - 300 NSEC _25._tcp.mail.example.sec. A RRSIG NSEC - 300 RRSIG NSEC 5 3 300 20141212121212 ( - 20121010101010 516 example.sec. - SFFAGKi+qM26llKMe4ePNYY7lXsqkbP2+pXd - 6jCc1ID9R7QOGQlV9LqO5rsEUkWSXUEUg8hZ - Z2R58go6jHpGIDltduVZ67ltG+jRqQM0VlAs - EGVBkqlF5k9PHVHg0O5OF/6pIi341EvOYodF - CF/9Ywwx+N9K6kquU2M4A1Hz+UU= ) - 300 RRSIG NSEC 5 3 300 20141212121212 ( - 20121010101010 44427 example.sec. - ESaQbBc7BRAfQS0eqqjo8GHZs+D3UuEiah7T - c24iuLvUODcZUCsabvxXReJBaVxX8eATuhdi - chpLnjJKbqDM6/00lmMtnJD989d620L0Zbcn - GhqEzOv/5sqCXZ1cdu3Og3Vm6UsN99xfEDcZ - /FVEjAQqraDo0Lj/pDgmkpHX5gPEHR5l1bal - JO6BWuHRmgr7t0HE6j+Sq3OFRnfGGlOAgMmJ - BYZHOGrHKNgo8d4ToeGKY+Liw2+3+n2iFwQ3 - u99v5E1jycps8gKWavQjfZ915LKkCmPljbSr - SwMU5UBNvw+q/Amu4GafHOpJjMwxnnvIROER - utFLORV0YcNBv2oKKg== ) - 300 RRSIG NSEC 8 3 300 20141212121212 ( - 20121010101010 48381 example.sec. - Cgv9JsUZJziHfWwMWuHkcUgDcNWj5zEZZoDZ - UbHZ5MGb/yRSaq9Ps2NT7yzWbTtKkHx4K/Kr - kzVOWyRshHyHbzzRwmbC7tr6sTKJEsxZCoTd - DtLf+V2xrQECP4oI012Pxcg27l4BnK/Hu2Or - WYoPsZIWKcmd3NfDgBZW1M2/plhex4dIzXR/ - 886+vjAjRCT2Its4ZD6IAexVhJsSQiej2SLm - 0D7O+LAFlAs/NWYV8uwHVGslSb0QzB0Y9Ui9 - O6UtL9ggc9Gz5I9S/mO4pbE+POqBInTk8kju - BsJxi0ZcdxEg4Mg9ZYIFBO5BkeQZ/9c4Oi6k - sg1GY4dE7xU6RB2eSw== ) -sec-02.example.sec. 300 IN IPSECKEY ( 10 0 2 . + 300 RRSIG NSEC 5 3 300 ( + 20181212121212 20161010101010 516 example.sec. + XzqRMTJMJ0oSPYwQt6RIOfScmhcQa0iHfbSs + Ix5TV/c8lPWuMpanbjWUvsMblw/GypZLiIm5 + DjKi2eMDlLNyYNN9DsflkwkPaBbKirWq4vgg + d18bhRwqL3Y96x2ks89aiP39AWrau2yZDzX0 + y5fJiN2jcSc49EWsdwk2i+Gr6y8= ) + 300 RRSIG NSEC 5 3 300 ( + 20181212121212 20161010101010 44427 example.sec. + N0FMEYPy/Za21InzmzSYAp9OnDF9IEhiCXaz + EhGlk3cBFsnuRvXZrtTScoDkUBXuuFncyJMW + Sj+WGg17L5UhsX6rwx/EjQF/XGyI/DOLZKB3 + c4ll4t6QodCo9Iz7kPXmra8qrdZTRPRgRqzV + 6HAk/so2iCidbEaG8gIBfz9YWBRn0VCKG2Wp + yqLqs3IlAdR5mJ3haOPM0JWr0kWywXA9YmWA + fvxXtq46gepNcVJv7/JXr2b3c6LQX4V3+6mc + NhxsDK8KrLZ4KOdgwUWYv0X5mXZ6EE8/rQJe + SVrViDzVWGshK2mS3+VJzbZuPkXaRXfxjkcN + led8XSLpIlzGhzJdTg== ) + 300 RRSIG NSEC 8 3 300 ( + 20181212121212 20161010101010 48381 example.sec. + MR7kag6aIIFa0Cjm2FaQ429gN3BNaXZOSFer + Lfop7SrNbBG1+K4beNuyX8oUUFuxaK/JyQnt + B8gZ3Sd4+X+gRQ53gf4AX3qNCsngR7OjucmU + 71r38xw37B7VaTmGYMR48byanpvlX2RkINoS + utxs2w+O/oKGZsK4VwNrQcQc6ZuvQ5DskIEH + lpKwkZejlg7GuLaosnZCRiHmTxehhl6tP3cu + hq5cal0gObUPDrZDnV/ii8E4o9alh3TWeUoN + 3pvBVlMTOEtjRA4LRw8b2AhDEne/GwNlo96l + dDvcMaUL7K6BBFEkauxvL3L1nqzirLqBUKQk + OeGbPbQtWjtChxhlyQ== ) + 300 RRSIG NSEC 10 3 300 ( + 20181212121212 20161010101010 1862 example.sec. + mzBFRnRJRVITpu2gG5Z88sxCRVtPxJUvII6+ + luYDKgZtmIflXHcpS4CC9zccaGJAuSjuBAgv + mDsbN2Wf9s1sC+T/YFQG53zwom7HSakr/A5P + LfYMgZTlp76W7/Bd+6AzdhV/LQ5lFUBOd4QU + GrTObiRlpTBidCP64780KeJuputoYPx5QOUT + zxaIRht1HYSvpHYv45tCraBK6ab/1bZKrcAO + qVFaKuWeYhgJQ4YNyyAzKke+Acjr3Vu5Uz6n + mMyvoiPx8saiDJZs+aonkrEVONYF1ZW31UtW + gIAbxJvWPwfoh7Dx79v+TEwtH2nEPknuQdso + pV1/AAwEJwMo9ypOlQ== ) +ns1.example.sec. 300 IN A 1.2.3.4 + 300 RRSIG A 5 3 300 ( + 20181212121212 20161010101010 516 example.sec. + VSulhGHN1NV7QH6uzJ55ApxAjZq+6Qn+DvT4 + Y/Kx5c4bw+ZiXErJmJJBmENScT+52Hh3Ki1k + x2O2hoIm7v7LSC/+3jlTjEXmPxV6+Cam3s2U + apmxZN+B6KlssH/1lgc7qzh6yBDfs+IZaakj + tMt+2gUSx3qdajLtXmAnCyiLJLg= ) + 300 RRSIG A 5 3 300 ( + 20181212121212 20161010101010 44427 example.sec. + o47UUbgcUSd9S8zOFs8h3vWTmcuP+cZRD684 + UOEtfOrWNGmX3kQZqB4UznyUxALz9gxRRWzX + zDK3huPkA0WupVEbYJhqx36EqLMEwryoGqE7 + L8upivTohovDeuJRcmz1xq1M+8nSNOr33N9T + yEbpiuN744WsnvGM2K/aja4tkMRImuk6Ed7n + sFMUBK8+SQxmIVMdGe4laJZLOxVKqXAkmIw+ + xs7yDjPs2JWzFD3XFpX5yiQdcGuwFIFbpc1G + kdxcs12H/XHvNoVUvMTf1soJTcvaBzv/UMFy + KnRSuhCk9JwQQmguULZ7jTgiKVSSpZ9+xr6e + xuxUMIuaR45XPUXV7w== ) + 300 RRSIG A 8 3 300 ( + 20181212121212 20161010101010 48381 example.sec. + Ce86aefdf0aMdoDxrkoP3cpUTeZRR6us25Vi + 6T/ShoY5st8+0z/gkjraK0/7huNZMkvixVeZ + rnsi+g2z1Kvlu9wjodDfiVWUymjrFdNtqscG + tsqNfBRnH3Hrzr9ul7txWZFlcnrLSKm5wtNK + XJZ5ChH02rFvIgOpyJGj/msvh50j1xmXENrq + xLevWMy9dQjqi/iJ2K0dQQCL6w9iKW/ixxh2 + Js7F9zYkWYoPp8A+UhrAZep8Q7jE88iymyko + EAKIbb7+/+QENqJw7WDx+fZ7eBJkvLNwisU7 + SwPT1vYRgDR4eHzRJGPEWWEIGCsRCj3PqOW0 + no3CMvdnYisET4I6TQ== ) + 300 RRSIG A 10 3 300 ( + 20181212121212 20161010101010 1862 example.sec. + XFdqOX0w3WgayGkDBihXDKD1zhCBVOeaW3yV + J5YJS2mJNgbGUY3QXz7OwSeQs8cD9cHxget1 + oIMR+op3H8VY6h3AzJP2EUNWw7Tuyh9wpdpU + NRAkRA3vsfT6eBccQIbTWSYFIypdDufT6PHA + hMJNvzSa7ljRPTuGiTZCersfvJ0cObNE5R55 + Y1qNNcmoFPysCHzZE7sdxmU1AO4IlhuXMA8A + /LCXGFiMb5MKzm/qlrukTnUn39t62yEkisuA + 9P0jMD5fWey7KyZVS1K2dKqJdfuhF0eUUf7D + 5i5wi0s1eOCZGRV7BU24Up91DkMUHCyWQ2y8 + LoXhow/oMgADtWMk3w== ) + 300 NSEC ns2.example.sec. A RRSIG NSEC + 300 RRSIG NSEC 5 3 300 ( + 20181212121212 20161010101010 516 example.sec. + kVV6hLZf14IQaAISR/uaacBi1VBjKH46BsYG + E9AoKqcBO7Kxu+KEj95yBdea08vzko36kOP/ + uWZ9cMXjXCigMojjqFWkv1RhJdMVkQ/IgDPx + MCDiHrA+LI4z2YexyDuW/dnDacDDBS8Zv0XG + gwMu5+86R/lPpBbC2KIfPXWZbnA= ) + 300 RRSIG NSEC 5 3 300 ( + 20181212121212 20161010101010 44427 example.sec. + VoYzCDJPSLHtbuhrKoX+po/RHHYU2oYly+pp + xhL4M3SNRxD7JZ9+dY/irqcGLheiMREuRjA3 + rCGp2NbPtLjmMfZkARzhoOTtYNri+p0ka53v + a73X8T1xYAOW588ziWLLruqKa4Mdi+Ru+9e3 + aNW6AzQC/MGhiP/Wjd1j9ZeGbzyIPq7rFXgI + 7keT6XhRkdsGI0jMZmm6YWPRqwJXr0I809Wj + GMdVfl3+Z5FHaMQyEXE2LN6pZnUY4817GfLY + dAynL077dRtcUOjG7MU9tQx57rx6aNw9I/Qd + SjWg5DGWcqAD6hVZB7OutY07HbODFwW2YBKK + SD4pO6+t3OUyTimNKw== ) + 300 RRSIG NSEC 8 3 300 ( + 20181212121212 20161010101010 48381 example.sec. + MuiOyDyiepK/LcssFA8yXDEeBQiw+O+45C5J + Jzae7DMDqkW/LtZR8BBrKmbp9H0rTs32Bnx+ + CD+UKc9IW4q7N6ReWp9/LAEK44SgYa7PEnkm + YGWBZqPeWqmzp2UTVipD2n9w87iFXu0lB6Iq + 7/nuBd76WBBXULjMq7HppkDyITEo1LowffkS + le/rNacTQYmoGjIhjZG6aCIbHSVdzsxT7Keh + apXowiGAJST7zzL05055Vfw0VaPx2XyPacGV + xlTwZD6og/fH0dphUIPy2Bsad+Im/ce1rmQ+ + H3XeUqzVIOWpYJqNzEcythfxfcfDTdPg35Hq + Fxo5vKGXe2FteolkQQ== ) + 300 RRSIG NSEC 10 3 300 ( + 20181212121212 20161010101010 1862 example.sec. + Sga51xsZS7XpV6Qgm6bL8HY7xsplIOwKyw6W + VTFtZk86lIysiGEOCPkZWJ9kkc6QpytyM/Lp + hUfSKU1Swto+laEKt4zGadVFALDb03XL3Mdc + RB3qrmZLIDv+8ox8mTrscv/mTjt1PPYS8/gn + IwMtuJkFb819ntuIgPoD3WL8ttCCIJkq2KHU + +Tv77wOGGoos5OUKtzXw07t3aQwbcNRkYJjr + 91YZqRxLL67FSBXKhTRZmpmvC3Mp848en07A + 4vgvij0JJ1YL8Zp3aIc24dyf/CZ8HzwzTQuF + he33AXb6xjgmADby130rM66bO1dSDo+/2GRU + 6p+CttcRRbjk2GParQ== ) +sec-01.example.sec. 300 IN IPSECKEY ( 10 0 1 . AQO/C76MVA5WN743YYeE537SLNffRZvQ9yxo QqJP943gqs4QATtnJWHQ1SDWiRE2aXl7SJoy JAu7jaUTGKWXzStD2wpkBIJ1IZ+avxf8zxRt @@ -922,295 +1374,270 @@ sec-02.example.sec. 300 IN IPSECKEY ( 10 br2pQnZ5ul5NCgkhhcr26IPPiZm2eww6ougs ogj6kPdSSQYZYayHzVnl8NFQ9uCwbRTryepP zZP5Vd2t ) - 300 RRSIG IPSECKEY 5 3 300 20141212121212 ( - 20121010101010 516 example.sec. - srEElTd1pqezDk4QXaxCDonm3SDN2vSLfSV2 - 51LzIcLuWaAP8uLydQfk5j/EclOLq1RRpcNS - QqGpH6pibLFEP17dzqBbPj/lpu3FC62u9mLE - 3WIQm1rb//yX623M2pLmMLnXLdbXiDISwX/N - 27brQ8xtg09uLo9NbIYX9CtA6+I= ) - 300 RRSIG IPSECKEY 5 3 300 20141212121212 ( - 20121010101010 44427 example.sec. - SR/yF8wfPQwjqtzJF+XmZ+06sUz7drIUyCcJ - 03iBBq65kMEMlglSf8qVboaCY2H7X0E3cNfs - Jioc0uxmRbhMZrChMrPY4PR5eKQ+BP4GENLp - SnBUAWeBGmPhfK0vwXuj9Pp6AgHrCZcgYxM7 - AtZemWm07+BqiWwQWM1e9hy4BMjH8yCyTCAq - a1y7KtYXWcAvs6YRgrI8GPMwDtI4E1JDBUR6 - VN3aSFFfSXLGSO/Xt1ogVWeAMIifzm8at7xh - OmHkkOJmw58lMRceaKH4DiNwgMe3Wn7d0wgO - BHhh1awLYLXibzHDeH2WbfK83lMbPRPs6Ajh - EJigKAIYWDGebUi7mQ== ) - 300 RRSIG IPSECKEY 8 3 300 20141212121212 ( - 20121010101010 48381 example.sec. - TWykLOTIRHVZaU/h4nnrfHWBE11dbknXM5Jj - LWtXv1Eb6Z6r+b31uQCJDItjr+t6PotEDx3U - c5yNnD1L+4REoWsTxdGj1J6rS+QE7h25kyBn - FBD2y8X/c8NjqJy3zfYw7LOALrC11IaI03iH - SpS4P62+B9mQa/QG7WFc0N9Bjr7QrcW9QI3r - AGiu33yQ3BGx3sBXFFiGRxq+N4hGHx/LpUJU - DW85qFE7Omq2Zd7kaLUkuo45fiwV9P/54G3e - MvwHOmTjucJOZraKKoNibsyX0KtC9WROTgnf - OwaWBFjR3xILtHOphvgjcDDU8Jj4Cbgo9Br8 - USMYDy2MWtYapSuAuw== ) - 300 NSEC sec-10.example.sec. IPSECKEY RRSIG NSEC - 300 RRSIG NSEC 5 3 300 20141212121212 ( - 20121010101010 516 example.sec. - s1KV6YbHSHFljDxAM+N0yWIbqBc3bV2nBEEw - c7i3dLQgVALjyqItuthZNgI5AB8lBgcFstNR - uM1+Lp8lS02lv0lQRu5fXzaeieg8l7LM4Cdj - uRLhqdVZEzYuiCS4ZojnRjwzDTigF5ckXbMa - g3Z1/x/WFcGhlBhwktrOVJXaJpQ= ) - 300 RRSIG NSEC 5 3 300 20141212121212 ( - 20121010101010 44427 example.sec. - HD0pNArh0/sVcgLhfaJagHVPJ8+v7HMwmwE0 - KrzvDBrRBKmcQOfZ1KK7JaJfv6lHdkHYizxm - gkJFcSj0b+gHNZGi1S9la8M0967noVZoZjjX - rY1F+VcxTq5LUu+IQVyMoY6hd8twvNK5LSPN - zt51UKm9BB8yNrKwOQi0fYz0M4dYC3x/5Mij - QiBMZrdUj7DjNP/mYpse3TOMip8ISKeEFEZe - 7m6g01mjc3yPlsl+yNyRRdwXTv3HExGo0pGL - JRio9dt600BP23yI4d/QPiLPOAiQ8lpNMrVu - MsVqS/clsOg4fJMLLie2lqmGPjnJCkx9CUbS - AFaOKXHgPwfRWj3vNA== ) - 300 RRSIG NSEC 8 3 300 20141212121212 ( - 20121010101010 48381 example.sec. - ZOjgqUmmAgf+Q2dCVvoEhEGMOpQ6BYV9NkQg - kJTY/b7sk3lolOH4D2sPNeJPXEn9IwWx2HVH - 5ou9paYj9Bn3CffUPaEDBh5eX+1wiQKiv8SN - FTVOYFds38i85PplVu8liY05P9eic8kXNoC5 - clK3c8wWKZNtcewhJn+bH1YvSbJ+4qWgzSXi - NSKXo+wFElkh+IJDLJXjxPe4f0tKPGA55j0Q - 1/uTGoOW/1Igeb4zm2q3fLtsxn4bNwDdVbG6 - /mQRjNm8X280bzzaIofdF00nXxpigOHwFLll - Fh3OcZ/73IQlGUB/ZNljzjjI47aWWMilcEcZ - 1JfN6sYJMPWWLiFoxw== ) + 300 RRSIG IPSECKEY 5 3 300 ( + 20181212121212 20161010101010 516 example.sec. + tG9BDXttAhq/pvqvAtAnsUin46/z66T9yHLH + Pt3gzwnIa+r3F5hqGxqmWEhelWUUxvwGJcQh + NDscQmWvIY9acwKF58d+2sY4JUOj/wR1ZSWD + 9oYSMe1Jnt5smGcbVEEwvc+oyQ2POVYRO9wL + KKaodgZ8W5BGgyk4IHYqS6Fp7YI= ) + 300 RRSIG IPSECKEY 5 3 300 ( + 20181212121212 20161010101010 44427 example.sec. + E810x3vA/rvBht30WgCi7oBxxN6hPlJn8dKY + uy1jAC9vl2W3J5A8UhIt89sff8kTGCd3dN9L + yrx4PEzRNRKxbCXXF/ZCZdGiG8aA4BiLUTPw + tgtDzuqx2RAm6hxRlYw8iERDn5h9tdA625CR + 9cnROxhjx3x5F/Y9hcJf4mz4jMKti486DMQB + uKENyFFBbSx78ZUtFy0Zo17MXV0xM5GsMSgP + gcS3IRgiY72OR43eQ9HXpexGmt3mnQt5xQ6+ + QWELLmWNkKcOTZamkeMPnQmwVdh+NGJVLStM + xQJflq606f0e1YMj7FMGJnIG5yJZwrT2jrQD + 2N8DcDc9H8/wci8sZA== ) + 300 RRSIG IPSECKEY 8 3 300 ( + 20181212121212 20161010101010 48381 example.sec. + MRFDvSNaBDN0uXJHShWHAoe3163OlwKjh5Vv + bHPOGmMqChzJT56E2YN1LLNHNOCCePWUqWzI + 8KUpSEzHPn0T2v3NoX2D59ZpHWBY1S2CFqxE + nQf/qEh34C1N0ue9sDlj9lH0ze2+S5rKbI35 + UVjcO94kGKpEcBDPfRDEBcfgoni0qrE0FuFG + S0ycAv87e3wkWeF6ISkeuHph6hSyrtol59z+ + KdlMTNY3vRvAQPv6oBdmb2Ri6RgINkb6s5ze + gCR640JglKzjPDyysJkTOeAUK9TZzNuvlXVu + btZkqqSdKpug1ik5WfpQWI1u9RIeSYFu/+ai + usucxtivAa/mE1lsdQ== ) + 300 RRSIG IPSECKEY 10 3 300 ( + 20181212121212 20161010101010 1862 example.sec. + iydE1zSvkIyU3ogg44zbiyv8aMcs/o1peWKT + 49o38rb1cg5w1dU6Y6SuyHmGI7LThohOhZbI + gNewSLV1SOa+40a1sEeKuwyMdqDKMgTicH42 + t4P0FKdZIJmMtwbRqV4zW1uB+6FiGQbYwyAE + AWMKIbo6MGxKO9kXfYCpjewS3yIhI02WL0V4 + lUsw+rupSUbDfhykghy14qBlF4EUCUfIcwZ0 + ROm2V6oEF3f8dNYcuSDovgF93qCamn7q0MXe + U3lsmz1B3CspT1anuezpvR/kXIXJVpXSi2Ox + U35K404MZkLzl7wZNaGR1pwkW2oTsWqPJSQs + 79ph+sMC8vi9c+xguw== ) + 300 NSEC sec-02.example.sec. IPSECKEY RRSIG NSEC + 300 RRSIG NSEC 5 3 300 ( + 20181212121212 20161010101010 516 example.sec. + YCt3Cz/LoltgpW8xGEYNTIH1tHzuE3BWX057 + gEex4Ymi1vVQacfBYMaiDZWg9VeVonQ9kVNP + 0q2cpWCIbbwu5FhLqiDQhBE/eQg8eDlY0Gwk + CCSZqont4U94Q0NkuL8P2cVH6KMkTyifYa8I + 9/YYV8y3QbZvFVWyv0kvOXuUqP8= ) + 300 RRSIG NSEC 5 3 300 ( + 20181212121212 20161010101010 44427 example.sec. + UwuuJi4OO24/1H1+Tve5xkBiisXsvk8rnPac + 34/Wpx01PXiKKfSmkCUX7tREYQDqHeMbgNQF + OQYIjeLNPVEEKwrAzu6115+H2FKCk8DDnxRr + OOAVAQXflDXtZ7op7I7BwvAMsxA0N1r4e/lm + tpeStt8Ky4QVICZs/XJ/zqnMwoOa/QJwY/nG + Kfs+V5VbuZqQQDBEVLq73l1Zb1r8G/Wj+SNb + /d/WBDd8rf+u71OFZKlJgqSd73Q9fQyYtZea + cKiGtOpzkh1WT0SnATNhE8TEDDzN+K9ymoSW + 8/gggv+W6L8/cvvfFYkAvKhGgdhuzJS2SE6n + p16Gl/Yp7jQnmVgnoQ== ) + 300 RRSIG NSEC 8 3 300 ( + 20181212121212 20161010101010 48381 example.sec. + Yd9ttghL3MV3+45CbmglhbEDp9n1qH3lfLs2 + HKoNzSCh0AGHFwnNbdAjn0l99dk70v0aYZ7k + RVQkYVXqHkHVvQdqYs9FRtIXct4e9bHP2ZKB + xAAoRSgKpAiwjhr0MX/nq8j7UacsNB6ndU5R + wpAy9LVHJi260ofvyAumJazCYA3z/a1N+sTv + O2Wzgkm/qSlx8AKrnTdbOcTnD3Vq/bpRoY0w + RFcs4N3qdkILyTBK6X2I5eh8twHouBoeATWX + nIs+I3LGvp+H0gAntT2OQGqeMaDQwYaRjBJJ + akwoyc6dRN7rhD5Kp8Kpwm/HOJ+I0nW9UZH2 + jwrE5q3ghaCkAS24Gg== ) + 300 RRSIG NSEC 10 3 300 ( + 20181212121212 20161010101010 1862 example.sec. + hPq+o9oKOcu4lXZqKZljb5vqEgyXceKdZhSA + Cb9iTH9gQOAdl3xPLMebiiugPaQ9loJgZ7dl + 115RFqpykpbM62aMs4gL8qB5HXzeoT4tmxyC + HHJMiIGfBBAvUcbTUXqC4P50NiFaC7dmmW+E + ntAZDbBn6QcsH2La7pPgtoqTA3vANDzvxDfa + OSwqXKaTvaYuuMo5I8ITuwygymWup0DtE3PV + fc/c7K0vxWFFKV3uss3WV9f1kTD5AzSqh/Q+ + rxYyixdPi2LlLmZ4K/7NRBy0KLKxXGQZaBkl + rWF0rTpwnJYh2pnfhKJN0RuPBQxUEuMqg2Ul + VN8KhJEgxPg+2PzL6g== ) sec-20.example.sec. 300 IN IPSECKEY ( 10 2 0 2001:2010:1::20 ) - 300 RRSIG IPSECKEY 5 3 300 20141212121212 ( - 20121010101010 516 example.sec. - qJHEWMPK9AnL64sEGYj2CNF10HQWeTFdV4IU - hU6O1/z9U4PVOIKmJNE71avxoKOSRBIfAB1f - yR6BK3HBHcqsIB0GpGlsau9NQHHCYYDdypFX - KlkgH0GR/vEnhTlkEO1KPK06fpx6C68Gr0dL - 4B+vf+S0I6KbXnP10Cj6u0mO63I= ) - 300 RRSIG IPSECKEY 5 3 300 20141212121212 ( - 20121010101010 44427 example.sec. - t6PoSUCO18D6svanlBKJhl811aei9SkFRuND - RM+DV7hvdeWLIY7/qgZnlxIRD6m/Rzta41Is - 3H8NFLXkIUrB+V/CpXMMN8PWiSgrsoh6Ovb0 - K5EWOiEjZbh9TxMhgQzDBwwU7M7wXnUssWWY - IVpWiEKvqGqKj9SCdV+Guig3SSt6yR16kRJL - +63OJW59tA4/TSdyywTVfu3abQzZe1akZz7y - cRkgwb204NAJCSLnU0AG9Ss5ic5Zzc3+ps6a - Q4dv/7a1YLnvzTWf/WxeWy3V+naEVS9SOG83 - 3qqydc5VVI9dTM7dgUm+Gv0cf3JM+JXehYGK - OkQUj5A0OQYk9XizTA== ) - 300 RRSIG IPSECKEY 8 3 300 20141212121212 ( - 20121010101010 48381 example.sec. - Ts3gkpxjiQ4DT0TxAPaYjCWfVyVg5a2QErWP - YAd+8go4QDLmMz2hzg+ANapHzuht6LRNaaTU - gQlhbT5xKrgBSwcu6WRyWx5YHrR1FaMoH8DN - eq8xpzm+81A6TVpMWfzWYBd5YY2itftkiinq - ke+QFp8rRtnN9ORY5G6jn0FOIzV5fHBiaxg/ - oSVbR/Da2OP3XZlDxpzrijXJOCOkn8ROw1MM - o8o7V1XH0HpU9sFrT+gb8wp3fg02IgfBKxLW - WM7ytoZ8comdKy5HA5WzypVY7rRx49H0fVWb - 3Lokqe1tubWBQeeJBVytDIgKMwyOETX2kAW3 - SG2JJuT1qGSN5UAtog== ) + 300 RRSIG IPSECKEY 5 3 300 ( + 20181212121212 20161010101010 516 example.sec. + tjylwqmHqeA8Fd9Pfs73MTlpWZRfE0n+WYQP + Otr35nqTntkGdy09rAj5Brx1tEWn8DsMDu/h + iyLnbOePqYBXhFaCoBNVxR3/IgoTx8iz+exK + 8a+RFzJN8JTtZ2F66Bw4NKuywy3wQrUECUDm + aSdd48ut7s3venVkYsqWeOUv8YQ= ) + 300 RRSIG IPSECKEY 5 3 300 ( + 20181212121212 20161010101010 44427 example.sec. + 0zgPGp2mHOVlSqV1eSy1kMr634A/DktQ2O7j + 9rwhC8yYq/hfNvyEd/+q3j+femQ9r4KDFucT + xDalycVnQ1SVIaF398skn3YcJbUvezIvlG96 + +8hsTomnwvBul6dWQoTfeYcTjPch63XOQAz9 + lkrenfVdqrR/tD8sEe5fj8NysSPPGZYepXOm + lqTHzMRRLkecFKDIgcIGiMbaZID143t9ywek + Y7sBRR2e8V57MiKwA1n4K3cssYy8n4g3QoYs + scBGpKKYJLAoj8wSfMXxq8ne0vfWOrwkI2WD + TkyMpgyI0k0ZW2nwQa+VvSKu7VFDF+O3oKEd + 8nNAPLkm74o5Xz21bQ== ) + 300 RRSIG IPSECKEY 8 3 300 ( + 20181212121212 20161010101010 48381 example.sec. + Ggsal8D0dAgBvqf8i510LVt4FrWzK99/tf1E + IwJ1zFPGl5vdkDDUkBCDizhJ7suar1wKBae/ + 3okQQaS9oYy13BdikijxyyFiL9I3fiZ4YH50 + x/ZIDju8whbNxrExYV/xig4MrrkWLcVDBuKt + N7ZKYBpD9d1CigZ37YtRzWXL6XdRrPTkDEGp + Os4At1yjCsRisbpA35xGCHuy1Pznu7wyIe++ + +I9a2j/hJFTOsfeeTnRpNfWzQ2d7PMLglwDf + IXpmxsKQKwLgJAgCOZZgLzxUldAZuGIb5/dC + KzCcJVNai7IKpn32dOrRT/oTFXPlZBKzA7we + H3cXS39r/CtwAksnDg== ) + 300 RRSIG IPSECKEY 10 3 300 ( + 20181212121212 20161010101010 1862 example.sec. + eGibxPy14OhN6qywILDF6U2ZX0Nn6+LyxMgZ + E+GUTElgKZVj5MW4Fv/Sc9labsVFPh2jHbbM + vShcRFDeN9s2krI2xCUfwftmR3hYXnRoNCN3 + lr+ug75ePSXW7K7uo8JTyCc8IgpdrOMgQVMH + s9ap9WddvB6wcXUnSWr9PYmmtAkYGvs9VbpZ + 84lyxtXpXz/NahrToVmip7xjARVZydq+vTfh + WwZJz0NhaJKJdRUDA1kSRF99aqJqnLd21LTe + cLmCMEqtpXx17bxMXlaBUb3B7rq/BKJg4czn + UKvF78/9rEysIUpju7LxxmLSl6q8dd0dX6R4 + mHx+wJiNYMEz2tZ/PA== ) 300 NSEC sec-21.example.sec. IPSECKEY RRSIG NSEC - 300 RRSIG NSEC 5 3 300 20141212121212 ( - 20121010101010 516 example.sec. - oj0HO+ZcjJeWeNJkf4R9kYx570wwEW9BKOJj - Pf7lSydkpCusVfIlS69BBoBDEVKClw0Aofq0 - h0KEQclUX7gj5rR0lWHJISHAA/70a2DJqRvB - W3ItQ7RLen1q8zMGs7LyfNXPjrQjdrwZ80Zv - s+tDaKtZVOUMG8XIIv8thbWarWQ= ) - 300 RRSIG NSEC 5 3 300 20141212121212 ( - 20121010101010 44427 example.sec. - KJmUYgivZf5BE9CmPLcNAIfqRCkKhNbtUTuP - vnc7hgEK/ifUBwGSUIlvwg72UuTZcd2TSykZ - MUFfhWbBqcR4ejzye1IQaYEiNPW342zLnsaw - rqzYENZOMkXSAV2fJo9NrNfh9tTqijtKKqy1 - 5fEhpz4mxecFakCmnWnqXPfsCujQ9a5qvbeg - kUrBeto33SH5SG6SEnLqXlHNDc8VLLhETFzZ - Ym9LFz5m9zcd5hlETjou6xCFhoXSxg/vfqQd - joJmc7/YDGjaA+v2C6xIfPMgDke2BchoYN5V - 3ylTQP96cuPb9OdgvgdS5VVnXhHjoxRCWjHg - 7fjWU6QgASdP+1GkPw== ) - 300 RRSIG NSEC 8 3 300 20141212121212 ( - 20121010101010 48381 example.sec. - ZxY4LUFxLnczFLHPP805TWHIkwE8PREHMEBf - OAXV/F3LN5LRoG+m43ze+SelcuUkOa8JZWhO - 5SYdLyV8yzpchrmX/+/uKfX0cS8meg7DwOpv - s1vrfIxGhGGHagF/aSAlJx/chpTaS2iRLaUX - AMasPRKnFaF5Hyi6mCjbA55wMn53l2xT/KEs - dOqXqNr+oSE2BW1cnJv233K/J9kpS9mMeETV - T6KfgEUMhyYH6lbGFmplhUxFlS/7eSWh05SF - W7OMJv8oKMTZSp4EDqdEr/tc5dRwlV4RJk5C - IGf6Gmk/SCkLrLzouLOBQGks9J31Ci7wE4ja - mlcQ4CHD4osm+MCRDg== ) -_25._tcp.mail.example.sec. 300 IN NSEC ns1.example.sec. RRSIG NSEC TLSA - 300 RRSIG NSEC 5 5 300 20141212121212 ( - 20121010101010 516 example.sec. - GZUj441s800Vb4C0mUVvQfuEtkn6fhZ8+78Z - O+nVsn/EcKBhJ3+qLomFDopFGIedDMDN0bfw - 0DLFkZGlMJlYIOxhBDEmonbmmiFNiuotzlI7 - 7bBBWc881/qgSVVVP5BkZkZzCOgn/Er41aiO - AZOXRlgIeGYjZ9OZKIMqtPnVTbY= ) - 300 RRSIG NSEC 5 5 300 20141212121212 ( - 20121010101010 44427 example.sec. - T2KQtM2CUU8g1ylwdjMsIx7e2WI/j2qA/45o - DMDnSlqGNpFMFgn4l4/5wJQALE+cskBFPx2w - UTZC4W3qXBhrF/QJSW56HU0gYEq/bA7Yw3Bw - T6ClJho2693XTBZDwu3j/BP21LExqNK0nQZ9 - z074CiXUm1pTimc3K8wmrEBNT5G3dKOztd21 - ktretO7gOFDkLLCHpvweWox6zpsUdMXqC5vV - 0g4ibDzNOej28As13dtLc+7qrOphmIRYi0Gj - +4WsCtiT48ybKfM9Xq4UsspxQg8fE3ztGfJy - aKeIpW3GHehgu3Ja78udKUpGHKl9cIN8qL+8 - x5g1nx8TjwrCSp38jQ== ) - 300 RRSIG NSEC 8 5 300 20141212121212 ( - 20121010101010 48381 example.sec. - zK9ePGE0f6NcsUsrRWA73otHTWfD8uzY0yBY - vlmYoQtbc5FtnHLUYb6I4xoqYL3C2ILbpvcC - pUQxZ5daykW8mHd1iJXEsnPogqr0WBDyGOQf - ad44CCcNiJ1C0Wtk3Mn44Qe4rQE7zpZ42+MM - 1kBTMFF+dZ/1Ud+QbK9u1gAVagsutJZ2CmmE - s+heNr2TEaED+FpUUbNdCw/Fd9Mk+I3OWFVG - xrMr8Uh9g9W+d4iCVqgQ/iohGIwNBMTEsePe - +odNGQBDgl9GTv2PpgMXETtcy5wDkTwan2/j - 1DOqYiOdu4BPieVwPTfRWC1VrqI0XzQp91nV - DoWdbSntdVtQBt9yWg== ) - 300 TLSA 3 0 0 ( - 30820307308201EFA003020102020123 ) - 300 RRSIG TLSA 5 5 300 20141212121212 ( - 20121010101010 516 example.sec. - onpENNKVruacKg+VOesbEGIffNGUJlOyPqyI - gZ1F4A/qLhyYCMqnkNOQSOYXDeYTCqB/UCn7 - OzJIObaOmm5osmxlHlIALUzP2LQSnRr6qt1z - aipTHTzmVAefB39lBgSXmsEI1xvJ9/6tnwUM - EBz4oYroKxKkJjAGt/I24WOoSjg= ) - 300 RRSIG TLSA 5 5 300 20141212121212 ( - 20121010101010 44427 example.sec. - kZKszgG8KVjZNdhfWIITRr0Z7Q20RPTNrrBZ - b3Q1WXdRxAXK3w9UAcOmb7Yg6m+1y1arrmDQ - 1MuestqGpHmJntvH4rnEtz8F4BsdxX8q2Cr0 - fZ4ZzGNuH7F//0jkeSlNFPLZN9uHgQxQ0vaj - flGcgB0r3B36DomI6uj2vMGN0f8CS53o04+B - tJaqdbmR8BrRDP1KIWe968tq01yhPtrZqtYe - +WXy9bJv76fb6N0s4Ak6RZ9vH0vjik+BsblL - YIF8A1MV5kSDMzCqU4eoUvxHhc87XCUa/aC+ - sxA11oyPhMJhY8mZeqZ2xJ84myPSiNGSEEhq - OIsDfIdbQFHOCB4Qmg== ) - 300 RRSIG TLSA 8 5 300 20141212121212 ( - 20121010101010 48381 example.sec. - IH5582QvSgX9COm/HqiI1bUu8XNew1RMdjXE - leb05YrZIZ+eqoGbHOg41eCAjy830wu7qoXw - yXoXDDGt3bYxYAgKAGIQryYT0rNXDOuSeZam - /SFkd5EQmslbouQD1SMAQQ6ok331lgkIuUMq - vbWxUv3gl38c65dEeP/hqsSgvN6U6INDuzeR - tLLt5uvwC8XPBGI8O/0h39+x1GIaNpcR0mbq - Gvw9arZtvQmaGwu7TQyKyctyXNWhWUNEL+1R - TcIwbCxUbPQswgH8OZrazjs82WuPgSkdk8Vr - bfQNXl+4ZZWp35Ah3zxCeRbrt0RspF2Vh1tN - KhhMBu46kqIpDunK6Q== ) -public.example.sec. 300 IN HINFO "i386" "FreeBSD" - 300 RRSIG HINFO 5 3 300 20141212121212 ( - 20121010101010 516 example.sec. - uEfwWvVJN3COlaXZ4oM6PRnyLApSeLFyJOKf - 9t1+Ds9dTTWg/6THtVRLYwMwd6MJduAKXNFS - W8NgAv4el2gboXSGZSRFGkKDjZU/S6nLopvI - MkCeYYQuN9w3/bvR/xHB8UJcaPopzFl4t+IG - EKmKnFq6GEJOuq88Vr7VhRXxOpY= ) - 300 RRSIG HINFO 5 3 300 20141212121212 ( - 20121010101010 44427 example.sec. - p1RR/HJNu5mNCIDPE0JaJz8V6PgR3IGBF3mI - aq/FuMlFVEuJ/CQnk6lzpRjI35WAtZpfYUl/ - Vdj6WvTetDa49imIAn7zdM9pQ0LU1sZHKQ5z - m2JdU/r/fmK8QExPYCLhPEMPDTGqOFRrz6up - XiFGlmp3YA8pKxNbx69rfYELUsYbjA6+qwTQ - AaBNtcSb1l2AdS4w7bedmdzgy/rAcLljbj6f - hM2CLIoDmoIz3zO20PQ3g5l/ScSL+zZUW1NS - uOec9dzMhiNdNzdqV9fImpySkbfjdvydFu5Z - E5I3yrmNC+iTkB1ZeA4WgMSTQIOwuCo0tdup - eWp96pY5cRdo4LC1ww== ) - 300 RRSIG HINFO 8 3 300 20141212121212 ( - 20121010101010 48381 example.sec. - v4+OOdw/M4MIsBXhX32TjtQJBmB+32CDc2DC - LXqvd8g37QnMJHzEPIYAmvEsMRn1DRlB7nk6 - 7HSy2DwPNHtbu4swyYogCs7LGCbzk5aeEZbT - Mkcac/ONSZjl+kEiJUav32dp4/IySt1dG795 - nyjuzz3/4WSC/fv/QJrOWvU7eLqF/bbqQa0+ - VDZ87U2exA1gq7iIg1rKken3yAL8l1BHBfRj - oI+oozIBPInOm+wA3leZMmj2tcCzDvSGEgdf - VRB4IIx/zzdVPP4WG/DNoVJ+otM6h1APHDRj - PBKFDZhfQda8GT/R01fC8uxm8Tm5FyIgJnz7 - IQfkHNcMAXCsPo9lDw== ) - 300 LOC 55 40 15.258 N 12 41 56.378 E 9.57m 10m 10000m 10m - 300 RRSIG LOC 5 3 300 20141212121212 ( - 20121010101010 516 example.sec. - GHNspK9gS/zAz0cU8GZBU6P48xU5vOXYov+/ - STQsf4jGW4Ikbog2ns3/+4kvZQsDNIhbOAgZ - GdWMwRPGC1DWXzUw8PIpYe42Pql2O+wm0mTI - yxso4A6sV3EhSofqh07dmX9L94N/Q/X1vQyL - SPrncF+FMZCX1CnIee6iFUvDsls= ) - 300 RRSIG LOC 5 3 300 20141212121212 ( - 20121010101010 44427 example.sec. - Lb1zNgN/yVV2ziP/bXacrsBdqDNH+LS63IZF - t2R5SLbdLdSsrVlXcL+9jdNObCzqpC/H5qzQ - 3j51B0mQ5JSN1mQrIXoNsomDUSM164+Dgbpc - 76qHM4r7PNUeu5CAZ6zUGStgvfFleVC9M1Pg - Z2Zgqo9QJnN6rZcYgOjqOZX2U2i8JYrzdPnt - /e4/btWs5Im/j+4ZoAmCjjoFwsI2halDEdpZ - tS8XA+garId2+OuzW090dPJZpaR8ldB7czOd - QbPuwADNWYL98FlFA/+SOd+C5gD0Q08iBKdU - ddIzuoyKcsYwLpWLpM/6Klg3Y+7mwMn46+43 - wx5LzUkfIG97aAOk8A== ) - 300 RRSIG LOC 8 3 300 20141212121212 ( - 20121010101010 48381 example.sec. - HvUQYw8WP9/DdbJeICJFxhIpUj7VK8LMIa+C - ntxAO/1xGiq4ll449e7ylW3qdZMXo/5m8YZR - SayHpvSsAhRlfaqf6UO6CBWs3C39jr1+pB7K - dRL2RyzAs5I7kERvVR7OCqoWOXkBlqM/dSz5 - ClaWQE3md+ZMXBi//9Ico/yK6noSzyM7Lrjn - aBQUYwFJbS3xsT1rc0UtL4v4Pt5iHUjSdE/8 - 0kA9F1APb6LNZ/VTo/uGzKd5vaRFU1Z4zaN+ - zyWxrwyauKHXg+JVNbYjlbSXa3LnmKs/xlci - LzNvdXiUTHBQR+3w+s2GEMNQ7XDYtM2rYXIg - J9KF8v1CU/iQXqqy+w== ) - 300 NSEC sec-00.example.sec. HINFO LOC RRSIG NSEC - 300 RRSIG NSEC 5 3 300 20141212121212 ( - 20121010101010 516 example.sec. - qxNbV3M0mNEVBIWaQfMcf5jXPjsmKqC+bcLe - 2kM+j22RhkRYmhvhJPvw5hNSVjAZDJlkhgHo - Yu7hdpLC+xGFJ2TESRXBdiv+0+mxF0CnECJn - i0Xn3ftldu5+RFyZRPLmh//S/eSZqTTgiZ3l - nH1WrmGnM6U/ih2Z8RzdTzc97GY= ) - 300 RRSIG NSEC 5 3 300 20141212121212 ( - 20121010101010 44427 example.sec. - Tu2X+rtzL9YbC7q/TxxtxCGxslGAUXUD1eKU - +nhwSB1/p2A4ZTIVHxkKton+3OM/oCeuy/Mw - n6sEkSJRioJcWIm8J56YtMF/v+Q119WDOF94 - hf8YWuEDC0T+zB2XhLy8xcOye4K1K5wLv+UD - leifQ5jgNWtkDeC1rWHd7QH4/GNXya1OrQ4u - rMoIHn0uzuRFdP7t5KVIlqlr3I0HPdu6C5Fh - FsQC6egvKRGbpNhOw6XgT3JOvloSicX7nlER - 01roxOVY/mQGP223b6y9mgTqeekVwzrbr54Y - zceMskVpa7zamkDcjb6BdavSb0dd9fmCrtjT - xva8yelrjvIqtfYZcQ== ) - 300 RRSIG NSEC 8 3 300 20141212121212 ( - 20121010101010 48381 example.sec. - TrcPcHA41scU0PInaREU5/6/yOx7OAB8t0Ch - 96kMoEe2OXklnx8NTcX8mQs4QjEJ5ABijSoS - z2OdKI/XX5xhS6BO1DQvv0TCK1HZ/y/1pO1j - 50Q7YEUvtm3KsyABDL8ejwHgnHnJ3LE/gnrD - fHU8m58uyEIXRVz/m5yScIn+fUD44VpMuQCa - QMlUi/1yLiJfOjhUps0hcSSm/eAsa7A2wVZ1 - YWvYh74OeZgP7oDr0dzUhM7r4HETzY502h62 - 97geaIxgZiciqcfxWaziDD8X+jV7XDSOsJC3 - aSgYX8OzYibrA+F/MoumBu8sGK/Jok67qD2G - hiV7F3NQIXu+MZZEzg== ) -sec-01.example.sec. 300 IN IPSECKEY ( 10 0 1 . + 300 RRSIG NSEC 5 3 300 ( + 20181212121212 20161010101010 516 example.sec. + N+IOMKdgPX9Rr3i0bbe7pUWq0dck1PoIGnyg + FhGPQ5N9kN9SHAzJqiwyA8Wk1go/NrdRpara + UwuueTlZhOnWUFTeNZ3zHtBawrQpeVoTfdos + Ev666zh0UWfTbY7mXaF4Ypm1xSUmxC4Z/r7d + aatMwv60DefxPnsROwlx1HZocgw= ) + 300 RRSIG NSEC 5 3 300 ( + 20181212121212 20161010101010 44427 example.sec. + Ev/1PbSAmIrukwT1clYw49BaCTNH4CpUhA7L + jRNDsJ+R84lN57O/TPeB17k6YivRNh6TFNgD + SBBhtYnk6YZI4yG23h8E/PwFwSD/bXoYp8gC + NgqS7IogNgFsVyI9YorzC2ngWFHHku02CFvI + nMdA8jp+/pZwYiTB2QdBSnSCtmwoVhQo5uy6 + na4/GXeh78LEPVCdeHXHTLTdhzmqL8tNraIc + Esc0OG/548XJ7wzAxUC3AEql4iu7msFFLw0r + 5bnv9nLYNF2B1B4+fifOmleJSerlsB+qbXAP + ssV+BENJPKKtykXPv0laVw4fDOkkVL/cie+d + 8g4qmvKtu4tZesHkcw== ) + 300 RRSIG NSEC 8 3 300 ( + 20181212121212 20161010101010 48381 example.sec. + Kr8agywhkHOZGdA+1m9zYIGkKKwtGaz72FPk + l1yg9UMVgIDN2vAj9kYnexefsZ9L4jCopJMU + uGD64tXbOeVIWvxdOwwer3GtxSMxVgRhfFlc + AcS74bOXC1QNFTRsFBCAxauASH+sAml1CuKC + ysZPPWuxg3U28dHqbzalNILf8SwIy8AFsmdu + 7VYeSLqt5DslrO+xGTqZpb9L3S30MIz6TpX5 + TL20ILVOWno51Hzy3v73qLjpjeuwoXDm8V9M + 0tKP58Uh9TPW+XC7WnJ/W1NNJAd5LoZ2Rpc/ + xCY0BymxdDre6of2DOLmtwP6DqICJB6lSg/V + u8IBAJarrNfATWuPJA== ) + 300 RRSIG NSEC 10 3 300 ( + 20181212121212 20161010101010 1862 example.sec. + pbxReQlDMPgS8HZut3zOBhnpQYVc7aiT15Sl + C3mehzUrn5QvRSlQyZrnwLstg0nx423UaWqZ + uqIWXSTmkJEYGstT9B/EruBb9bc2PUSpp4vY + NcXIWHH8w6vsHUPWVOKPQHDtT5tYtK+6GC2w + dnPFtI9E1L3RyQrgPoqYz/5f/31VLyb4R65X + rMlSZX1oUO9pmHxwogfoiAyuA88hncerKkRD + CR6aVRG3DhEa7xjGn6Hxi7Wo/ZGKtaSNdYp0 + KIaiUVIxQhAFIOiuU/9nqDFgTcNw72Btpty2 + fREGSFq1bRSTk+CBJXw/UjvLnZdIwJvZ8BxK + GrkWE/rSnF+kmxGczQ== ) +sec-10.example.sec. 300 IN IPSECKEY ( 10 1 0 192.168.1.10 ) + 300 RRSIG IPSECKEY 5 3 300 ( + 20181212121212 20161010101010 516 example.sec. + AOvxiEY8HYQno1h41Kjg7P/U35XRa/EhJUYk + U/PnHwH7/aStPAn0npvZY6pOKGqzZXmGS8Le + B04NPpRU2j3/b2hlR81WvMvMU+BAdBtwct69 + gd1aG1+za4sgfiB9BQQELznuJVeo3/Zc15AP + Z/TVYG6cqZNfLw7JPORTCexavk0= ) + 300 RRSIG IPSECKEY 5 3 300 ( + 20181212121212 20161010101010 44427 example.sec. + WoLkHtWH5V2fxCwsSXli+Li1sQE8meKwDMCq + 6ZnS1r6INL68kWIsvgCOSmt360j2ZK9JvrsM + vdfOLy9+wVB75tlYWUS6aem8YwG8bSCvZwwY + OgG8BVbZNisutmmRjhUf0unGBRjiXRUWiYDj + nVnAO8rSDNWN/TXzqYMGep06pEEiBzKN2Ig0 + Mft/6Ar9vm5fAYtDcR0Jo79YByhA51Fr677a + 2p7IfVO+koTuK3MFoRLVSZGQrc7ALFu9UEaw + JbQkk5IDIlJnU8ae/Bsx+B0wgv+px4rK5i5/ + hAdk/1hECjNLI95F6hCPHTCR0Mx+lPOJPD0m + TV77HDLGqxBQ0jhIjA== ) + 300 RRSIG IPSECKEY 8 3 300 ( + 20181212121212 20161010101010 48381 example.sec. + GSBxoR9JRcThupcNlgjm/g6XTwyEAF/vHyoK + JmwH7DAgfVhwyHjVYw79PkaHGmN/sUwdenPV + Bd1GKgOUjvjHXvtO6BQ4+mSEOlCbWlHmOH2y + nFSal249NSm9eU4ab3PV7BMFPziGH6o6bhZf + Yfe756/4e0rwCKqiFIcD1wlNeGmwVnejPgz4 + i73nRVn55r+QgcC6Qby+jeZiNzLXgsLsLr9/ + q4G3Jkaa0AAXmOb7XaFpmEXuqROZzCnceGHB + 7biLR4U55rC9DgkJPTLSOzuqRn0NwfPs6e6t + R/7wClYjUt6XHjBwHqSvLiTLrlv4q65eQWq1 + ft/uhKP3iI3tXHa8cg== ) + 300 RRSIG IPSECKEY 10 3 300 ( + 20181212121212 20161010101010 1862 example.sec. + eO944SxxYuWjbMQ9XT7Yc/5C8KuphOPU/9xM + CvX0KsZMXIWMEdsjLVyyLTPFYmqpyhA82tWg + 3rOhofLSnyOo1ANoHsJ+9dwVAhw41RERhTTQ + Jzv38c/YuTyMgoPHfOafHzgLi55/3adxWsD5 + FD0CH56K4rBHKTKzpWtjyRqPqiaPCXejKQeT + Vk4XYYYpDCoEIx71Vo5TZanr6GKfSNeT89wl + wiztTRChDo7GiMQsli1YP48GQGyPm8jRU5JM + h6fJg1CaWuoxCTWX/v5+1rxcIjZQx227FVka + z9rD3n/xA2bv2DKbLlMBc2nouPIb7C3+3wrG + iNRVyhoGksoDY9F1RQ== ) + 300 NSEC sec-11.example.sec. IPSECKEY RRSIG NSEC + 300 RRSIG NSEC 5 3 300 ( + 20181212121212 20161010101010 516 example.sec. + XGhMtyCDdm4i3LcU6YgE+Cm9hVbEzUZY08Jb + 7wBByMAbO7k/x4PTrgA7Ig/cTKbS1YF+cDad + ZjIGhfljB476tAr42DiyXLbq9nYBgk5jLpIr + hk2nvvIKOThdhQRAH1FSA1XPWXt+8MRNqv2p + vqFUf0EThn2JobC61evB1FYJr2I= ) + 300 RRSIG NSEC 5 3 300 ( + 20181212121212 20161010101010 44427 example.sec. + oP5Ph4R9BnLVI3r3btH6NdWs2hznmWt/O5OG + qW2o5ttsVsjllzCV6RscxYrh/UmMCllXIhm8 + hMqFPNASCoBEorZ8AY90B3FS7zXw2pl/B628 + T1ItaRai837uBdbrv2RQ3JXYqBZEr9hLxlSj + PsDjKoy8mkVsDrI472wY+Ym301WrWl0wKDQR + 1JS7fGDtRdY0YCnx4n0K3P/04zle77Efmfij + dYALh0mlZ7JN71pfSwMapWB/JTNo7O2udWGm + rEM/zO3eJH8uXhyTe4CFzAWJM+pbdswWwxRk + 7NqHAohC/YkSf88C+aYXijCZlYJ0UdmA7nlE + SiJWqelz2nMww+zoVQ== ) + 300 RRSIG NSEC 8 3 300 ( + 20181212121212 20161010101010 48381 example.sec. + QRiKplqddN7ogKMh6qu16OSH371f6+5Cw6OD + 6A7kWvsP4s2ie8Fu9WfYyWl1qRNWd4gEYc5A + BkJa49zi7qmtDvOoZRD1KFSF6N3vKmwUbBVE + c32oxf3kQZxs0Dsp7B056Pv1BE0KaapP45Bb + 9jwsaJaO/x8muLsOjokbfsACfY/XlJ4kQGrY + z4hwJ7xm3b6SHY46Zv6XRw1TyW2CvHkx/2c+ + pg9gCCB6h2Zjn56FRQPHPcZqYMBroK/azY2B + 4+GbKTgfA/NqGdw2lf5bBi2fHziJhk6sWkh3 + RXRRYTQHMZatoehblQ1YR9Bo1F7U6qq/RI2x + Tdbe/4cHjVQCkO7t0Q== ) + 300 RRSIG NSEC 10 3 300 ( + 20181212121212 20161010101010 1862 example.sec. + VaOMaZWd4yo3vG8eFaeErZ1PjSpkKsRHNtqA + O4EKRe+0SbypAJzg7MiuXyqFoDh6wrMopq1h + MwGE0PrJUnMQYJmtAethsMpBkUtxgqZPaFaH + jHUTRhaBK87jZDKQ0R/P5gw/whPQK7DJnwkb + +4lj9ZT5bbJyJfvfX2jdl7zLEllK8ShboiqN + v7LrrQJECCsCe7PL4f4qyCKW5zY8DZyuu8Gl + ifE0+wY+8rFNnJWnRShPBivyy4evVsbgfMFw + XRqkW1yY0TGfJA4C6bloanBbREeQ0ENiR0KS + EfLjVCQqTn7UR+RMhphqYvNvCYKVIQKk7em9 + jb5HCsYAE3E5KB2hqA== ) +sec-32.example.sec. 300 IN IPSECKEY ( 10 3 2 some.name. AQO/C76MVA5WN743YYeE537SLNffRZvQ9yxo QqJP943gqs4QATtnJWHQ1SDWiRE2aXl7SJoy JAu7jaUTGKWXzStD2wpkBIJ1IZ+avxf8zxRt @@ -1222,70 +1649,94 @@ sec-01.example.sec. 300 IN IPSECKEY ( 10 br2pQnZ5ul5NCgkhhcr26IPPiZm2eww6ougs ogj6kPdSSQYZYayHzVnl8NFQ9uCwbRTryepP zZP5Vd2t ) - 300 RRSIG IPSECKEY 5 3 300 20141212121212 ( - 20121010101010 516 example.sec. - dYRRx1AlyU8o0KvNvy0mAK3jU6x+BnioMJ69 - 0YtKQdcakpyFUzlswYxhB/7YIm7CfZSFOoJA - 3ae8CkzD4sSFthM3BZjvZZZX+nRvw4lju9oV - 5SzgrhPDPnpnL9ifCtGVTWA/8vVh5dPHAZVU - zh6vl8tnKQrwmiVApLRqZu5PFMw= ) - 300 RRSIG IPSECKEY 5 3 300 20141212121212 ( - 20121010101010 44427 example.sec. - cxhg/Zu4Y7Why4ftvdVWip4dmqIqi8/qACa+ - ZdalnAbGyRAGSWAEAG19tLBtYMFX2NFF6yM1 - Em9M8e37tHmwyNLpEnTi9QWGTOs6MCkUAIIW - teCAGiWu3MQMS5QiOCAiJBddLCrV5APi+Uwb - wWavFe5RqvIPxZ1GVG0WcgdI3GabVEavPtyd - 7zSeT34J7Bd4bJxpPgXQiRWZpJkgep1e7xDT - MtEmhrUU8y2Bbt5WT3k0ARNYOh00dNjEDvpx - e/pIThrE+xySXvmOUZrvuP8V8cT73IcsMw5I - W0k2WvueLUDZEOHQrd3Yn0BFMnsVAnG/ciQB - 92Ma1s0gM+SgZwOHRg== ) - 300 RRSIG IPSECKEY 8 3 300 20141212121212 ( - 20121010101010 48381 example.sec. - YdF5IyJaQVoYlRfuldCFW5CC1qICMS4Gjrve - H5GeqLHReuDhRVe5T7X27MexaC8u5O0Z89Ua - 4O5YV14rACPv2Atzk+4wlLmVtk4Oswu30yav - NkdNIKDmvv8voJnjUkYTlDng7I7m9vNqCUn5 - Nw1ciuawIzrL4JTdFUrKFWoOEYw/c8NHBhre - 7RqJGzSbjr0Qo/Wcur4Kb2LkcuQtN9LSx9c6 - wqNmOiX5WyKaS1DDNam2RuRXsdz1oTz1brV0 - 3LtIydp7F+AHrx2d5bhtjQK/v+tccNBsIpkO - BqXrXJM0hbo7cZ0uNGSnlzjbGKzF4jqaX4pR - xM/0wkKHe4MsnLg8hg== ) - 300 NSEC sec-02.example.sec. IPSECKEY RRSIG NSEC - 300 RRSIG NSEC 5 3 300 20141212121212 ( - 20121010101010 516 example.sec. - Ny1BBKgi9V9hPIQSHbLcmLBsglGjGFiBzrCc - tSaGM7UnbNjqiq9s1h7wBl9Y9CmnIUa0s3Hn - wsf8KQkMQrg3Obq44f8a+YEs3m0Mb6KsvrMj - 46QswOwr3bXm9DXzyCwYePQmeed/w5oaOhe4 - lTVwFW7fxug5PcfIe89MLMkqIsA= ) - 300 RRSIG NSEC 5 3 300 20141212121212 ( - 20121010101010 44427 example.sec. - jEHbUbVWirjrY1WkWHojuFXqw5Nhg8zax9jX - eSQ49yBlwSnmhnEAA02IIYHyfrdnXEMztz31 - r/bNqfHn5etXoPZvxxlj9hNxR1qBO/ZfR9Cq - pzQNeAxrVP1f9xuhcZwqMPjEqFnOnkbjlcWz - vLv9Ko1HOO/ifAhMQEwviR4yU3HEdca6r9uO - tBGo+BTuoYVzQqPhIYpA4QRStWNOKgIe/cgV - Fv+fvWnYzYXY21w4yRYv0AR4rxYXtSvX0/+u - fV+/9r+fz5O6ZX23fO9GrV/P2wi64m+B84Wg - AzdkstuI8eyNuLBymjlYcCgCDMJdE9W+E5ER - ABXyXzjWDvig6jkAyw== ) - 300 RRSIG NSEC 8 3 300 20141212121212 ( - 20121010101010 48381 example.sec. - P9DCOfUpee9rYTXyA1tLCYheQDSIN8FYPee1 - 9evOBiJooO56RXM1TOBz1NxpIyaarFFG43E/ - ZheazaUogq4wPBuG6exJiNnPA/cPV/7oLRGs - odaNXU3vKyTcX1EzhxGPvawZt33dxxGBdq7F - YaCg7wAvmV0LM1oa3RVzzicdNLtBfNgO2Zzc - ra+RE2mhtiiDjpFXeWP5kVd5ck7pVy4Y6yGT - MtL1EfiMQROQj7KNsuRMbE0bIEaYmwbcv8yy - PJcs5LAd/PYijHY7iat3eyjgGm+FTDnhsH3L - VjZspLQaK9jDDZ9bWnfC7pBrMODPxkFHBFQO - NWWQkJ5f96JrMutnPA== ) -sec-31.example.sec. 300 IN IPSECKEY ( 10 3 1 some.name. + 300 RRSIG IPSECKEY 5 3 300 ( + 20181212121212 20161010101010 516 example.sec. + WFKnw31YDWLiuNfHWYZnghyxu1m3supAa1u8 + BTroxFvmWai9zunHo0n6JtQD3mwwYxPo9Vgu + FXgXuOaB/vnRqIP1gbspgc8CJd2iBMlGeLa7 + zCsXe9t8OgGL+8sLCDZpeWJiLmQPEu9+rcgA + fNP5eINMWGzZFo0O7hmEcTQ1zWw= ) + 300 RRSIG IPSECKEY 5 3 300 ( + 20181212121212 20161010101010 44427 example.sec. + dD/tZ1ANTC6FYZcfJlXBC2V8I0pvqs9bkbYm + bicN2Tdcks+BlB8NWl/muWsr2/8r08KJpN+8 + mZnOpCbLVI3wGjYaHoH4wQHfEo/W//gUGUGb + He8R/YMCh3BOjtvzwiuoePRmyyDiWUOKn0or + bL3nf6cp/9exLHdNnXe+8NV/A14Y735qGvni + k4e6lGYyZ4wexmqzj+QQ3z0glPe/iu1wUHix + 9stdCHh28DQI0SxG0U849NurrWEsBkNwA3t2 + EHuIIPtPrTADGvOD68tVhxziBGd0SyqsHpWn + vbS2QWLzWeKwIN49ePqTYMFp3JNbgR64F+ty + 77NbquNRRlKIz9wT6w== ) + 300 RRSIG IPSECKEY 8 3 300 ( + 20181212121212 20161010101010 48381 example.sec. + lr5WSXh3JBrHFzpfHiNTITkFX+z+s36o/WOV + gYc3aT+BoWPkFPFGn550rYixJZUM1az7zuGS + sTGi7y10bT57dJfw3bNqxLRzCuLO3ppmI4AT + 0xfIrrTJqm3KAyXUiXQqJ/e02eR5k3A3ptfv + uraQQaMYVzXp6RYNKojysPNleNwwjjxoZQ0M + 9VSdU7Mwbu/USQQ/T8vQPOZ+pVAyadBEFB71 + 7IbyYkcttSIUEn2vNuY06Qo7dpS8xcEdkt3N + TP5sY4tOLDAm+Pov0iGCzf5XtxqdnhA/0k0W + yxTSwMMHE3gwmjVmw8F+pUfLhEayC6BoUdME + 36tzfs4MgRzT52kGjQ== ) + 300 RRSIG IPSECKEY 10 3 300 ( + 20181212121212 20161010101010 1862 example.sec. + psHHwUHzPaXdd73twQNarWkgvihwT4qaZk0H + JL36KwsMIXacL4gYhlv4k3Yo8fTk/xz1ea7R + ZQo6RbTjotpkwXl3JKL2lBbUQgisUgBNqrm4 + bV9xcxxoeJh70xSyNsPKNRlhIiQI7S59lESy + LnmLGfM2AxjAVWIvkyAPWkusuKkE29YjQx+h + OECKQO266Aln6XWpglT17tUHqwk1pMsrSmYS + 8rhP/g9s5euVuGYMh5KA3m8fQWQCs97CVofN + hJl4B8RE8ZSCQtYVKYTAcZ8Uxl43IZGajvc0 + aYlA/iDmsm1D8Z6N1e8mcsefjJnXYMaOunsd + uVoBjKxAnLf+ko4V7A== ) + 300 NSEC sec-mixed-30.example.sec. IPSECKEY RRSIG NSEC + 300 RRSIG NSEC 5 3 300 ( + 20181212121212 20161010101010 516 example.sec. + B2rLde15M3+mnWcVSgP536sFS6jp0w2m6C9Z + COpIAxg+hFuESbnqC4KTQsjiC6D+r26r9c/F + YNy7fPlKTpG3+BfmRKvx0M48XTB7kuMZFSv+ + 3bscm8rNon7QzCan7mMaBaK2iE+B7RHJ3yWQ + lclS4/ISJS6hOe0mJWQ7MZ5USZE= ) + 300 RRSIG NSEC 5 3 300 ( + 20181212121212 20161010101010 44427 example.sec. + ZRvKcFEP5Ewm4uKrLoE3Jl7hSAKQBPNSClJ5 + GKqdQIGEgFVY2wJ9oeWrpnrBeUNKxqAUfsEX + X/8WFfkYFuJWVabi8R6MQ6PpLV361jctMXhx + zbym0NP86yuOb8RLzzZLR8h1RXWdyKcbSRY5 + BJ/bRxHwno1AKvwgSd4bOsi5jypytjaXW08s + VeKzZiiqx9CabukMS4KOqLgLBrNzyE/Kjd+l + j6SkvSAK+9ABMNWPlv03lnbo3itK7HYUTNVQ + DoX1o0MePgvYxh8A24MGZxoZMcHmxNAeUYM1 + CZ1GxbkVZ398YkI1NnvscW3DOGjoA739i/ha + 4UPgBPBEv6WAdRwGfg== ) + 300 RRSIG NSEC 8 3 300 ( + 20181212121212 20161010101010 48381 example.sec. + 04pyV9O+WCy7anxAcybbvEcSFOQp00Pq49PV + 2EwfaZwmATg1BooKXSfHepppnSJJbUAc4pm3 + PUJImhSpPQI1Xthqu0N7IGaA48a+ltps0qUu + EeZqAWxK/Un6gDt6iguqlQZnMuCPs3vY+VaO + ObHw9j7LTmbrSOQ7/wbuZEq/J1/xSU6SkePK + pp3A6DXwfhETAx3xX9CfEVYdcicptqdqF+Ci + VjLvUoTfeb3UJn5Fw9UNSD6H5UaxD8k7WVNq + b9Wy5mfRrRlu0fuHNFmVFLnnM7p2UK0+qDyf + 60a9l9V9L04HD1ttW81Hj4eWX3xNEKYl1Tj6 + NA3UYQwNU8Nnc5FF3Q== ) + 300 RRSIG NSEC 10 3 300 ( + 20181212121212 20161010101010 1862 example.sec. + beTmIlSaUs2hWD7A+TLnflYGpSTO1f7k1RAK + 4b4I8VPQnoErHap5PvXovIqIjyJz7tZgb8ht + 6sWcASJmTCm5BO6PVROlf1ZHPmNGrKz7/sVh + WnA2WVCtsY+EzJo7sAiOl/zgmiGA+cKGyx4Z + 9cTDZnYcg3oQn//ZJOJPFC/FrauNM/rDsEV0 + nAaPTP8o3Td/Z/0jbdvSa/w4F8h2V5mVLWZu + ieaPH/+xc4hRRHy+ixDZ2U9SXDpQIBJZBFNq + PTYL+ywDNrcO+fig3fGNObjpL7bbIeSauBRO + d20xkERNHSthmdjnXDdReGxdp7I8NTRTj44T + 1EMikumdg7FKVNQUoA== ) +sec-22.example.sec. 300 IN IPSECKEY ( 10 2 2 2001:2010:1::22 AQO/C76MVA5WN743YYeE537SLNffRZvQ9yxo QqJP943gqs4QATtnJWHQ1SDWiRE2aXl7SJoy JAu7jaUTGKWXzStD2wpkBIJ1IZ+avxf8zxRt @@ -1297,70 +1748,270 @@ sec-31.example.sec. 300 IN IPSECKEY ( 10 br2pQnZ5ul5NCgkhhcr26IPPiZm2eww6ougs ogj6kPdSSQYZYayHzVnl8NFQ9uCwbRTryepP zZP5Vd2t ) - 300 RRSIG IPSECKEY 5 3 300 20141212121212 ( - 20121010101010 516 example.sec. - ZAqqDBfAVkm5GAkLn0I+fY1Yh3q1P7c3953w - DHdglMo5DnBal5ezQH7c0vrI8GvJJO8fG3T5 - MUZMhTaG648LQJ1oGQdky9PREi4yrFvSQlta - 6NQgsPuAcDgtEGrKsL2IC0dMV3lkBV8OOqpz - JaI9HlxvLorGmLEEaBCNFLi4sk8= ) - 300 RRSIG IPSECKEY 5 3 300 20141212121212 ( - 20121010101010 44427 example.sec. - UZMDwvoYhyTLYr6PATsXcuZCeuBkeRXmfH2X - ishLwWnnYQ5ghMwkl4qtmn9/n5FDLwDkRtGv - iLpBEo1VNxGU2G/PAYTNaUGcULQFeGVbbAsq - v9427G8fNzGAPhqpBHRd8JRQ/eeoEA74/uKS - phs8FNUO18hEKmzol4JqchzSSIFSW9/bBaKz - Y6TkCYZtIutiBEHFRTlavgbyWqMxdXEji+Nn - Xze2v+sRi2kyaQFS7zSWBHH6VFMh0KygxCND - x5n00Sdl6aljlpuklNn75o/8iEkFdN2DsRI0 - tkVQomX6js3SgTlQ2C2FUAo05jxlxzrIfcdO - /DcAG9FRlPvHoEhOPQ== ) - 300 RRSIG IPSECKEY 8 3 300 20141212121212 ( - 20121010101010 48381 example.sec. - tnQ2kFyCF7LHz3BpVO0OVVQVkyjwq+POLBl9 - 2d7WjjkIOnpaXMQRl3PxloQ5+eaTrPejynKU - Ck5BENCxzG7RyRMi4I5ewPBgrbVL+xEpVOJ7 - 9WsL2xKhkcFpIPcqWzPzo89szXreI++xEDex - WuBWBQ5t6K0+RJROl/yoq7v/AGiIsQ0QvESH - 19YnNaXmhjBQVnU+Z7+edwMbBCZzbrq72Qp1 - PH+a4wUOeQqp0AvSm9iWrsmK0k4iKq14fHPy - 17TlC3PanW3PnG8DcRA79rBxDf2UWOcj6C+S - MVvDuJHjKHDXogWZHF4k3Np0lddMta5uTlfT - i/sXL0nKu1Ld0FWtvQ== ) - 300 NSEC sec-32.example.sec. IPSECKEY RRSIG NSEC - 300 RRSIG NSEC 5 3 300 20141212121212 ( - 20121010101010 516 example.sec. - YtGwkJFT45E5qfMwpUiGyqclXQTdgaANlprv - c11f0o6hy2U8I9bbeji2sD35xRB/gJxbeKUU - ASe5cdjJn7BuBRVpob3UItRDJMqTp1jihWEt - Z+ZUp5s0BC7gwC4C+879+I0828Y+X06NwE4L - PKt4eyZdl1EQLj1lyBKpKHxrMys= ) - 300 RRSIG NSEC 5 3 300 20141212121212 ( - 20121010101010 44427 example.sec. - 5bW1ijtao7NmBEWHKgoUg7JXjKcpz53S+LRk - vm2VG7Eo36H/3J+HZPPAwCSOLDJjh+CAa+E3 - IZyuq+GIA+0EG7otHJVtc0dN/iQs1lPjdqFj - 3qAtHIuftfcobQ5LDbFHh2r3VH0FLoaKvQYK - 8nb4Uk43FRvK3MfUvUGX0VtkUggLSktYLdJN - tqvJCKnR4ydhMwBudqiTnR61dJkTjJS+hhcs - MqGNiAFFcbNF7WZZT88hXS3we3vyyAjfPUQi - QKi2BHK6IhthQ8tDyDu0hwX7wpuTNp9++6z7 - MTRc2HsPjSyHc/1xmNFIFC3jJwjJlfZDMl8Z - 5FvTr3nq3OI4XwtKqg== ) - 300 RRSIG NSEC 8 3 300 20141212121212 ( - 20121010101010 48381 example.sec. - nEZGkAFPbQFS6bLUu4O3SzHAe/DtJs4wTFRe - LFN8SSp11JRcyPu5VdPjQ6EWNbHvmB3CWs3o - dKmsmSWtpT+fPsLPDuYjijjwXe5fefr/wRC8 - VRr3rGqC3aoXm+NuaXMEKHHOf4MeIGVCDK6D - NEjPhagr96bv04SwrL4/LqclUlXrnMbHQe/f - xvULs6IyvLMTdCgEMRQ64eJLZDIerZkEPEqb - WYqy11ViCw+ASdN5lg/cwaXOAQ/Ao6S8Lsqm - DLy1rXe4kRHgMsei7c8/X3Pre0ZU80Bv55/s - vioJUwD1wihD41+dBCU8aPaxjuyRK2uqnyun - MKn/jYFoyNLMy9+nOw== ) -sec-32.example.sec. 300 IN IPSECKEY ( 10 3 2 some.name. + 300 RRSIG IPSECKEY 5 3 300 ( + 20181212121212 20161010101010 516 example.sec. + iWhWTw7iJntB+YHQzcTxoQ+6lzzXXAS6T/w1 + JZG3YDQSfh0kHpJfaNGmZH3bA2iHbU/phU/F + DSjUCt5zu2aMaCRM4Gol8Au6BqEY3DDKfI50 + IaAy3Uw58J8f8pM+PNI49yHrVDc2ldoe1aaR + nczvy3ifuq21ZMUQJMzd+l2Sr2I= ) + 300 RRSIG IPSECKEY 5 3 300 ( + 20181212121212 20161010101010 44427 example.sec. + PNqqrfsn3yiz2jzf8Gf988KbXIQC8szY2KFY + LcYgf2+Hy+04TgSglJ5YPGUvotvfgH0n/oeZ + W/TRlj3W18zbTko63oFYw56pOVVz6SwRrz0x + swo7TP63OmgBrefaSbLW2u7hLsB4oB1MH9zN + C72vx+fDX3Pz+VolB4AP11bLZjKILgLydU5p + IMJUSWf/DVP/LictbcQkRb8bvZq2LeDZEvyE + l0sGfxrgn/0lwtRRx3VOAunOnmV4KrTSwC/8 + XJWpqFsEPftILsqscglUK8RuWMsw7ivMClAb + GbQbp1m/vfjJAT4RZQ1yU3/Q4qTSe6HX+pKx + 15TOhBSlil3I4P6xAw== ) + 300 RRSIG IPSECKEY 8 3 300 ( + 20181212121212 20161010101010 48381 example.sec. + MMoNOaud6z87L6uapJ0VfB3/R/SE1Bkp50qP + NQ2TWas4vWgB4woubS0pomneuIyVABpuYvHR + es57hgh3XK12OfYZ4c8nh/KmoJXfSNvWSBXq + 9orJHkmfDLES3djWR5zdrOSS1xIElYj4QL2S + eeV7aKR1MrkyNIUqgqK6Lqdj8oXjREpTq/C+ + H7vdw9XgQeWZn5I86cUEhjf1Ugj+w8+hQNSI + eoFnQCScI7lLO0Zn5uJg+X74/6JpguluwfAU + 8TLTdFISo89fvDkAzZQ5/WWW+XseV8doY4uf + uWL/EfOkgSVb4rJuhN4LjaDpNNwKVupXUCgC + animCObiB4dhlAfMTw== ) + 300 RRSIG IPSECKEY 10 3 300 ( + 20181212121212 20161010101010 1862 example.sec. + whhkXRVK2O3u1oR1Fvb2m3MIsZNi+6MtMjuK + +h+r5RsLVcqhiFDUZrMiqaQomt42NQJNFn5A + W0tOTudijAm7EwJyYg+m39LSJ8WJpH3Ek+po + P/PcV3nkmDCHWVzYzRixP/QIF9hTjo9SiUAy + ++jP3S6LMnfHkGFIxemxqUwO4eotrvhNgVOA + A0NA3UYMmbz5zyJcyD+Bsi5IQozB6GfaPtgi + SBrmoNm5kBKM2qW2vmCYpKTqK17kwEaVgE6R + tawaUy4lZK1Uj9O2vpWwnkJTPoeIYdducoAp + Xet/azFBTh3n3DGOuYlk8xzrtYys+/lrgl1F + 9D8eBgSO8oRB6i1jrQ== ) + 300 NSEC sec-30.example.sec. IPSECKEY RRSIG NSEC + 300 RRSIG NSEC 5 3 300 ( + 20181212121212 20161010101010 516 example.sec. + h6dh0L2hnMjLbqHnfBW7zVcux6WgU+Htbt9i + /s1xH3PYPNSB4YkqddSVkBEtFTkgZimOseEM + nPGSPPqONAluT7gIAksWCqqUltbck5xLHbww + Xv35SLvc2gVtxv3iFpxyid62D4mucIByYdvd + l+6WpWU/As4COnT7HqCwTV8y1kA= ) + 300 RRSIG NSEC 5 3 300 ( + 20181212121212 20161010101010 44427 example.sec. + u+WKYXFuvlOUudgJeALAAPscGsRZUM9+O2Z2 + XkuEAzxvZPiNxAGUg/sMOP2gVgfCrdMsKPd2 + /gWfvNyqwGF6jZHfklOJfnoy4apAa4qVrvYj + KyCBKuigzeXjSpGMgohP86e5WbqVFkeV74zz + fTYum+1VVrHAMyC1n+96A1Ssr1T8ApOx6Jwt + T+3Z2VdxxPBOyNmQLKNzVBcuM6WP/5dlypPk + BdyrqJlfZXhqTM8yG3MMOybmhYDLvz7Hmo5l + I7rNrib3k3VLg2Pg0r5X3Yoci1LXQLo36N1U + fvfApdgkP8XraiBSGIFBBq+Ouy7tDyll1HHa + S1IlxGI7+j6g0gxTEA== ) + 300 RRSIG NSEC 8 3 300 ( + 20181212121212 20161010101010 48381 example.sec. + Y+pNKoL+y01pqsQk/R3ofhx8YGTt+PkomQNk + 9NRVhI+sJH1opj8mDxSHdiw6UOHyU680eDhU + i5jcOZSFvzyk9F08EfC4+Ko9Uyl4QFK/0OtV + 0rZ+xoRwOfB3xLlkffOc80dCc2WZQit2u3+R + EYguqgNGbzuaN1BNXG42K97xeLiIU0eGv8rl + mpHs39Fzcl8JiISeaQ5rkmkvKfpABq0jxbmp + IIAJvSkxcuBtHmS54zzyUt+EVTxIRrytZNCq + 9rqdOV9C8FTfpMV2iVN2GBpH2jPClq+j8L2N + DlDg7FRdR0ydTsudKEqUWhr9562LPL5/kIcZ + 4+IdhPjndoN9zuWgRQ== ) + 300 RRSIG NSEC 10 3 300 ( + 20181212121212 20161010101010 1862 example.sec. + LNQxYEE1M3w/XlXaYlh+6TYj0tBmfAYrBAAf + Fy+H2k4RX4gn7ep/MJgYOEzYJr9kNaWWADbt + 1321oKf+FjQTe6qwYmaRz6Cynp/d6vVSliA4 + pRhr8tIsZp8vCtHLgBILFBNFgu8HUtdYL1r8 + souiajW0zNsGd6sMCpde1PAjGsJjTM2/O0ry + Ddu0QImJmbjsEWWaVx1C51ZOJgbt7zVHtfTN + mbpYEf0NKxGID+aM6t3Ih7Ab8yw5GSyYS5c5 + uBPn1IEc/JAiEjXDpjhJ2TwKbAi9w9gYny6o + 6R+bCy9ogSgtE8WfLcmbX7nqQICM+c5B+YgK + prqxsvSaDfi9Ntrjtw== ) +sec-30.example.sec. 300 IN IPSECKEY ( 10 3 0 some.name. ) + 300 RRSIG IPSECKEY 5 3 300 ( + 20181212121212 20161010101010 516 example.sec. + n1/3YCfqAJhwmG/+X907lQTAdwoc2m7S+HWY + SCB29a4Kum2jTyJ2TP5f67jAEbY+JAnUB2HL + xGQ4096yXhXORKlZQ4jbGPZ5TL7AcKzDdaIt + EoyMhB5IxYRfoSodaqHxw79CR38PzCWwcMsW + spJD3yLzAxAGRN1g3q9unxBLtDM= ) + 300 RRSIG IPSECKEY 5 3 300 ( + 20181212121212 20161010101010 44427 example.sec. + kHFdQVysC8wtp8X4Vn94KaogvEzjBoxOB/fa + NiklxzLxLFtwC4uwTvaZebNv4RLfuwtW1n+T + pfIFxMDJ7fog890mD8BKPVZwKREohTPyjuTA + tO57EyL64A9Ergqvjb2BxlXEo8q/hqn1PQ2p + 53T8wY4Bgd1BWFoB4PcvxNKU+SCcxSt85fyx + RsUOnJbY0v1aGkOJYSXFHjr3VeWsc1o8lzxN + mMO8qMwLsxbLr1kEq03FNNlFwTmpIKUojIwV + 78hI0APghgVxDrHNhKeRppuQlApkcyhDIjJd + PEmaIoZ9azP4Otmi03C+duaheiIW3fv9UKzw + 7zoZ3Wa+HXM/joa0Kw== ) + 300 RRSIG IPSECKEY 8 3 300 ( + 20181212121212 20161010101010 48381 example.sec. + dQCgAn79u7gPzfdWGaASCzI4A9lsQbeT/wFs + io+TFnqtDlhgaBH8OBjsLT9waEAuJYUbG+XM + j//s7Qkc8gUwkbWGmSWMRBdXOcLv1yJPqb77 + 6sGwNhWLyJ+wI442Ng3r6OyJw6oWm/HDwzus + aEKwTDip2qPVmP2X14CQuOhri1pNc51vOTg0 + m8M2UsOBlmGQ3mHwPgU/zxWHjwJDxf/tYQRP + 5w2uMcTdY4kdydmLjaj1vBSln1ig8d5PaXiv + eZCYPJj3+ToXtQbR1SCGksnwYTjwehfl4dq+ + 60fiEytN8jAhZBqXcd5JWuhsDe+78J55yyzt + z+tr0kBa+ClqpOvdDw== ) + 300 RRSIG IPSECKEY 10 3 300 ( + 20181212121212 20161010101010 1862 example.sec. + EV2YvMX367otPE5fj/NlAZdVU+jnKPvEG9np + FUxtF9RzEoPTffdGIALsvGTzvQ1MRQrPT1xT + dKp5sJ2yd+oAj0wMDVEHnDqcqkATFu9rV2zT + V6Ec2ACsGKCzsIvynI1cm3FyaZkRa4IUa/4o + iqdYWQbB6lvFNxlyxLsMjX1gkPE0bHYE02xF + XArlqnCmbtaXx/EWTFLiOx528p8x8ZD5MN2w + K985CA/oxOOhQc1DZ1R47ELad4a3F1/g+2hM + V5FvA3bjQ7XJyAgjYFufJSyP0N6HLINIDdj/ + xB537dxxShUB11XFzKBtafrCRLFhrQ1Ksauq + om5sY0Pm8ZtdTGfm4g== ) + 300 NSEC sec-31.example.sec. IPSECKEY RRSIG NSEC + 300 RRSIG NSEC 5 3 300 ( + 20181212121212 20161010101010 516 example.sec. + LwLKdvbnWMZOdQGkhOYN5UmFYO1jv6sCemUt + TSVg/ekhh598VJog/uPpkkyc8Z5fWDNXU7qa + qodH9o4ybxEKPTQMvNZhHGqEBO1zrFb+82YQ + 5YFBbmyHqtXZEoZsUBz83pVqenBJPvhk4fHu + I2KzloN1mll+PxwP6ITX609QfLk= ) + 300 RRSIG NSEC 5 3 300 ( + 20181212121212 20161010101010 44427 example.sec. + IiRrrSBHzcSODDc8rl99LDQ9+X42WqVLOTbs + aaECCylMz7/d3Md423p7ZbZocZuso0fbC7RS + PVPLfZGzAiiPddeb743XoH4oPTrXVShQoTpG + NZX8+9hXmaI9VRVjtelRLvR1uq6MFkUQxBR/ + FJdVv8Ms7yYgX81DAZ5X7jHJ8g46zfR5vAaY + BieizGl0POVYvgO63JI5S6Wes4C4tchMC68k + y/FXtQZ+7uOhgpJmr9gpgkHDOa17Bfshu97i + eHvaMhUbeL4V9mkGX0lnc7Fs8i9gi4p6rfx2 + cuCl/hcgFweMDRRoV9yTOnARECy2eOFeM3Yz + bDKUzBWlp67bL4HFTA== ) + 300 RRSIG NSEC 8 3 300 ( + 20181212121212 20161010101010 48381 example.sec. + t4As9gdV+R85vaKPjUKFrHfDNwe5kqREgeoM + xWqEo/jVkGBDa60UqzUutLGT7O3zjwZa0Kl1 + g4yqCuiW9VhICtUd5Q7gGnWnSGBFqfvQVrae + Fww+Pbn9xqmmeTntYtMq/OgUxrk1mdlLxY1B + p5RFleFA1OAnTn4ZDGEUWkBuMP4TillZwsKI + 4W3qMzLfieOB/gknJn9JLPKj4+hIOzUY/r7t + uNEzdpTiGP6/0YlzSjEwxzO3TuN1nrdgmnIk + oW0GTuQCfZOah7xAdYe4oZemC2u10wK84PMV + X8a8F8xWtUO90if8JEYD9o/BWBeoEUE3+5I1 + 51VUfzXGG7kVeoaW2w== ) + 300 RRSIG NSEC 10 3 300 ( + 20181212121212 20161010101010 1862 example.sec. + qSr0muO+ZSs1QIC68tsr+U4UlUtYGJ4Ygx/1 + PxoHzBTa5U642csRN4SDBL+5J0fl5tTkDYep + piPmI/wgy6wnQs8hhCkdPPaeJZZ+YjOtcTr+ + 72skfVX1z2aRRg4tWnhhRGNW1hPxYBawCZhQ + Ktg7XDCALip1trc9mns2607rKhqCjv8PoHdI + O5TQFmr4Xz1RW5Pau5bo/rZr+Qwn7mxPR1M1 + NPAuWpLJvQuaMcGq1A8IJstj3JyFLhgbwidz + hsu+WeGio80Defl9VVE1COQ3ahlgZuv4iTlT + EfQzSv68OKrn0MDRIAcE/ojVdYI7XY6HmCAm + bez0AQJM300Jxrr4Pw== ) +sec-mixed-30.example.sec. 300 IN IPSECKEY ( 10 3 0 sOme.naMe. ) + 300 RRSIG IPSECKEY 5 3 300 ( + 20181212121212 20161010101010 516 example.sec. + ENm4Dd0+Dx1N/BOYIoqlq1AbugLTxHLeNDyg + HXO8zpgL8yTaa1U7dtE04wB4vYx0v4SYpJF7 + rFafGsKaPEvRxCbbPJ1K6/cWReYq1droXdPg + YmYn2qKB+2rNqMhJsIGLhsFxJys69UJmoLoW + +5djG08e62r+UK4EzoE8oz3iGVA= ) + 300 RRSIG IPSECKEY 5 3 300 ( + 20181212121212 20161010101010 44427 example.sec. + kkk49jmaU9PcciLS1yAK93kLIVXoXrdm0MP8 + q0BKwm48RAwia+E0p8HuSNAgMrHWYkSJJHYG + QoTwBsMqBaL+6dE9+1woGa77Yu48+orUSC5L + 3Asx2tCc0A3ulYS9c9Sh5L3Uu4S8tau98FPG + VcijrWzMGN4qIh4BNVxJ+ct7AqSPdsOqK8aj + IfCZ4kUaUOYXWQeDPTfowhhk0YXBzf7P/v72 + navtsoeiAHCh7BOl502kQZ34XGkWNXnI4Kq2 + HmZ5+YdBVVQT87aVSDdZDvErWn8I6VLTaQQ0 + 8VAog0jCL5DHXpB0ESbdxlWr8PlElTe3eZgr + OFlX0SSAwEB21esr9Q== ) + 300 RRSIG IPSECKEY 8 3 300 ( + 20181212121212 20161010101010 48381 example.sec. + OLfBWi8gku1GmuWBRiMYWaH85HxHTfhbx+OB + tmzJ6k2cICoyqmJ7Uxrvbl21/Qy2evrQrq90 + X+ZS3XbcrAUN6vw6OU9cG88JeinMexRADRjX + WzaJx0JN32+9ummvyf+f3G8NtxjYQd5KLR5P + lOUv/rm7jHgcslEsTlYE49r+xrr9upoZdJ84 + 45Qy8mqjy3hcErT0X9jXV+5qscQ4Z9j679rB + eLQcLjQ3bW8IeRqgYB2+2PDUb6gcdAkAR83V + KBGbIwZeO7k82BIUSNDQIFq1IPP7+cFWdmFR + uaZlFWFgZOpSwiy3VIkC+lzktjzWsYUEymQW + 6f72cdXioDqTX2Tcyw== ) + 300 RRSIG IPSECKEY 10 3 300 ( + 20181212121212 20161010101010 1862 example.sec. + xj4OSCDJKYoJrSmmtJPj9Gcan9iXkliNoYFt + uKA+nBOIRGPq7V1ohNSksdW6fMIKEmrR0MwW + mVxxRuKPseU//i2QBCBzQBz9YbmS9/nXx6PP + UT8IOG592j8LojLxxp61oH0MB5t/cJUQ4ymd + JvVT1NjdpEj268TdaevjnQ+c0uHJVc6XLHxq + 1K4FaufpqFI4KDncMJ7EzONGLw0pSP0NZbtw + aWP9w2MVBv/pggNpS9ihNVMuEX5KjLsLVKez + eMaOdtS2kSt5vNLpwbGwtCRmQSSbb0lTos9o + opHrKzFEpULHqCTQ9CHoohJ63XlCU7nojX6s + 1gxQHC3ZQXSFhQCpSQ== ) + 300 NSEC sec-mixed-31.example.sec. IPSECKEY RRSIG NSEC + 300 RRSIG NSEC 5 3 300 ( + 20181212121212 20161010101010 516 example.sec. + KGljdH6WD8gODIrIGmNRHGdOlReJ5+aK2pxh + ACdNe/nb+uJpRflPywuYGA4q11I+6ufcLmB7 + FKjRcmbI1Mnh/5DqLNhKu7aszdjUx84/r4Xq + szLV8NDmjIyrYmNEiYjl4Z39Az91IFKblqOC + e8GTMkAeaVJRmozUpXHE0/3gd1k= ) + 300 RRSIG NSEC 5 3 300 ( + 20181212121212 20161010101010 44427 example.sec. + m09tl6HuH7v4fUkxtw8jCFRFzyVbBLkk0LvP + pVZPT/8g7HsLX3wwcD2h9dRkAdYDuJ3VSOM+ + tusDIHlKIcPfIK1fjSKv+aHQu3/dn3huRkwb + i+rp+ieNrTo66xHds7KzgR3kHtzQp5RUHoqh + K1ppHrN4yMm3KZZv7U1g5D/ED2qXxCupoYAk + UwRNgpocc3z9fjeaawtaRvUF+Qd+y6eCPU44 + f7sjbppSw4+Z6zQKPrsSCuIvs9lYaDHTf4NV + +/Ec8CbH7uKrAA8qN1dJ1gUQye9dFnES2VkH + tkAyReBxJ0EBTcdiLxf+MYHgE7JTlVILn22S + E61hzZPlZzdbHra2vg== ) + 300 RRSIG NSEC 8 3 300 ( + 20181212121212 20161010101010 48381 example.sec. + P40fI/B+2QZe63yXmyj1DiBjMixs2qTzFQsd + X+rlEvc4B2xqKjJyTQLSqqKxECXF469z1RaM + noQ0nWOXPOiQS+ITy1Nj0RwcwKBnCf4RZGyw + +0WUufZqnNfnptSUTxdp1Jh+F6AUAC+EBsTE + 6BvnBjXvpvowdF4X/izJ6DvbQfuPMtAHGVZM + d3e9DpSrDW7sh0AfB5Qc9XmNBnx5LhskBtJk + ZmoNLt0QpnsYyTfGW3zc3e+1o8CKRrxP5KR+ + nTIlH16IhLNGQYMi2URRSZcLgCROkvY0U5Jt + 7URlDL7dcu74EO6n6YyfszHLXEi4TBW5Rj6p + rH6XCaqJuB11JpDRkw== ) + 300 RRSIG NSEC 10 3 300 ( + 20181212121212 20161010101010 1862 example.sec. + MdeBeBKykG4JHZtN/pVHBM4v84pkRcTjByvU + egrKgl646PpGE9+sVjagR8DBIh12tjmQCVif + wzMmqWLAcwWVPceYOPSFn5A+rRTV1xUmDs5Q + 6CT84fUYF2tfr12eMkpwX0A3mEv1np4wMA6x + dG6QH80+7dJBisI09dwXWYnPFsJPSn54Ejnx + gZxVZ5tQPgDP9O1JsDIwfyVia4Yd+ZyqrC1z + H3W2/oraVZ8Kd+0oTzuP7U+J451WGwuQAyi2 + 616ddcs8PUDth4oFcdIowU6Xrv7AJkgYudEP + lFC0F2sFUQL/5gs1bCcseJcEar/gkYm3D6h/ + PLn0VINZFSnTYki6WA== ) +sec-mixed-31.example.sec. 300 IN IPSECKEY ( 10 3 1 Some.namE. AQO/C76MVA5WN743YYeE537SLNffRZvQ9yxo QqJP943gqs4QATtnJWHQ1SDWiRE2aXl7SJoy JAu7jaUTGKWXzStD2wpkBIJ1IZ+avxf8zxRt @@ -1372,134 +2023,94 @@ sec-32.example.sec. 300 IN IPSECKEY ( 10 br2pQnZ5ul5NCgkhhcr26IPPiZm2eww6ougs ogj6kPdSSQYZYayHzVnl8NFQ9uCwbRTryepP zZP5Vd2t ) - 300 RRSIG IPSECKEY 5 3 300 20141212121212 ( - 20121010101010 516 example.sec. - CZJn5AslpFHB5i82KpADbin+ahFv+WkS04+x - ghMl+/iKWel63pNkn6ROWFEiLYiRRcpI1R8x - pkVHgoCocBQKioGtNRicqFzaiHWmcNwVLX6R - W6mFdErpEzP67m2+dg9hrpsQ0E8dlAj29FGp - LT5agAWqb+GL39advZ7+XeFYPhk= ) - 300 RRSIG IPSECKEY 5 3 300 20141212121212 ( - 20121010101010 44427 example.sec. - JTi78vBkBuGJH+i6gjjq/7aVH0V7Lo1y/1nT - OwJOaaQGvTszXtNEgnuaZWKRP7mmMMj/EDXw - 4pY5t7uetwQsnoyBfNINevwgBvEv4xPNGly3 - bazXmlPC9WL2pHIhH5OW5ktHs0n0C/oFxCcO - IVtqBSvylx3cwN7unAFF5jSF1zgMHSubRjZL - RzAwGQbpbPi3BXg3zT970wr1XIMsMnoU129K - Ii4+mgYdxitLeLw7/eIxTYYrUMPBOpDkSQ2u - k6GU+eqTXIzZCNhXWcXKnRe1CrrLkRtRwraQ - JlCXh408v0lLo6Em0b3gjYpWxRWyAmMz+wVA - CKoQo721i+2WURHytg== ) - 300 RRSIG IPSECKEY 8 3 300 20141212121212 ( - 20121010101010 48381 example.sec. - zvwNflQYyZDVLSjAGPb/NtE4D0vB48V17Pm2 - nz2Snh63bllu4iCZwvO87DEl33L7me446rxH - /G21XZoGz8cwN7ecF40SQUv/grdpqdMPhqCu - 15+irjwTF0vthMxKJIuMRUr8xqHis/1KKxLG - Wa6Rm28BFLfMKOti+o5wRyD7iB42UfK7dWlC - SRAJxB3kk42LchLGydC12FehBE7rJl8z/O3l - cULmW5UTB/4+AsNNQM7GrhGA/zvhrxGOGksV - 0ncFq1I6na9XDYq7zZZQUAbTbaRWt/MhVcsV - W8d1Vqa9XvfC3FLlyUZq2jjAv4VSupTE2CSZ - OCx9JAqD7fMWUJU7dg== ) - 300 NSEC sec-mixed-30.example.sec. IPSECKEY RRSIG NSEC - 300 RRSIG NSEC 5 3 300 20141212121212 ( - 20121010101010 516 example.sec. - p4fImnEiq0raswfRFbjM7d8CA6WhMtdIn7RR - AmGcesf5xwgXlNcY4Uu8ac0UxxlqeNcf5+5A - AIrRraMEOPZOAC7daWoRLFgsgdKqrmZYHMpO - VxWcuyIc+5XXIFvfA5tHKUv47xq9wjJD+3+P - mVaeY7/tyBAu4OYBAaw5WfW8020= ) - 300 RRSIG NSEC 5 3 300 20141212121212 ( - 20121010101010 44427 example.sec. - HXA5QfVNaSkandKCqFcvBg0TYwdnAywDzAS4 - McM11MXxI2AUnYnRmBg0+ambJRt67P2VYw4/ - 3JlQftbTLd0r8b1Rb3yydEv0uUcfOe+AXn9f - kd8kgwutMCNYg99TDPUAAjBk4cbMXsNqu+Qv - xRPboSmONUiJ8TaHSLzLnNAOTIKbdnmq+p38 - Dh3Xtfy2o9ZtxuHlqoldQmNHTN3opt3GJOO5 - Ia/8mLJurOe9J5lDMjhSZQb/HYLRCM/1CRt0 - C3TZnqP1RkOnSDqRP7petZcTWSsENjOFIBAL - V7uCzYIQWdeRQu81V9MYFp9c4lQ6FTGElKWJ - V7DQxTRpgjS5GkHu0g== ) - 300 RRSIG NSEC 8 3 300 20141212121212 ( - 20121010101010 48381 example.sec. - dbdl0cBXuuV0G3mX7P1aMCGrJY+JXVVTVmBh - P4k8hWEp0RDWPsNV2YV002L4vz1HYIJWysDr - 58IWpQPqy+MafcippdH49we4zLIWkstE0vEA - S3qWmymBnk/ZuhucDXF/HLGs6PXj0nw0h7Qx - /6Fwnyys+pAe77k3E35Zb/+EaZ5hwFgueswm - AwE5i94SUYATd0wljjzCcEB5ougB8epWmssY - azJ608EPu6wZ3rxkgvj+bZm9oj9jpujbWzls - 95fgDTJPn7FUoXySCwa+lB/2S4GfzoWsgjF0 - ho9zhNrG1hnbjWw4GEp8rVJwsTiBxrxIcMdm - DHHX0i9yF7DkxsDWXw== ) -sec-mixed-30.example.sec. 300 IN IPSECKEY ( 10 3 0 sOme.naMe. ) - 300 RRSIG IPSECKEY 5 3 300 20141212121212 ( - 20121010101010 516 example.sec. - Yn3qB+wu6No6XErby8iIjeIUWYG79xb28NWO - v7hveY+Z6/sKErALFM5pJCJ44ih3hINUdYep - HPcLh7ePz2iwdUVGvRD54fI48HTWMtj/dn1E - qp8SsHB90wHXmIeUaTPndDhHbTtLrs6+SJWL - ZyojgMongSZvbHNWisq2MOZMujM= ) - 300 RRSIG IPSECKEY 5 3 300 20141212121212 ( - 20121010101010 44427 example.sec. - qk0vQIuCA2+o9nLprjIyyUtVOZ8Pu8UDRBYK - e9/0s6VDQIFP1n81hM9ii8gdj1ETcYYEVUXw - g4STWkNiRGtOF9x2AiZwGumgf31169sFk/jc - 654gRUQDdxQnB+qHLX9HugTGZrSvsIR5WrFm - eLe264dsniLc589N5JXWHV7iE9zEMj9zljDu - rXwj/7FptwoxDyUt/QzG8RhVjGwRduFOHbd6 - fJf/tqQ/QI4yZiYoG0S1GkkaFERX7fJSpqxd - yI/B78KW31jWevGCdt7NsuifG0f2zJ5kkmUh - jCHvKi/yiji39sGm0kSlqtaw7Q47Rx0Ihegf - mylJPYx1cnzlibGVvA== ) - 300 RRSIG IPSECKEY 8 3 300 20141212121212 ( - 20121010101010 48381 example.sec. - wrzoKA22gia0sNq83CCag0ZjaraCbvE6Vi/J - 7qeUXAuKhS0ekuYZx7SWp/hLgyUARrtQvoRM - VQmuHON4rSbmsL4ds48IpeQqcP5QqSdhAXAU - fDZSln9hvWpZpJC2dFBgE4H6tjPmZUe+116I - De/67cYRpqF6Y1VDxVjkLPmN7Tzuyjf8FF5z - prvaq21OTMBu3sBRnfAhFPwNZHf4q7+t+Lnl - rfe+koj3SdLgwNkxAA62Dj4mMCdmUT6nfC/4 - wdi2NiJzlIyzVstprwiL/ZjueOHPyKJcdeDK - jR2f2P/6AF8//pCqTH2nmKGnX/nOHeKm7eBS - h1c0ZvFhooU9N+2DJA== ) - 300 NSEC sec-mixed-31.example.sec. IPSECKEY RRSIG NSEC - 300 RRSIG NSEC 5 3 300 20141212121212 ( - 20121010101010 516 example.sec. - AC8/yz3J6AdTfTvEy+VEyV1rH5fNfz1uxBs2 - m+OHMBUZf6LpUmqf3HMRt4ymUEzZ4TXUFun+ - BCRfuVl67ryfvU7Du1VIXaIjgq1NccJFPamX - cy5bvn7VfB/XgTYCOhkirPAo4bUEN5UyP90I - JZgfxjpy7/iSB7+Gn6rbefjRTJ0= ) - 300 RRSIG NSEC 5 3 300 20141212121212 ( - 20121010101010 44427 example.sec. - lewi9S8lGbimRUFnQDXb0SG01qcbNbDbkSb+ - zjyC/CcVBEYwwtl9+z4NDXp/tR/sgGZSHkeB - bnfJD+LcQ5/GFOC2xAhbebtFZbtuhMbI2N/W - oanScK2gH43sFgihjtE8L2c301cAIPjaLzyU - p4FIMeEowVVu8louVwACKr8kMQ2txCIjMJVo - 4GblPUhx7lSIQnyF+AiKBW7qiAmlqvchtqr4 - djaCWoXIjPA9Se1Qb5V/zdrjAav0x7nSoJvI - KaslX211RgodE7zlCb30bOk3KMmQ2jU2//se - 6VhQO/qx6jKFkK4nSV4jXYpEACIhY/KrU115 - qGNs9dnFv3q2ucCLtA== ) - 300 RRSIG NSEC 8 3 300 20141212121212 ( - 20121010101010 48381 example.sec. - WW29gBQhuzzVjOwPWCwXIeewzcop7BMtMjzQ - vA5lMYTta4EAemgUksP9aBoP9jZfFhbCIhjk - WuAEE72t74236wxg3vAOfBCVVL7WrhjcXmiK - euT2D0I5EfeWzOy/izl/NbBgYwDCfiYcJGpC - 61V3XFkKR+vF//LeXQdQqf5Lhz49AeOqW5yW - VSyWXi30DomFVM9m+94RUeefNq3MuZXa026r - ON3Sui6Jfy7P2L5Nm/k3ITnYd8oz5H8UYJHp - YwPc7uSC+Cu/sNpIow+eAneJt5TUj97KVxrk - x0eDIqLmwW47vLw0kLFZ1+69vWoO06xcNDbC - 4RWHAwI/K1A35QK0Qw== ) -sec-21.example.sec. 300 IN IPSECKEY ( 10 2 1 2001:2010:1::21 + 300 RRSIG IPSECKEY 5 3 300 ( + 20181212121212 20161010101010 516 example.sec. + UZyvsV9lD3KguJJfmvxJypmy+h6VqKOoLBGQ + 3pWpY4YOSZM618hSq1M87Um8W+hzA7HYK0bw + 1UDJrtTz7V6ohTe7Rp3q4ec1fGKLLHYM8OM1 + KoAwTSMWafZukf6NmNojHMGJ+auSMhB5xOsU + DySe1nmno7NuU45sakWGvg5L+zI= ) + 300 RRSIG IPSECKEY 5 3 300 ( + 20181212121212 20161010101010 44427 example.sec. + 0iXY8/u0b+OpgoxpGTbVtHmcF6ihlqs3IZXz + O5uIozJHxJABSjKKjGZF7f0BY1Ax1VZKvxJ7 + x4wSs5hyZ68XOUCD3Zc6Ec8VdUOPA9hZa7AH + U0U6/IkEcenLjCl3rPizpQIlfzmO0tbjGM9B + zCT4l5C7VfVw46O4ybmdXKm0cL0DTo1v2x3d + b3UWDeQlkYEGSCRXS0+GFE56w9EoH8/uS+Ir + cBfvULf/Deta4UOd2el2jX6izvkedgtWdI6t + qF3yhT65zXQgxmFtLNhgRgu3JHE8rNnTzmpj + unto2AYjwDxH9IjhWvOEQCa2w4GiwKq+tT3t + tFyCjHw4eq3tZSk3bg== ) + 300 RRSIG IPSECKEY 8 3 300 ( + 20181212121212 20161010101010 48381 example.sec. + I2VIZNkZ3u+CqOu1Pr3Yh3PQH/ODvbD9RS+A + +A8TAvl2ULfcXAKq7tcmr5WTL7k+PrMC4+OK + ojdROtqsPWtMi82iAkxkCULD9Xm9pVgVJ882 + NUkHgoHe+tKijf2RFV3hCGgpxqLjEvoVNB3k + mEH283iRRxbQYDIBVTaVtHZgLDs2LzeK96ha + NMS67/+hIVCJoXZar7HCR6TeurGytCG//Tnd + VuWerWQQLo7sjB2MRtmdjarFt4ZOeQmiS/Hh + O2gvsf74MSGSb8K9FJ32GvCT+VIT3iv2Dlad + 3l+i8iAiNyPhY3f3UvxvUQVBiHyTP0IU1sv5 + EcGJCXZqP/ssqvjRHw== ) + 300 RRSIG IPSECKEY 10 3 300 ( + 20181212121212 20161010101010 1862 example.sec. + KWizoHwBtTqYSl7U2z3BlcpS2Gvb6A0ivojA + OaVwhsiZ+v7/2agZyrAaHKCvgl2yq89dC0Hf + REprexspi9z1Ru37g8B4p/3MdUsK9JP6Gn7X + 8ajHQaqaLNHS9k8LsU0Cf05a0vaH/q8MmKxy + XW8cxRqsh/1IGvN8SUaDjlBr+OyRr4YqxPsj + JBp6HKkjrLQ1M0St2JBh2IXh8jqyrii6NCM3 + H+gCzSDlREqx+nT7oSGcLpw+uAeq1OJ/L24y + E+coI82NKozyXv69uDpgr0AMirApmyoeVJCg + zSK4RxOvYSv3isKlpqzIRWTA4F6Am3lTIw9J + jKmMqt3KjMs19t7pbw== ) + 300 NSEC sec-mixed-32.example.sec. IPSECKEY RRSIG NSEC + 300 RRSIG NSEC 5 3 300 ( + 20181212121212 20161010101010 516 example.sec. + ipQjEsGLS43Fv0UrNVpJU6G3kQdY38W8PKuh + VgBEPXoyHXuIcOrLhTATdnX9MC/2LfqQJooH + G3dwa3Jh5PFN2JcUYATP9NQ1IflqxgjSq2gn + WrCKbQI5yUCXRI7WLTXu7wihKM9ptBb6i5zY + rYU35dDKPFd3Xnu0LtrrrNX7kQo= ) + 300 RRSIG NSEC 5 3 300 ( + 20181212121212 20161010101010 44427 example.sec. + xC1thQOyAPxxYdZDoiko6pb41+RWZ0TZy4YB + zeY49op+rU0q1Q2R+jnlH6Tgbudn2NQpw98V + qvE1POZ9yo2YXOIQoaOaWkCTJT2AJQNNyiHq + R3kM7uer6dyqGwXn9l3Y4RcCzqdG5+aJlgNC + r9Vb3E/tMU/AyV+mz0O3W0fNPN/zZ7VcgyGf + TrD8V799AGx2sA/xa3h9cYBxGuGpSJi73ZpI + Ear1sUHcBYMWP9HEsJsV672ntIrXSwYkhraN + W/9nTHYFgsZvyz4K2TTxLy4etd+PS0+TndLM + Q12d6TuAXU3KLDmO8RQ1SXF84LshfDPV92f6 + JbckfOa8zKPsAklprw== ) + 300 RRSIG NSEC 8 3 300 ( + 20181212121212 20161010101010 48381 example.sec. + JLD2RhURqgRnBqnNw/W0qobtvg28M4qoaIKZ + VJcsKAtw2+tvAiGbFEgN6E7nAlSd6ei0Cj1S + tGefXx9B8p1hYHnC9eE/XTzjr97YW8D3DJ/3 + F2+PL/PSYENeNzd+otcHKZFUdV1+g9rKgXjZ + +N4vX3BXvABuVOQdYwdwXrejz9u/23Qhu9zL + jiuigqafYXygE317KgVwga7VVCMgTmPsDQwc + ri9V8Sm3jeklaUm/ISx9AQt0FwylPl1qNVHH + ZZhoyvKK7Wqr3Hnl+i0tlhoL6k15I7RER9Ht + 7CzM6WOEYKUAFwsfJ8govxpeCx1fe5ZxLv88 + g+h8Ud1P5zRIdkcGCQ== ) + 300 RRSIG NSEC 10 3 300 ( + 20181212121212 20161010101010 1862 example.sec. + I5ZgJ6QGF3H6T4GJtqCxIZVmOyCEz3dw28pe + Aiuay4yVo2rEDEgAVEc1j5jAHWqasI5kNPpY + BuIEEFfcEl/1j1wCYbpivh7a691MoWgWAbsP + bT8KM/PrRKiV95axgScCT3fsDQedtuJV7XH5 + 9nPbtf72v8t650ExblZWaZV7fZ4xUi+KINfn + Wn2px6hvmEIjlm0h8m/YRBu/ujzw9q5EMW/l + kfXp/5t7d20hflEPE3FyYOjc9elrSqBTvYgZ + nbFnHy6UG1p3w1eksjot25i8XGElHlvRYXOs + x7KG8l62142tPqUrv/i2BgkLSKN3DO0CtdzB + KrvBo73gvsVNsLghHw== ) +sec-mixed-32.example.sec. 300 IN IPSECKEY ( 10 3 2 soMe.NAme. AQO/C76MVA5WN743YYeE537SLNffRZvQ9yxo QqJP943gqs4QATtnJWHQ1SDWiRE2aXl7SJoy JAu7jaUTGKWXzStD2wpkBIJ1IZ+avxf8zxRt @@ -1511,197 +2122,93 @@ sec-21.example.sec. 300 IN IPSECKEY ( 10 br2pQnZ5ul5NCgkhhcr26IPPiZm2eww6ougs ogj6kPdSSQYZYayHzVnl8NFQ9uCwbRTryepP zZP5Vd2t ) - 300 RRSIG IPSECKEY 5 3 300 20141212121212 ( - 20121010101010 516 example.sec. - h0+HIceO4TyqQTpyxId6XNOUib32igcXidZl - 7UIiHygAtYQyofUkMoYwjOuCTd5pQJe6jXyF - rcIslo9C1JDAyqcEewgLRi4/A2CEUhhmknxP - 2qJBlQJ9GiWAzK05zS5g1+Q2y++Sp0gPYJFj - VY8MXOH4C2i09/HKPb7AmGQHTMQ= ) - 300 RRSIG IPSECKEY 5 3 300 20141212121212 ( - 20121010101010 44427 example.sec. - ccAqjClDisTOEK5baQDYScY87iFiQlQtbWjc - VoI3EhQ/TUqNLwK0fIdJijxBoQtfDwhiYDHx - Ban7hV/LWOBTC93AeJDM6aF2zIODDvGeSqWz - a1z95di1mNcMLd+m/0wAc5VwscyaCSgID39v - Az6ZoawlXo7LZ9JLeekx2UXcMS65ngUM78WT - co42xwz7EC5YSR74roPBWb5Xcu6RjBa1YWrD - 5RCwwEyAJUiD/+1GlokbmWXNJOQbC/Y5b7Em - 2/DfFmYo3GvmN9mZEUSkPcXz88sazuPeMojM - JJH5A0iM7FnZtEAMho7+UGvjbOdZEUr5GpKZ - elwJ1748pZZSzeQUwg== ) - 300 RRSIG IPSECKEY 8 3 300 20141212121212 ( - 20121010101010 48381 example.sec. - dc9l4nstQkI6gbn9u78X4DfpJsvTqiswhR42 - VLckznSlTYn5UNv+pFfcAWx9cQM5HGx899xM - rzeEfXUegTZOQwCYmJWZrZsSrr4Lthigl8IW - kJ4BGEVbast5W33BjlwNACX03o4ysKn28JYQ - dhGB06g4Zfo7PNDKWMFh0Pbs2WjsvdTpk2ey - OazJ0FPAlGc3r2Xq7OVt27zc+iTZutgG8yFt - dYDuY8E525q7nlLwHAbx4zrZWyBRdg7Sw/l/ - EsPBDv2wOo+0XIpnc0lipOICAhwzUoKf37rh - Nb0TAyviQwWkhFJ6MRl7jxYivFHJQAWCU5Dq - E4zy9dwoF3zHP1pj1g== ) - 300 NSEC sec-22.example.sec. IPSECKEY RRSIG NSEC - 300 RRSIG NSEC 5 3 300 20141212121212 ( - 20121010101010 516 example.sec. - K0DNo+HfGohkx6Q2HJh6kLNEG+NW9rqVq1qy - 5i4NyR7yU9PCn8BJDWyhoG/t3EKHPGjc47n9 - ChyJi/XSywK05PiWptIb1ByL1NtocO9b64EV - 0fvi2peCm/f3njyOvDlPSJO7HP+vPZMKITb3 - heoiHXv0tX5wrV4VtJBhZcgxy6o= ) - 300 RRSIG NSEC 5 3 300 20141212121212 ( - 20121010101010 44427 example.sec. - SXlyw5BASyyMehGz6QUMAkvfExmoPQLHt/w2 - wgJ1fHXTI+SFZEV/8xeII+DjOvkUBoebEyxZ - 6PalHCEv6K6GnPbpJGNGhNwuuOucHx6FVoc/ - xmU7ArMwiZORhyoTec3izKavKG2T6mJk+rvG - Xy9xi4K2g2CE7w1anGdA8oRPag1SIwhhB3AX - Trxch8RptYk3Z19jDaHZUxCSZWrfh/oISNWn - ycdERmHrQw8BMl87Hc2cICMLYWLSgvmor19z - 4DYaqVa/IgDnS8kKwK2heUjNhhBrqOqxp3cO - 7M3bCbSadHYH1yVuv2+7rYfhfAl6clkWftvX - dqu8/+1eU3MHZw+6bQ== ) - 300 RRSIG NSEC 8 3 300 20141212121212 ( - 20121010101010 48381 example.sec. - gBq4IJtDynwz9Lx25Uu+BP0CNlKgUpDvIHvs - CYSVa8M2HvLury63U0YW6j1NP/5MMlr7Feky - jPEzMmlyXhn8WsiJiyy9pvpK4vVtVX429DJe - KwAtFjP29vpPZmjH0ZJqGTC7ojaBIE3GYiDw - 7kGqGyxLFHC64kl8xJx7CFQtA3eicKAkwB5R - uIu1d8lG3BBnjrx1i8xkdlRj2vp0YU8zjcSY - K27gYKX3uZkY5R9Y/zbwyV5PhNb5DBfLNzFg - 7lE28oevdOrlHQ/S2Tn5vEfja5bjo0Fmf1hC - ekt4+sOtUsob1hCOeaRxkYcVb+hWB9jQITNI - AibednFJmQEMr2Hn1w== ) -ns1.example.sec. 300 IN A 1.2.3.4 - 300 RRSIG A 5 3 300 20141212121212 ( - 20121010101010 516 example.sec. - Hd5lXR86upb7H8fuiGZ0kcoO5h9s4R9Y98iL - StU1pnXxG5KV/AxMlz5p3s4/u0gte7japaiN - TFyASUxbTc8w6t79jyYMLlPauutggLPgPx5b - 1DS3aFzrA/XKdTD9jJyKLkEgiYmHm1yRq9oW - U3gl2lF9kq/JTC6vHTJ6VdfR3GE= ) - 300 RRSIG A 5 3 300 20141212121212 ( - 20121010101010 44427 example.sec. - IpzshcLIMj4iWcq6jPh9fRUdHpciA2KsRhDz - 6F0SYMg9Baauc55pNMihqq5mhQvpJqGnKVHS - GEgJbEUNAxI8OBwewVyMgDdTt8R1NK3ZjFGE - 0VmtluwrEdKT9HyR45yVH0/SpFZeQTMKH9Ck - yPAuD5s53nEGHALkFFadEalyLOCSvrU1+j++ - tHCfa22+QYbh1nSQAdvzzx5jhX/mrl0Blj0t - v91hb28yoClOzGzJIQisdfn6xPAdEGW9FP9M - wENWiSO2bhIMZQNxiCpBCmAeMRdlQVPwP6BP - SsH64WQJCIGVPrL+xiJQXaIXx6aZTBeLQKB9 - RJQRDywk2cHNdji2Wg== ) - 300 RRSIG A 8 3 300 20141212121212 ( - 20121010101010 48381 example.sec. - vusjtNWhFBkOD/uIqtPS0tIByS/9SNIGDw+R - +SxcvJ5ovwZrNe0083ZOZ9nkt2+k7nWdsAw8 - MBF2Sb2EP966f4fxCI0HE/oygHvZJ6oqtF70 - IyS1CrwU8QJqoYsLFXBtprulN0fYvJk1KYff - RDfHtoae1Nmfn0tb375TBf01e+/ijpHdzlYL - rRF6eduUMgXOjstdzZb4mQIQ/UPZ18Ij86Q8 - CTSZ5BAv8EQNKPkblEUzB7IPiYlTTLIENx1p - 1lWIeZvrfufCubg1uVQZ30g2yOyexNaMT2Le - LVj00WsCuVcLRHEcxn5nQzBXZp8wZeVm9G0e - wFAsrFzRnQz+ttQXaw== ) - 300 NSEC ns2.example.sec. A RRSIG NSEC - 300 RRSIG NSEC 5 3 300 20141212121212 ( - 20121010101010 516 example.sec. - AzygrAd/tnGAb5LOZFZxs84u3VRBrHAN/z59 - e5uy/OBSa/3P7dFwlwfFHkCA02NFV+2oLO6B - WbwuK4hPwACrYZuJvw9rKa3rfYNZM1MF6fUx - FQ2p17NkSKetFR25G1dzXMzM1MlbK87EfBWb - ZXcw5e81JAvba8q6ZXCcXZz7DTk= ) - 300 RRSIG NSEC 5 3 300 20141212121212 ( - 20121010101010 44427 example.sec. - zx0VjSCfOb9ajlaLpLD8gGahBk/GYwT3J2AT - D8KZwlpCFN28TQRlPCIaqCBDlb35sTBiYU0S - 3rcJMWUGrUaDON4jmeMZZbGSASNVd+D5hcEp - hQpqN6Su8mFitflVMKIKdLnqACCXJUicb6g7 - 7SElAiesy1DuWEWMKwyyXV/X3bEHzmvdjIsB - 9T4wsCcElDQbVItnPyms0No9xrgZmpNR3UTN - yoA882da5Wi4TubusiYryzncZZQKzZzCGKZ9 - HSl+5STjx+nBvHL9ud8rLkimlzLHO5BEHrN9 - hvkzqEQkmOer+15f3iQtFoovDZhR0Qp1Ag34 - agn/nh19LtgqBFT6pg== ) - 300 RRSIG NSEC 8 3 300 20141212121212 ( - 20121010101010 48381 example.sec. - x7P+aGsZoDroKh/AaVkBzmXLIy+TC7iUzUAS - M54UOWoGjlpU5gfyo6kL41dxRk2A77yYKxN7 - HHSB/z+1u2IK0uXL/0teTgcUJ/yu+wTC21Z+ - nKc4lPNr5koIsEMgdags9Coa90rMbLp8Nk1R - mv07wjykShruY5o7q9sf+EV/slSFcUmCXfsb - zmzfor0kUrwliqzgNPpwnI3eNIGkjUF4wW+u - t1c/9Yyv25a2ViFF1V6I1BvNKFtVAkRff96p - i2LPWjaH3/ISi+8T3Um1d63ALW+M6hvKdbh/ - nrjG098f97DWL2+VrI+/bBVi1GPmzR9bdK+p - Lptct6Fg11LSqj5QJw== ) -ns2.example.sec. 300 IN A 5.6.7.8 - 300 RRSIG A 5 3 300 20141212121212 ( - 20121010101010 516 example.sec. - E99YjCcD6e1mGnx+Gxj6pFw5/ISt2SGlGoOb - XHVaa0EWF4L8jZJGgzs1P+shE5miZqvhgGMo - aUZ1RPywjUBZ4NOxZrXOIutPMi4DTcH649rx - HWhbjgBJptfYVGI3fvnL/JustEQxchOCamdi - ohnkMS8K/+9LdNcVoBbXmd2xSWw= ) - 300 RRSIG A 5 3 300 20141212121212 ( - 20121010101010 44427 example.sec. - f+xyLGM0FkJuvIsBsiOpD4S54PC78wJRGHlJ - HGeOO9Rt0ZcuFP0zqqza+8J9ddYXxzAt74ut - QhYxhoWp0Cwv/Ah2ekgX1c2SHXB7gaWiS1jm - QInH+34hG/YOfDzdBmEvcghr0SA99mfSJPcM - iTdlP6ripnqhjiaILF69P86Wp8DJgGQXeAzT - bN26F+3YePj14TdO4d1W98nMolx3ASpE7Yzk - L+v5TV86OdwnLB0qOsHEwch+NvglXLS7mDn2 - XljFd8FX4DVElTTGaWW9cwLBwwhZpz6VMx4G - mQw/nAEJ7Kp/2JYE9ma2H1dPoH7Yj/z/zRTY - +4bgonvmTaVyg8MFVA== ) - 300 RRSIG A 8 3 300 20141212121212 ( - 20121010101010 48381 example.sec. - uTBym8cXJHSj7GxGFNzqX+NL/Ys49a36kWLw - lEhjWH+z+CdEBuHRIfCQdPHe4XrUNsP9eWg9 - TspzM+g4Fd/dh8Jz7WRQ9IEnEU0qnt7HagQW - qfOsxve4ny1Pjm2oc/RICfsGTBJpqL5UwVNw - u+4bCr2ZdJwz1VZeCaFQIG+iuaAWE/zQ+xJW - e8mGvPM/VTCb3l7ZXePvE6ej3XFHfGIXqr1Q - sB/c36gw4bkFajA9/U/Ni8Su4MjxkkvZnG8n - aT7YrHXocZI0GyoQJMk3IVERc/khN00P6NO4 - 5FQR6X6U32tBn7ijOHmdd+ldt4ckdcqZB/oH - 4yjM5N+K/gt2/E4puw== ) - 300 NSEC public.example.sec. A RRSIG NSEC - 300 RRSIG NSEC 5 3 300 20141212121212 ( - 20121010101010 516 example.sec. - ldRLarLBSF8qLKnXpiWUK03lLnJ+OaDnWK1c - 60K5LY98IJSuHHuMeVw3t/NMJMUjSMBz29Ih - AJMViXc4BNr8U5kUryi3ryRtfc23PbPLGLK7 - s7GDA2Mjd2dxx87MZwP0ER8l+o3dFjwqUBC5 - jWfupB+Z12AkZtINb/BR9lAaOWg= ) - 300 RRSIG NSEC 5 3 300 20141212121212 ( - 20121010101010 44427 example.sec. - fuH2T2IDBQ+QG1zc7cPrIVSm8Wk+phIDUhUn - rT6yYtpYeAfzsDzKlAC2iqLLXIT3C4ydda7P - vNlqS0W5Xl4SkVp3M796q1rOskBK3CqM/GvT - zRcFg35bXA0GgclMKfT/N3hp4ksWA1nQokIN - oeYNY9ChZVjEitJvxW2XdjxS8gWFvHpSJvr8 - Qtk8/w0ghYl2WwmhwswDfQ6z//dgFrew9JXD - to0UEMkloBOFpmTJY7rtv5+52nRMw5wBnrgd - 4cIAeZ9Fy0QNZvXvk50DLBS+KpSzpHIs55n2 - jSLGLP6iTYSYJp3EbprqgqHrcGqno66Kb2SJ - fbtPtQo01WJn7FnWbw== ) - 300 RRSIG NSEC 8 3 300 20141212121212 ( - 20121010101010 48381 example.sec. - imdOqDzfX3ecLJahnF8nCpHIAvL95A403DFb - ccKYOYG1cdJzyYyINOcWx1WluUxQRT5PQ1Dp - 00vM5SGPwVljomtJEfxYi1uuGlGN/arwiL/L - 7bdC0TtVBBuRsxp7XWUeakJqIZNfKdA8NabR - W9+16sdD1qQKrHZtmfyA8NRd9WuT0XuUqp9i - KsMH7CvKY9X3fiym9bUz2otu1ZT/hvm22ny4 - cGQSHyZ318HoTVmzuS0HUAtT4SjInHdZOrf/ - 2HF+AMcF67HAGSQnmFVXJmpoZDowGt3HzPQ4 - ztt7F4k6C+h4kMqeamrWmt/588OdfL1E+rAM - AzXmWlHrVgaMQVw12g== ) + 300 RRSIG IPSECKEY 5 3 300 ( + 20181212121212 20161010101010 516 example.sec. + ucuaYq3+riPlg50nnHLhNfopzI3q9bPyu/Hp + OVxsp+Krmzjfxqnzr+XDVLquFQJoOFw/D9nJ + /shPPjd81rHiHVZxLpPX9tzV2FMBv+vBcX6C + /3K6WrL1qEejArcogPHrM6hdNdwEORueWq4W + T+QOTHIagvn2E5gvgu5QJpX5TJ0= ) + 300 RRSIG IPSECKEY 5 3 300 ( + 20181212121212 20161010101010 44427 example.sec. + P/gQrVcBfPomBi4TtMOPgj++Z9rBza90vAxO + 57PYV72687WO+WOz60sxs5QH+NwfSYb9ABjV + 5Kv9W1Av4EMMBSXKM/Gw8FiPV5baB21MaHjz + Qrf0LFmUWoDzEvaG8tQuwwJbBxvU4vIPzcO8 + ngwdY+C1UYOf4qGyMeZ055wKyk+ZA9xLO7Ag + sEBtDMe28H4zq3T7WI24wwz7nj/TNf44DEpG + +KJNVt76i3YHGtZKmtdEJ19zHMdkPpsGWZBN + 6FO66GXJrYtZtdssmNHb8dEMm/JhXt+0jz9Q + lh4B3Ywmi9cyj4AsqMwFdNhXM61xTsokahe5 + 0tJ20+Ig8aOWGwCUwQ== ) + 300 RRSIG IPSECKEY 8 3 300 ( + 20181212121212 20161010101010 48381 example.sec. + DewU0DqTaoYReXPJ1S+/EYaPyxyZFj7+hId1 + lhDtLSInAut0p9KaJZQSIJ3RBpZVJMoozoO4 + 3HmA4CMgBbwIJeGJ3AhaGEPLwpTDVk+PWe4U + SZoCdkK7snkyABe72NQ8sNO6FXnsU189WOln + eQzRKU00u02qOFX8yRuQGaMtk4KV+Mw9FA0K + r8RFTiwTn7V7+8r16uekK7jUcxYhCDvp6K21 + jOiFxPblSl7GlcIFAKOWEzh86KbcnvYOovNA + P6Izq0NmEDspCCiUoKT/1+TSIqn6coOivMMw + wI4/xXTLc8u6CK4XfMM8ch+OlKpewRfXneSY + VyMGz/F9huAhpg+HUg== ) + 300 RRSIG IPSECKEY 10 3 300 ( + 20181212121212 20161010101010 1862 example.sec. + cXIFojsz8lrfCktQv9cxZZbPXULytrRYyN5L + A912WJz98UCrneLxgcqw7/rTpuBqra77AoUx + lz6+qPqxQ6DWPTGcyXzfgw9XQzUtHrqsRd0f + 8E+2y5+5+8Jjc45+7lkNa1LzAWCAikZwJii/ + OhU3iE5nZeXtUPcrztbLHg/pkKE2Y4NgE8uZ + VkK8OfGHDve2gENhD+asBOBR+h9VRaicGo+u + B5TA9G/SNSEHbkJGCp6e7XFVaCg8tf/z3o6V + Yj46qtjhgwdCof9ajXQ5mM/za/JqQmmWIZDO + ysFrEDtrXBYFfJkVz1YhvbPkodDdJkW5zOMJ + epBdq0qS1tsN1pvK2w== ) + 300 NSEC sha384.example.sec. IPSECKEY RRSIG NSEC + 300 RRSIG NSEC 5 3 300 ( + 20181212121212 20161010101010 516 example.sec. + Xs1Px23rT5bBoLza06WFUJZkRkElWHQXVr+l + 2JnIlobHOLhT7cjAIvQmSbwxtF7bW9b96FVY + ZoRgBJjvn//nRbs3X6YANeWBEfVeBQxrffWp + 6puGiXbCe2RiFPNJ4YXzltcuaNbDi4jYb3KW + YTIkjeGmi6AMQmHwGMsebOnZlU8= ) + 300 RRSIG NSEC 5 3 300 ( + 20181212121212 20161010101010 44427 example.sec. + Q6N4jEM6yO7skZ5rt5KnDhmMzcck+5EYu6mr + 2kEiicgbeWFnzTg3wcCrnW9KPXLGu5fH34Ol + kIj4Ke6P7ev//k/ygscI8KQAmEKH/hV1cOhL + 5vMamczhrVp0Z/V5rHc5kIWOJMRo0tQ//ORV + alrHTS+itAdAQzF9yR1rC1f6nbRXQofIO2K5 + TEWnV6Nwb55ZZ8QZVbJbDxWOJz/bIRquMlJJ + JUfB1b5TRLqTj2jvqJaiSBVXV643ZucAfOa5 + B1UQnoxWzakMFKEkBRirxr8bw8PXujGu3P5D + wNi6aquMAj16nhUow8T7AHJBWvMo8X+pNXTL + Yf7RRYjYTSr8a8Z1vg== ) + 300 RRSIG NSEC 8 3 300 ( + 20181212121212 20161010101010 48381 example.sec. + ltspdDOlwncTQ+Gtr4OPq43xdCSnrkGlNvnE + vNpgNCI5QXYdythuOFnVvdhOTJJsoo3dVoV9 + N98FHLqgCJ2gjtHqPCe/ZfqsVKZ9BF+DHuUU + OY5xNooQrWkLxFcKbSwfl3fJgFVqy+eyw0Ii + VppS+1WEZhmhI/ib9+kBpd6/eYJkAuoVAzpJ + eXbCK9SUMEATx5+ELQtCNyS1qTMVJ+I4+I/4 + hpkiCWizgmx0miZhWpWMmffkq8RyUF7NEa0C + w9tj+Ls67bFJkzFjPXZa1YWBZcfYCWiGRsdo + EzqPW5i78B+h1NECW8tVIHPA8MPZz1dTQUNM + wPE76HikvyRfYMewSw== ) + 300 RRSIG NSEC 10 3 300 ( + 20181212121212 20161010101010 1862 example.sec. + uardZlGiJG0zPdms/JRd0M20177k5W2Crf3K + zVFlOT0//TjgJY7H3eA4rW7jQXcovVxaELFp + NovHObB7mWyNgCsQGbY+RT1eVGXgf0CuFtVN + kSjecmt5vIsJJmEzcBCR9M1hpUOj4k6NERuI + ott4o8l6FKqk9yu230fj07HAOfpfaRXTaSes + Q/rGzNOj393KEWTDZFjUDMz7nkYM1Vhrg0W6 + ooGvJIqdvgB2gWQ4j9ehdBAqsepGixFUn2oi + Gn23iozFGgtEOlvAs+2Vc5UgsMyu2ekuh5kS + NqhYo7U0X2aHiyEcGRCc1y0/X5l9KiTYIeP2 + 1RgtaE5XClR/mPxTMA== ) sec-12.example.sec. 300 IN IPSECKEY ( 10 1 2 192.168.1.12 AQO/C76MVA5WN743YYeE537SLNffRZvQ9yxo QqJP943gqs4QATtnJWHQ1SDWiRE2aXl7SJoy @@ -1714,70 +2221,186 @@ sec-12.example.sec. 300 IN IPSECKEY ( 10 br2pQnZ5ul5NCgkhhcr26IPPiZm2eww6ougs ogj6kPdSSQYZYayHzVnl8NFQ9uCwbRTryepP zZP5Vd2t ) - 300 RRSIG IPSECKEY 5 3 300 20141212121212 ( - 20121010101010 516 example.sec. - Bp3Y98+B6Rgsy39TcRw3TPRmbXBGGBQTaXvi - oSywo/qBfkfoJgRYSxq0SffMHq9AstMAaoqT - VY1dSGloMJeF4J/VV9m5XWTtLoSB9fPLLOM+ - JFYHtpYGQBLrkDvlLR0mMyiHLMB58YJ4qgVY - /swU//Bmf+ivf3OZAC9PAFJmh6k= ) - 300 RRSIG IPSECKEY 5 3 300 20141212121212 ( - 20121010101010 44427 example.sec. - TEoklx8wcff5wNwRdU49/WvfLb6V/NiVbJuE - 7oWtSL2Djp1w4/Mo+p/mLk/UzcbQLxBU3TUO - jOWKsBxUrfhIn4O+6L27/7fKXlK4RbTsvWBI - RhSlj9/bVzpJzHZY86BNWQLJ2XJg13foQkLh - k2rm/s4lLvsdCJBhhf8yqhl9YpabrvvVKs8B - riGfZtfJRq817quPoG3bEHj+FS3SlrSP+wVX - aDlGrLJgMs2Jdo8koRnmq2bC14o7fB3Sb3C1 - NqTyoVv4y4ORrfIUVfPHto5U4BJm1KNx7/6e - qlP4BGkfYIseNRRAc0YHwTmY/qEh5OXh1VT+ - hHzexvbXkSdaNvsFDA== ) - 300 RRSIG IPSECKEY 8 3 300 20141212121212 ( - 20121010101010 48381 example.sec. - oKaq8JJMlTF6r9L9UypicA5tJ1FZ6lgEKXVg - yRjHyngziDDwetCumeu0spZ2gIYhlZ6+iO9e - bzLyaisD2/cX1TTwtHpOXdnLBmazdDK0N2Nc - thodwl/rn3Iw2IWUvArb7NFiM7G7H9XEy9Dc - KPXYj3NwXlbx45dzlaWcfeOcrphFdQfjqch7 - WiCpeGoF4iWYCdwPOUXkLmETwzn16x8f7t+A - 5yr0ou8EuNquAvPFZ7238w7g0K+jJAkiPq9u - PDzPEqf1XcFqhJtHgfOWSYtVY0BVF8gKmmdJ - iDmEoHE/u1cuaUaXw8u1e0f+mqahIykFVXLN - Hw1SuDZ692Rzej0JkA== ) + 300 RRSIG IPSECKEY 5 3 300 ( + 20181212121212 20161010101010 516 example.sec. + sp9cM4vtiPCYR/q/zjEFQMvp4Lae8VwcFoBS + zVP1vbXrfLGjECmS29PS9w2EuSgG65ufsjsH + ewjCQxXtbhS3GbkqW6T+BczchuTbxVPoeiwJ + SpA1Nka3LhheDRznREFNi67LFe7T6WgqX9ji + Fay7JIEKjO+dQcZyeFbPDn3GvSw= ) + 300 RRSIG IPSECKEY 5 3 300 ( + 20181212121212 20161010101010 44427 example.sec. + HH0l3riJtHnVsJ7e5mlYEP2K7gvsHo8H55qb + k0itDJkpeCwnIPuXB4iOnoZYtcwecOTES3ir + 71J2wcdZFXp/ZDpM+u5ZxRhutSKU6kDk25ug + k/yl/nNg8ea++Bzmf6OB+tTZ4yaCySIy5X3R + 7uIDisCQ5LJ3wkYCAP8z1h6gMdkJjITHa1+P + hsGi2x9QuDOUcxxOPTvmLZyVdgnMN3K0ViUb + PTqVqvj5dn7pOLreyQve4/iwaBfxlUtsXO+i + wtzsyhb5Bd7y+1vHVbxvKGGY0gIF7cKovgkp + NDh75Thkrg4oMJtTrqDRO9A+S0OtxQcN/osK + FRxby5ILfQAKeN8oSw== ) + 300 RRSIG IPSECKEY 8 3 300 ( + 20181212121212 20161010101010 48381 example.sec. + flRzj3hURIHk9DLH1t7hTsOmyY4DIlTBP8qF + rRGpDnjsbyFBw2+FQfxWaoqAc3hbaYZXyZ87 + r1QnZczUZoceroe9Y+45dMhy37xgtI0fNMC8 + sKCAX8Ph79yVdhekiBYcWp7XZPjKI3rP2I8M + OrOMhBc0OYKk+Eo+RWPdv3TI3Fhbi70phUPV + nFJAkDOVdusNwXwPJDVFBXVxT5yvtkgCdlc4 + nf/LYKHHnafWNxEhnnnuCR8o8y0PnnL/sc5D + U1JFg9+nZRcgIhqffjZ4xOhCkjYYFnQ/1SCR + K9u2F6XChf0sZlSrl8BYw3VjGyYRxM5X5R1W + VunDRGfcKEVeJbtJug== ) + 300 RRSIG IPSECKEY 10 3 300 ( + 20181212121212 20161010101010 1862 example.sec. + F8yPUuB27JKYxQS9NOMLHulFa9BUPUXfVzum + paCTXKJWp2YjOhoOwYj5+oNzelYqhiB5Cn6w + oG6eYA3MiD4ZdEHpnw4ogWTN/MNVRIMoMOKx + XE/iwM3QRSM7I++0eaIV16VuAKqLukJs3X7O + ETsL9snQuMl+qFGkchJ/kGh5+Zgk6t3shsPi + LnPIBM16Ts8xyIThJUrJ/mpA05fYx+ZdMyby + aJCRAPhUzEcxe0c2scMyHTE0clrMGDdpmLcE + ensARJyNuLIT+ikbkGudHTxNqgwxQ+16fZav + ERlPx9Q1pSMFKtDFfyaqnSHeYBrB5PLijy7d + rt40jwVeWtlVOGr27g== ) 300 NSEC sec-20.example.sec. IPSECKEY RRSIG NSEC - 300 RRSIG NSEC 5 3 300 20141212121212 ( - 20121010101010 516 example.sec. - AkRa3kAjknF3xBG0FiCOWdgvKUXTsjJQYZ3w - vH6hKtIw6iJLIHXBuw8ip09IXWvaYxYZboNV - r4M4bsg7dOArDvwWvKxXVzY1qLv/l+CzpWLF - H97Uhdv8oOvgfB50Va6zdwnm8NYWpSyZR8Sp - sUNRN42iDIx68g4DC0iXY73l3kM= ) - 300 RRSIG NSEC 5 3 300 20141212121212 ( - 20121010101010 44427 example.sec. - z9SmmJ/i05AcUl2tl/kWmOFrScWGIErE3xyP - K6PJs/oFSH3qGsgS14Cx3nqARFkQujuxIVkX - H1mtu3uWnMa5q35cVgBym3ud9BLPtQDx4sGI - 1bmkl5xh3Bi90xfx5fz4e8ziV7BGn7mvEKSl - l/ea7Gfa5yc3LmPUUbRHrHYJujuyX+d46hS7 - KQ/haDf9shBoXt+/IWcQBT3azgwEZuiM+Csf - uyn2YyXxDJZpmzfOCL5dO/Hjh7yBAi+rc4jL - UdDrfplO2L3JDSXnY5abOwADAqbnUS7wUt9S - 3EuGrQkmwDapvcph6dx5LXZRbsMMcJ3FwSJR - /rTeK+ifClOZqxqbvQ== ) - 300 RRSIG NSEC 8 3 300 20141212121212 ( - 20121010101010 48381 example.sec. - GIjekPGJYOhERvkHNWc9eHrhjjyZccZe29Hw - MEgxNRnoGXrPEscbrR2L3JX0BqGdwp4DzoTn - ho1sbUQ77W0TaI12r+h0/jQjVlIvBgFUNMgT - 4myQiUK2ubBg1mMjNkq/QYbZmgfuLahPXor6 - UmefhMkR8tfzPJT9kBTxtWiEgbuJhwMGydPZ - zRoc9x+iH9xDu/nY8HFKAKmzoDtR/e6/AlPF - SBeF4nJe/YdglvNKeDUl4QKtE2spGnQlhvaY - eR9saXai7ErBF6q8oU7Bn0qDz0gI6qMFzBg2 - IoJDqOe2PMg6OiNIm18Dwab80SiPggUxPhH1 - XFwi/+vLRM+P30Lszg== ) -sec-mixed-32.example.sec. 300 IN IPSECKEY ( 10 3 2 soMe.NAme. + 300 RRSIG NSEC 5 3 300 ( + 20181212121212 20161010101010 516 example.sec. + P4JeTGEPJ0b/373X144T/ZU1TzwnnLrUvsEL + l9sR9gT86yKszFKMwIvjBtY3zMvYwTzVR5KF + DTEf0xTXK1SGbXzHc4vLtz6/qRtwr7efaa+7 + kkeEt/FZ6r++YCUYF3pJ62VRYmyjJp1aWIn3 + 64qXmpCbXLCTTtugcSmcjK1eGn8= ) + 300 RRSIG NSEC 5 3 300 ( + 20181212121212 20161010101010 44427 example.sec. + s6+Evh5RDlAvlfTNNe9++eRiqH4G8F59coJu + vFxHznIuDOBguVPmvVF62ESw+xgi40zw/QCL + /Qn6y3tWEVrIvvmzNno97ZZ2r0hafRYxug0Z + GDweMrck7Ax0a/mfYyrKII0A5xUZP0BNpNGo + KOq9DKeO9M9h3rOkzUt8/K5U1GUjpb0trpWC + mwyHpP93vFS6BVzvtwVjxOm4XvX7Chzw7W9S + SHN1QLOJCEOAdc3+EA0h/aqIo7Hah7DXWBOX + esGcKCEJQfMwuiHQG4u9bLUvyd9tTsiA1J0S + iFuvppcsaBgAPw3f8mIvMXGT8L9XXppUl3MC + CUvkRDk+GcmXUOvMqQ== ) + 300 RRSIG NSEC 8 3 300 ( + 20181212121212 20161010101010 48381 example.sec. + vcAtprqLVI83SUYywC/qG+ZGOXbif+uIti6K + 3Nr5NzTRo9ZrkwrmnWMQPirkSFki6abodNhQ + LNIWKjqpssw47wwjJ2HZPLpjGd2VWk0D+Iiq + fteggBTkVEfw/mJZ02MUejOzBSVt4pW0y9BU + Gwr1461niz+v7WUtYcLUV3DWUwZ2nmXE9qWd + tC5zzfYBJYEnkTm7WRYSrOG2GKLZIxS/2D+i + SRrY+KaL9hBUcWusK+vFJ3OFEaq3RHOVCBpG + +ZyDAVSZAgsn7ObuEiLswuFD753b5ieteBfV + 2U5inlw6bHGRSctaq95TMiqKtgbgKyWaDyAN + DKaBMdRGg098GH+zZA== ) + 300 RRSIG NSEC 10 3 300 ( + 20181212121212 20161010101010 1862 example.sec. + L4jH5AxKcqyy8U7Di0m7MmmosO9e05fN37ZJ + Bwkmg1Gf6k3Nv3nK+oaQyPgusHLnZAO8/V8m + LY392PAo6mn5c8Jq2wxZFRV4splx+N6dGt5m + bdaWZbUNqtTKgvfJhdPJFIxsJrm/c/iFit1A + LFyQnRXFtZJXlH8+akFlYMwNxiY9tL9vbNhg + MkjB8kKj38mfZ2cZB4/CN+bFyObjoIriF7jh + MAWl62M1TA60zdmCSRGq70ACFZ1ttJxE47mh + 35OjlitMeW+9q5s8J7mIq+z8i7Bt+zYAivVx + saaJvKaKpXDMit1pnJ0W7UuAGGD5YCixFKXm + esrszfQpnoX8JqWTow== ) +c93f1e400f26708f98cb19d936620da35eec8f72e57f9eec01c1afd6._smimecert.example.com.example.sec. 300 IN NSEC delegation.example.sec. RRSIG NSEC SMIMEA + 300 RRSIG NSEC 5 6 300 ( + 20181212121212 20161010101010 516 example.sec. + jC5HX6U+DvUztGWPsCcqzRPGCx7618IEcZnZ + AXNH3Bs1HgTnP71z7+H5d8Oy7l500MOEA6+M + aJ31XH9xYUfrcE8l03i1Fs5qynB0NW22Knm6 + I9mipv1L3Z52OPRQdgQGNzOEml81fopAm9u8 + B6DZs141OOirem0et1qfozSnCXI= ) + 300 RRSIG NSEC 5 6 300 ( + 20181212121212 20161010101010 44427 example.sec. + w6ukkiN/1Z9sH+8stG6WDsem+0oF/Vd8aD2y + QYyP1uX4ICjgYNDMwUDc48v5zJU4zsT/IGXJ + zSnys7VqjawHb9j6TouvtaW3lFTC9/Lfez/2 + SeeKqbyWCJKQzMIo3YoUG1V8nHbOb7zDqGsk + 6QFjPpy/uArLudiIezdc4azqud+JUpDhh80T + t7fHRBB3mGTn1HVziwEJiQ6N0YiZEzEEuU4q + ltgsQUhwOgbM+ZzKc0wyYeI2rUteO9IGOPgk + PBMFTZolO08FA1z9/8ZtGlKvel6eHg5HuXn8 + WjfEcj3HPNpE4XFN/aKh/P5inuNocuTZeiUQ + BzRwmiwjfRafwMddpQ== ) + 300 RRSIG NSEC 8 6 300 ( + 20181212121212 20161010101010 48381 example.sec. + Ro2XNWTeWt8KuDq6UMwWkcQU+NdboYP5VoG0 + ldzWcRyMPGj1EOOT/vhDaehi9wp843nty4bt + jIGReezourFpjHBG1TkGXexqLgx+1H74Bl4j + XMs9DIKzFlXOkk8W554NG1bdQDOlrbtlM8pL + zBO7sI91WbhKpJSABJR3rksNhDlwt+HzbN0G + 58+tiH3YLDdEgzs6yBPtkJTVp8N22EtEmesr + RppiFOSPlubRZF90c1S44Kw2fBSpYZJ1hdGL + NCx2fYO0e+oOF6scvS9DRrxnHyd4PwYfQDyH + R4UcoVchhIbh3n0bi8T4F7teUT1LAYQadjpW + KrfRqL8aB4nzyUT0sQ== ) + 300 RRSIG NSEC 10 6 300 ( + 20181212121212 20161010101010 1862 example.sec. + Zr1faE3PrEg+05hjB0Rrkbgg4TNuR40PSBIc + 7iK8h7ItSP1hhAdUuaKvLAscHHlxfu5OR2AW + GpsKIa3LSwdD8eOaSBgzmTCS0tBXrhtoEPn3 + e/sFB4uuOyo6NTBHLcbW1d8Fzg4JbvFHDNkw + P1sUVUcy5qmaJeKLDWAEwYyksaigvJXDYOqf + KEIYBecpm6Yw3Cld4weJBtulA2zS0i5mN1DL + SqR/ML1etHNJxOJzRE3ps9IVaIlQye4YGFl2 + MaXmI+yS4fvqyc15fqnduo9ZO/Bo4Qb/rHF0 + rdCz+sasUPqOvkEG1mWxDiWtMwQH/l5qXPvV + 5qjTYcLhRFGHPRaOUQ== ) + 300 SMIMEA 1 1 2 ( + 92003BA34942DC74152E2F2C408D29ECA5A5 + 20E7F2E06BB944F4DCA346BAF63C1B177615 + D466F6C4B71C216A50292BD58C9EBDD2F74E + 38FE51FFD48C43326CBC ) + 300 RRSIG SMIMEA 5 6 300 ( + 20181212121212 20161010101010 516 example.sec. + rgcYP4gQoJrfpOnvqi/eJ8BZwFy7UHQhoptr + j8lf0hnxSPAytI84DHpse5o5E3kqJzfemhzV + H7B/JZcR2/ELkaBM0HlVLZ2Hj5B9sUtoZo05 + W0019NkcsSW42KX4g3XXyniwM61Ibr/NtLvp + xxZkGpnECcSxdKvjYc0Qbkbjwrs= ) + 300 RRSIG SMIMEA 5 6 300 ( + 20181212121212 20161010101010 44427 example.sec. + nJQgbeNHvf1819+EGoOqapsmoPdB+rKscTp1 + pT260UL4EdvWGeZKuowKUwRHGktKkbk8yjwu + eZWH3VedfFUYSAP75IR/jZFQy7bSRK0/u+iV + uuwL0Rgbl8n5mGWGJk7/lyiSosfeYklKeBu+ + 4JcO8wIjMSpb2+IgY3VEO5ykw66En/YfcM/O + OXYpOAiHL8l5kYzTxQYhtquAZtw+TZ89CLiY + B7Al2KvM7M6fh7jk84Q3sjMQbUNF3MI2mkzn + xfTzZ+gE5D5FrKtMSE2kauVOvjerDsUUz8Y4 + O3cp6gldUOwSezlYWA+T84w6Phh9vMUjEBW5 + 536uxZaQslhKqXWGGQ== ) + 300 RRSIG SMIMEA 8 6 300 ( + 20181212121212 20161010101010 48381 example.sec. + S5Cs6tXyQ/3d53vtCxPuVi8b8w2wKjK4ZFNS + ttOHnIDk1hV7xdAIqcbjyRBQjowFdp2huIBP + ZWtdNoEFvUEqWTzl9jU4eapLmyAr3HzLvJsY + Ajajx0BcRyT+gf04UOe+lnHbsbh3/zPCmqs4 + 3aYQBnHZNnR+hIvtWYE3sUHQw8jFB9zcR/0a + K0MGO4uamGKMI9ixq6bO5YIZ86hROnk9T8Mg + r++C2ZI6e7vQrjqSuU/0c+3k1f+YucX/b8N4 + 0rX7rdsuA97Yw4717y7srrG2eyuc+sBlfHD3 + fUS5ZNAF7hCqlgR0PaPJyhrx0VSDW5L8hp8y + Yv5jse1Pj6t4zJrQlA== ) + 300 RRSIG SMIMEA 10 6 300 ( + 20181212121212 20161010101010 1862 example.sec. + juY0ypbmPM0AU056OcCLf9TVzKC20tlEE9oo + RMDh2qsq4yYccb8kO/H0GerBDgO7PNUV7dV2 + ryw6EFvzj0Tg9BWUYymnk1OV2gwRjFNRLCJI + mc1akWOUYsZL1NJvkX967bPoDDCZMphO1R0G + 7Z47JnYwPjGRAHBVUdZSk33+ENVrpXtFbDJW + K5yALboYV4/XJ0/4KNOrteOdNwe+yRVJcxBm + GJzI/lsIEZ3ujqDWgqtPCIJfEMU+n1/jAiuX + v0vefSuHBlr0oryuUIgT5lkh+oKauzibYeHV + mNfYj+VbDFn8RjqtBlyBiUOLWQWooxAhr2Ej + h8uTAWMWRp3o5XOnnQ== ) +sec-31.example.sec. 300 IN IPSECKEY ( 10 3 1 some.name. AQO/C76MVA5WN743YYeE537SLNffRZvQ9yxo QqJP943gqs4QATtnJWHQ1SDWiRE2aXl7SJoy JAu7jaUTGKWXzStD2wpkBIJ1IZ+avxf8zxRt @@ -1789,269 +2412,584 @@ sec-mixed-32.example.sec. 300 IN IPSECKE br2pQnZ5ul5NCgkhhcr26IPPiZm2eww6ougs ogj6kPdSSQYZYayHzVnl8NFQ9uCwbRTryepP zZP5Vd2t ) - 300 RRSIG IPSECKEY 5 3 300 20141212121212 ( - 20121010101010 516 example.sec. - Q98uLQa4yiNx20mu2+eKuoDUIp1trGYoPIfh - 2xjpF3LdJPKf7IWHRrKg/83mS/ZIUYMpubTc - UReFmBU+H8m2cNT52dgy5J2HDzsi32oj+0c5 - rryu8ukq4w3WVCNfMB40HryiJfpo0xyxOlcY - pxA8T0H3pzxxF00PLsD6qEpzXLg= ) - 300 RRSIG IPSECKEY 5 3 300 20141212121212 ( - 20121010101010 44427 example.sec. - huDnVbUefzBpcL2koVKRLUDwoT1xGgkNCCyC - yreQ+VQyJPUOUPYmW76xSugebDPTus0l0dkO - 6hzK2qH8WpTz48toCPndNLojiF2cIxZwAbDh - h9A2icNe9ho3Hr30WlzRCqtTOPkOW9AOcGHZ - wRANW/DQhwE4ibCUWx6BuXxlljcujJPfQqbr - pzG+jLg9Dw6ZygpjpHXv71cbEEWWNnoJgbfm - ijyE1R6mXBZWY6S2TPDfd4qyhWbnzH5caqfc - 5TD5eAoDnnE1NmPKFg3+gQua/BTYaZeGksxr - tmbNOo2QndPX60eeR1Kn4ujxBf0nKa7GfAse - D7sX00LaW7kx/rXdaQ== ) - 300 RRSIG IPSECKEY 8 3 300 20141212121212 ( - 20121010101010 48381 example.sec. - xQIef/xGr81KqkEpNwIBHGKKg7c8Rup2Z116 - 60nevwq1tvbTSZCj7i88gVtgVAbdiDC21Tbb - 4Kd7gTsvX2s9oDV5xYTxL/UHP8xbDjiTaAFz - 201G5nCx+VLywFvUgjKr1Yu4YT9/aJ2XUkgj - tLKXobQX9lNytKCBThPYrIxTdQmYaPzUy3D0 - hxboqhEgJ2AiKD5qZLhWw0o2CrhoAwsdZIjJ - rXsV68psRR7inaHQ3OdPtdwCIMx7MyZKECEZ - JEGveLqrR+NU0RqgltL6tSfPSZin2suDX/sd - otLdkc2RrLyAM/eYP8x9TS3hvhKy3pJKJiKB - bLDYyfw0AFdS/Vfq4A== ) - 300 NSEC sha384.example.sec. IPSECKEY RRSIG NSEC - 300 RRSIG NSEC 5 3 300 20141212121212 ( - 20121010101010 516 example.sec. - ZBIHK5XwJUX6lZIbqgOQWklBK9mls54IJ9T/ - 2q295urzRl/qT9mJk+7NXNMpu97K6DttQu74 - 7g43pAvQNVORxsP0AfM7c/DeB41IZwXAJ+oy - 3VjtID+jSd+6HUJhvOEbvrB36kCxXTMk/Kdv - 5Zl+fiHzWLazPtJPtKTjyi6FZn4= ) - 300 RRSIG NSEC 5 3 300 20141212121212 ( - 20121010101010 44427 example.sec. - vnAbysWbBoMXN/4Iy8KSlLHxhXRRbzHkZA9m - q8VlXoyVjbz3xgmGsK87/ztkaAl8mHnYc2kS - qUZ21JpX8vFgY8exGU4GszPK+AdfUfdVcxsk - x2oNVtkpOqte0SVNtHd3IaatHywBdNE5571z - /DhHJytQKOd8AbSOW1B277/mu6c9jKHZdYwu - VEgboqW46QhKwyso7CjQYzUqi/9T2m8zN4iE - z7qcSHac8Ro2F+FpcGxtIyu2Z41W7Czk37ck - 4IE9psNkgb4rEyY2YbWTHKIcnuscmlhqT+vg - g3boKmOV15rKH2NvJzgrAaWJsxcjW0p7zNzu - oHvx1TH44vAXzXJZoA== ) - 300 RRSIG NSEC 8 3 300 20141212121212 ( - 20121010101010 48381 example.sec. - dgFnpZutgO50gp4PhC0a5rHQyjPQorrKpMT2 - bHElABlUdLlSZL2dyn8iQrDhT75M1c9iuGmO - rnlq9jAEB4he88v3HPRW1EHNJFl3MFWBoSIH - xYZHDrrq2DT1LFFwJrjCgiH7yg61L7FoV+T3 - PpIPN8yUaM2zXmuOup0XT/oRFuB7T5liwvtG - /M5v0G8ge4dbmRavN8mQSEwFDyE/ZQlGINXt - llQVyw2GkXf8eMERQyGeNVvV+lRo/w2zWyQI - XHE/3iA6atYJzk/YJooVTDskfbRjU/GaVgju - DpzoA/gm8m2LRJk1F3FWYO86JG66XXCjcq0n - 0kzyTrKi8iTNjaGbgQ== ) -lets.introduce.some.empty.terminals.example.sec. 300 IN CNAME example.sec. - 300 RRSIG CNAME 5 7 300 20141212121212 ( - 20121010101010 516 example.sec. - nKij8bJe39EFqF17wJ675A/Ez7cBoT6hHUW2 - L6xdmeXOwyDsGI9e7PbVD54j8N3saCScDXz4 - ItQqJIeAd0q22tGXFXQ+kQQRgLVPOTNS7IdH - 957LABHKO21kZkzwVGF3/GL99RJqCYSfFZmz - LX7DQ9Za4nBS4d9AUiMhXRyIgeE= ) - 300 RRSIG CNAME 5 7 300 20141212121212 ( - 20121010101010 44427 example.sec. - Fp/KiTvkjNtPQh/qaR5EOvjKIc12ozI6sfg8 - r4nPTi6JUFILNkfUTU9+47O0zk/0a7MmTrHZ - iZY+6urd8H+nr8RVBgW6b768z0oYUCuJV41q - GVuPooxRG5qfQLkNdUMehWIeGHPNFCKXGuYB - VqZnzR1JYktVmk/X+IduNCVUdkikgjpCfz6y - 7m2J41uauMjWDlynA5G7PZYUBFt+WwXv9Ck4 - /t3+BJwdJZzAxHX1tM3U/vnkEFzNIxWu2dng - U/A4F8YyPNff5Gfdbun4zq25Ex5mG20hCJDp - TCWlcpCJfd5ROil4VWDNrirdklsVj9frkBc1 - EOA4dQ7nb2FFz5ysTw== ) - 300 RRSIG CNAME 8 7 300 20141212121212 ( - 20121010101010 48381 example.sec. - k6ck+Rrg0dFu8Z3TeskkbTbdLTTL8ByI6qhJ - bRA8XimCd1qCO6Q8fUod2q2cq9KGfHc8z6S2 - c/+5TFWjzHOxfZbLEnGrQj7HMXtcAK31YHWp - SpZ9ucDWPbBU3NEfh4BQZmrB8NOkkCnZ/xDB - mjIlWc0Y9tTa5gRePaC3IegPPTQENNhUuEOF - DMvZKQsA+2pXSwrNtNvSXlRxGKLCPOvTF/al - iEnxnYuLjCl0EdYmgbKoG2wuTdZcCqyamqL3 - EYqJjr9OmTI0LPTy5oBGPrUxFyaYHhvGa4rC - wXiLjK3KxpcYZfsDjr+nkrZXldHaCPX/KQ6w - ANsJ7JyBxUXR4GJyYw== ) - 300 NSEC www.example.sec. CNAME RRSIG NSEC - 300 RRSIG NSEC 5 7 300 20141212121212 ( - 20121010101010 516 example.sec. - lYo1pIcvD8vscR0PVPNW45w6uOPEQGBrjr6N - rKyygzb5h+dJiiZuUdQL03oxI0dl11Ezh/G3 - ocF81ndZMHrEnG5ERuKftI9vvAvkYr+DnFDc - D0N0tIfHzB35qp2AQnhNQY/RQ+i1ZSflOw9D - /8rOkoBQSlPAnCpIyGbmddEVcFA= ) - 300 RRSIG NSEC 5 7 300 20141212121212 ( - 20121010101010 44427 example.sec. - XmqQZjep1qmAHIYIQTnzVk4PTeKoqT2ih0yS - O32LiLcnGTpJZ+y+cdlvLUs6LqZaThePOqtw - foOCOYdMWSKWCCKXwonpwKEPocjt/C8v7tep - so7KOdEX0suWxbDOJP8TMzdNht147RwMXP07 - N/TedkKA9Hs14fEYEoiK/y73KKDz2ckxTRIX - rxqeZ7ZJfGTXuK/PxAfAtgJS5nBkGJSDKM6f - ykym+QKrBe0ANqVZdbykaP3I0WR21d29Wg9p - qA+sh7SA2g/waj29e7Qd5NfbMis9AfU7lQrk - me4g7N3u5U9e+FsDRsNItwASl8c/5e7CrA5A - 5mkKaTua5ovvwkonxg== ) - 300 RRSIG NSEC 8 7 300 20141212121212 ( - 20121010101010 48381 example.sec. - wtjR2qaqRvPjQBaTH2JgjhjWsnEZfN8qcPq2 - Afjx1LqD3f1purYgNXtZhlqyHWs87qksqPbO - rykcGMB8TZ2VpByJS6yXB7LtRaM6SO9yGfPy - 8b3Ki9bDsRuXRC2Ie0HStJW2rDuELlBJj1Mp - gKYUUCLrWJ4OCaF8/Xm72zmJDkzN3rMzThTZ - /6XY8tYBnXwKgnrWn9J+VT720pDwFy7pok2B - os2HTAO5WY3Zvl+20B/jkE/ebfkhTsWGHFob - ENUAukxaaDbPtXuyg4MKreaje2wh+Iu3PWqb - efFTG/pnsfLYTG+pXAnb4uzt75K50Ze0TUB3 - +Y3ZTANyeYApZkXo1g== ) -jumphost.example.sec. 300 IN SSHFP 2 1 ( - 123456789ABCDEF67890123456789ABCDEF6 - 7890 ) - 300 RRSIG SSHFP 5 3 300 20141212121212 ( - 20121010101010 516 example.sec. - WtF4ZiPXqdAu94QyYts0GKM31E2y8xOJg4wa - jPpkZI7WEyQOx4uwILRnpmkSjC6cS+ksRBC5 - lgnLtsR+ZsZNCcOIZMZrsMQcGm21/DI93HxR - J+i2jCVQwiYws8hguupSahtrwGYlnwF0fn8l - D5RJryJFZQGHQKii316GQWIJ5fc= ) - 300 RRSIG SSHFP 5 3 300 20141212121212 ( - 20121010101010 44427 example.sec. - PzecZqU6DRFSEWJ1dfx/CGlIlRFdgu+Wjgo+ - s7SedJVgGCLrCxhx/lbBbcnExjTiCHDi6/Wt - q0R8OtyUVXvqyKMUwr1f59AEBzWO9GbXs5fr - eqRD2h229Y3o6aVMKHl8hsJUYjxyFCBqNuvR - kFSPQuAJaUF+uQefB4pDiVl1aSJnZDCi6T5G - +pTUyF6Ttr6b9VVsR2EUdwzqF01JyqRNgzZM - hkmfwCQsBfJd9rGh3qCm/9iYVaCVEkNVX1T8 - jVVhLm3UOhUEJwmi8IjRyCA7RJsLQmXkRrmw - AX7nROqRienYjw0Ztm0/VGbJPw1HOm3zAuHu - QtxtWTABc3j/C5hLdw== ) - 300 RRSIG SSHFP 8 3 300 20141212121212 ( - 20121010101010 48381 example.sec. - zhh18mu+feoq55Ddkkg03SIJQ/gbqN32ppia - +WKE3jBbBaEaWLJ/wP65WHqIyDu25zctg5g0 - m87Z1BbDaaH4WQK4Joh5tLd1bZzvMAUOPip+ - X66G3vwE1PXBLJNzjB2c2WZhOXbsghdBXmm8 - RJbysUS/vH7JMNRZUTF/tSRSGOtlJkDbqAeh - KS7dd+m5StDlxP3Etv9zPW9tA+n0VxUhkCox - 9kags6TtEPf6j8acS3HhYUhEJRqVjH3vEBy4 - xhYhkX8Es1K1md5HY0RoKL3z5NSkVj32yMTk - vaFYtg/yhKLlSQsX/Hn75rOjgCDoxTBCj9EH - q/hHLW7UmO77w5RFvg== ) - 300 NSEC mail.example.sec. SSHFP RRSIG NSEC - 300 RRSIG NSEC 5 3 300 20141212121212 ( - 20121010101010 516 example.sec. - L3vgFTbZOLeRq1I+RVhl5jOAPHTgKlKkr8Lk - ChyFcsWnYoaNdNSkotTSKoWW85T0SRwktH4d - BCexiVcc+pzODo9/SkCpFKgkZ+3Q3aC82mo8 - rt3qjmgLOeeobCLj3X+lgLZRHqw96d+aRpq7 - Jna2ZA963cUv5CGkRW1vUNDWwqo= ) - 300 RRSIG NSEC 5 3 300 20141212121212 ( - 20121010101010 44427 example.sec. - Y07ocMMI0+fY8gCwsPEbdzDtwKdma7+JRKXT - 9DMUx1hmcS7YxW53TrIMCW8gA9snXnSJjG0h - /aP0OuFrJvZ2xUUAmpYAsdyw+HoeZtwFb3rg - YJRL94Up6MVzNX89UsNYPvtvP7vEpebnYxzc - gzbOcjnV9F9NPHj86Gr1hT1A8dOarbKVFLTs - J3yXWalgG+qy51qhzThgimMUci3sNpFuKfG2 - 4SGCGIOt2rW8OulNuAFQzTg3zmR/mkVm+vip - 2KVIZ6kre+Ka+fR0A7tZP+4U5xSaZXMh5h3K - YiuDaxUmWZSc6sCU0nJHtsB/HIxTi958T0Am - Scq72LK4IqpAfqSazQ== ) - 300 RRSIG NSEC 8 3 300 20141212121212 ( - 20121010101010 48381 example.sec. - CbV2wVqT7r81G8rqWPnda5iHqPaUwVAqoDyW - zKQhbAj8ydnufTHODju4PV98alGuQCC50yQ5 - KBHZu5enOTQ/MKiAcL4O0QQ76/OQ1Lw8HIa4 - FtkArpipm9h3AFnFoYfq9wS6xmweX21SrNmG - phgrqYtR7pvjBXlh0O1kZG1h3fRaiF0nA8jt - 1ZzkMhMCgiFubEDQCVhygbkucFmSSo31HSCC - ChwGnjLXj40HKvpNg4TUE/f7eUnQDeq95A9N - O8YoVcNkcVTxx0hbSlW6Q8O06Dryf6c/NEVj - lXgHRwxIsLEC2AqPbNuXVCN7A1z0aVLfTFxF - hNFwOEnZfExmu5BOsA== ) -sha384.example.sec. 300 IN NS ns1.example.sec. - 300 IN NS ns2.example.sec. - 3600 DS 10771 14 4 ( - 72D7B62976CE06438E9C0BF319013CF801F0 - 9ECC84B8D7E9495F27E305C6A9B0563A9B5F - 4D288405C3008A946DF983D6 ) - 3600 RRSIG DS 5 3 3600 20141212121212 ( - 20121010101010 516 example.sec. - RlSITzGdbUeiO/X6i7jPSTliXXzr/zw0l9MJ - rc4VzGC0dcGGeDYG1ZWodAL+pM/VZmS1O1hJ - 8qqgmih6wk/6J1Mo1xFHNOsdQydLPbhb6ziD - aWc/yVfCUWH3bs972JM3VLCKRutNEu+aVrqH - D4GBx6a1ydJtsbAzKmwZ6UntJTo= ) - 3600 RRSIG DS 5 3 3600 20141212121212 ( - 20121010101010 44427 example.sec. - 5zkHCXkdljvaiL0IbpLxipLO/bs7qKegn4aS - 3XY95f7aCH9jsuKh2uDBDveJkyU5TCLLjwq6 - RxqPpYxykXvt9x7ezi2ErTxeJ+BPg6t7kBQ4 - LkORMTBcZeGX8i8GDD3ENR5VcdyrTueDiWBx - Pgcs8l1N8yXs9o9Z2e6yiWCP3dGpzUsjcTWF - iIBuMdSROEoB4lTI5+uLPoYu13odCisP7f2n - uZcCJyIrnmsUAO/3gYaP+Rn4tJ4f3rYyIFa+ - 1dqimIVAlkPM48NWFLT+mQ9G0yJG2qApvjni - xjjR7H8iZjfkokn7v8oYD+s659sZ1p+ZtQEa - V/KtryLRnftxfi486A== ) - 3600 RRSIG DS 8 3 3600 20141212121212 ( - 20121010101010 48381 example.sec. - oXm3VWAtTniky4PqghkkVdndrSxviZ9vWIeg - k/bjcAKeMyFViCuYZNwtKyq/GiDPKTjK+43x - iH5hFzBiMZ4xLfSZULvh6koONQN5UP/UyjGo - oAqayihsnpAd3jNt9vDRwHvkD3Nj7eg/JTU2 - kQIIIYzsmCbAj34mnglaSep0Ms/Az37lzPs5 - hYWFeW4k9fvD5QNkIWM5lJ1BsdNwVBpgLJw8 - r+oXjy+d217hTSU5BzsWrUH+GQT731pk1neN - k3JWQ7zh3YgydJLjk5ajhj+hxfCgoCgE6Bc9 - xlBKNJ6Rh1JfIRBt5IfHkheMTRD+xZO4hZVw - +QDVTvnhNjmV2sQnFA== ) - 300 NSEC lets.introduce.some.empty.terminals.example.sec. NS DS RRSIG NSEC - 300 RRSIG NSEC 5 3 300 20141212121212 ( - 20121010101010 516 example.sec. - rC7wuuLqhJ6l+bW/sKlAHte1NWIb/JwiNHAB - wrGHvEIeEXH/qG1rKuMYK3QjeUkIC2oiMXjj - xodTvxPHsSMxqwSavndf5bJeMdJjJ7UaY8KV - EmcuUlXP5Mbb0TyxER07MVIbJW54X5DpM0bl - 03Bgsnw7SpG+W2AlvwIWZqJ8Xwk= ) - 300 RRSIG NSEC 5 3 300 20141212121212 ( - 20121010101010 44427 example.sec. - 57QM/Ng2WsIIgVJ9f8FMCB99pw2Q2zP8NBcl - GWycLFxgEEIrpQ5+MZo6oORsChrvORQU7rlv - xEaLgEkfO6vS9aqXxBP60TSOL5k5XXtQb1Kf - dCvZTU6CHWjGy4ofynCMjEJWTaKAXe6lhaHn - HBnKhnTw6Kd/CzimHJAhFOISyiBwN/bjjwcJ - mzXZaYS7mZqw+syBbUmInFrxgfvmKMZvOjPm - mEUPq23UdpDgL6NEHPsGEr6dt1ae//xCu7Y7 - Nq/q4ZiB+eQ0A6u/FSo5NZo5b8+ndZfgsTTL - dF3T5VUzvZ9LY1mMmda5+QtVMF3l+uM51Y3N - oMCURZ8o9y1kRgOe8g== ) - 300 RRSIG NSEC 8 3 300 20141212121212 ( - 20121010101010 48381 example.sec. - rkUcLynqN37zmLl+S5Yu47n4OAHo0NKRFLUW - VIODdVqV+HNl2wimJpmkusOmZielq+O9xjWp - erdffAJ24MYAXObqaFSHizIRoMZVW0HwGVV9 - zhuAjqVFGESd5Leen7sJ/B2Ari9Q1SPFyejT - YvLVeFNcqqYK4AZi64q56waNfA7kWKgyCx6a - crsYPNIYzcZHVtmuv11PWH7xKsZwqpU2wFMR - h8rtjJb8qEYo4MmNNtXCmdj80Cq0haTuqv7n - ESJH17445IDjvrs49q3ibTqzDTh68IwpJhca - G2VPTAWdtpdx/q/CIAuSHRLxU93OrMTUHPqi - gPFvVeDTxcPucgzQIA== ) -sec-mixed-31.example.sec. 300 IN IPSECKEY ( 10 3 1 Some.namE. + 300 RRSIG IPSECKEY 5 3 300 ( + 20181212121212 20161010101010 516 example.sec. + o1OyseVi+rnXv5XphFpoyn1S9RA/oBLaMDz1 + j6EtIxKzPc9hoECBQh/7FjSTweGkdhMbkaTJ + AH//72vBj9kpWbBlU/A+cRkbookTsPJNW84t + hfQaZEeVDK6tGxFuLjfu95kJKcncDZsEyhaS + JUua7gyEBDy4sfyrLojVCT6jIdE= ) + 300 RRSIG IPSECKEY 5 3 300 ( + 20181212121212 20161010101010 44427 example.sec. + pK4pQ2/wxYAm2h//CXEp1otFBem3RsL2MOAs + 1mMVT4JOKwg/LML0GwrNddfPUEjO7k9Nau6M + 1B+Av2iir5zCdYaqi0o1JLKYX9atUEm0wXo8 + ZMZ2X8BqoFcfThvnZt6vd3nGc50wDj82tLJv + 7YlZm4iNz5qVD1AgWPXcy81U77eT4D14vhUX + OpMq6lWzHA9TCXQLtPthLNawJGY6lGYlYGh0 + pwWrYhddfNhiKyWOzjnfLrt6axJbqGJ4LJ85 + 7e5y22AablBRqPCLR28czCWeNgx4hVpPbiIX + dcepLQiOUY2WFBsoFzwXWyt/VE68aR7wLRUZ + X0nNt/m2XkruNu8X1g== ) + 300 RRSIG IPSECKEY 8 3 300 ( + 20181212121212 20161010101010 48381 example.sec. + vaoSbgs4NxC7/obO43g0MeMpYYoISPjhIH6t + WS2u/k4h+Wwpa+dZB3QGGqtl5zAy5A8xd/ph + veyY3ElY/CiRwbDcnZIIqVIrhmN8OiQyWl4P + +lIlmCWwq7aw1Mp+PtyVdmRx0tKLRVVUGr76 + cxXtPYoHBZM9iGDuR/sBp9ne7Qx5xoqy5COY + PYZ99ks/6y3ZnHl5QfKEKuLUGIUuop2LLiOs + vNHJXORcW2gBsbtIbj29px74u4ZA7vcD9f+d + LR1+4PW5PcPuA8dr+r4BX28VhSmhdizqlC6k + gO2KbVplKfrmo1dC2ttQoDAYhko+AARt9g9t + iEzQnveDN75dlK+VNg== ) + 300 RRSIG IPSECKEY 10 3 300 ( + 20181212121212 20161010101010 1862 example.sec. + oThQbYNemKxbcxmw1LBjlqLe3bZdpe4fd2ho + AQBRN9QUpvrOP1eLrDSH6lp0OHXz7nHE26tI + biFbLByyCfh/Bi/6VYwdGh9Q1s2g7YbU8Nru + +eLuwbgPe0xpyM9TlLN/uRIkCYeQOEdcLrit + 7j+vUTCcp6B/o0swUhemn6lxkZLQwouY1A4j + zXVUp+9Qqa0ffNtRnPR7Ho+aBY6hx8pBbg2J + 89wyQ0tu1a8teHTDIQRnnfy3gwObHFYSGBn6 + avIHcxPmlFwMERx0tNJAHIkhp96cliSFGgqt + BDdiVvKXmTxxtGNtFPfAyORs8l2h2KE63rTZ + UQHwlF1iELN138njUw== ) + 300 NSEC sec-32.example.sec. IPSECKEY RRSIG NSEC + 300 RRSIG NSEC 5 3 300 ( + 20181212121212 20161010101010 516 example.sec. + cvjaA3Qs8UpY6JPG5FbfaZX0j5RWXo5jaJiZ + wU8Cz2hPpA9L/GvAT5ww+esIlU6oDej4TeH+ + gnTcsJ+nZg/+dSAMIuF8G6EEDEHTwdiY6/zX + WQqgfA8wMfpnZ+8rpBprseoNH5MDhVxVQ7k2 + U4w9u5xXgNhhOtTBM+gKi1B9qyo= ) + 300 RRSIG NSEC 5 3 300 ( + 20181212121212 20161010101010 44427 example.sec. + re9WL+24ilv6l7mqsL6U4stMfiIOjB3YxECL + mIfroRgqskpuz1E3/amZm2MrSqilm4Ejdg01 + DLypB/3piihQDew/IggKbYvR6fHfPacHt1J2 + Mhe57xoFWixS7tWTM2FrWJNq8/LJTdEpOhsR + rWk0Dk1jBR6qFljcu8QZoHHt44Hn7h4aEXv5 + WdXfKO+1fRMW15QOhbWyU8YvCORfrtXQ32BI + 2D35FgEpWI6gLZcs9iW97H1zx8XeMXeLzRBg + sLv4fLJ5gJOc9Reoa9uaSOyefHH462Bq7Y4q + Fy8zz7lwU59Hruqy050vJ55So5Fb8KY7MMDZ + jV7OIJBfupbEvmGDTw== ) + 300 RRSIG NSEC 8 3 300 ( + 20181212121212 20161010101010 48381 example.sec. + wtVkLK9GQZfFEzUGK1sq7o0q/HbxY+nOt9F4 + gm+5o41jCQup3t5dkLkfBhsGqbrIAR+xymUo + pjIoseU1hKKDRM7pWTd+b51gMyKgmhenKyWS + 9RrOt1Q0fChEoVr+XgWE9/HhWRpPRp9dTLVx + k6FDiKR/5GxPfJIFQSXXRff6TyBVTdkXYdNQ + dZAT6s5p6VkaJPgpvnnHBsNs2new9/v7KuXu + jAHPIkhdZDvq8NV5/K166txQLE759/6PVnhH + D05wQZFoLa+2WBNKL3jdCiiodmyw9khdxvhl + 4f4pG4A6txIptb7QdOc0czbDzOiEqCx99cMl + shOZ5LLz4n8vVLOiAQ== ) + 300 RRSIG NSEC 10 3 300 ( + 20181212121212 20161010101010 1862 example.sec. + Cy3wrexPHDOGUJa8ogxhOfvqwUKSshpHVwG/ + DkHA/TPDr9pR/MVY2tQU3tsTKMKXgxxkagbh + 4fhdimu3dUcAHOTf6OcfFM2D1GPqxBhHgVJJ + H6Z6KdGIwMpCap1fgvMkarPaVe484s5owwwG + sqbq1/4XtGCCmlDK4KE9zBgYm0zPMZd2ZZOm + cV46n9oYoUR97pLO64PrM+dZ1Y+zW1R9QIyg + WTo9afOZ/IC64eun5dMw52ZbS6513WX/72Vl + AwqMTmfYmwlC29JSgSQVQtZtVs4QMlFcdmQH + uiY7lI42K0tn6autonajT94rIT7xbN6t/yF+ + fnRPfoMIJ5T5NONFiA== ) +public.example.sec. 300 IN HINFO "i386" "FreeBSD" + 300 RRSIG HINFO 5 3 300 ( + 20181212121212 20161010101010 516 example.sec. + HYDUN0tUGAuzK5EPKkYI1dKQ9xu5isKcKIYp + bGgrn1M5XLh+jx7oNzGlJxtl3wrfoNNH1Wbx + A0qKHanznYIeIiEAdEVy+e5VMRl74D32ant4 + guuFPJTVV3lGu6D1RDy+5EzUGEQoTEhKVA40 + g22QkfKE6n4sSlmQyxxd6rUUAiQ= ) + 300 RRSIG HINFO 5 3 300 ( + 20181212121212 20161010101010 44427 example.sec. + OQBSWTqQk7yo7xGQEzTEXYqwPNziSwDiWRQk + L111w9lAGjLqJmvcI7WhIIjzbtArXWHiCv+b + jM8eKLRpsiwpfA2SF9lv9JF9aUMBHxIH9zFI + xpW+i7x/xZ8Qa7okflF7woGZeDYoo/Py46o2 + PY5XKK/e+sWfW/cN4eNb1heEkR78BcEUQo15 + tv84iuEb/L+UuMS3c3U32/jgt9GSpXoX1vdl + DQw4X4VJGjRV4XWQVlOTbX6aGFEwGE6VQRj/ + i4wyfakpdKML8rnlp/FA2XW/5rEED7qWCK+7 + DbLTuuYPBxqLQvMA63KQqsfBiTJ0ZKMR3VTi + XFrkYahoAlLv+cIo6g== ) + 300 RRSIG HINFO 8 3 300 ( + 20181212121212 20161010101010 48381 example.sec. + yg668jHohtmU/dhqNYteS4MmACOo1ErZmAzm + eR7yP4mX9cBV4s7l+0ro8cFDKGCowr6IoHCA + emS6vfHFDmHx3NdIqeJWBDsovCNVCX0RAHcn + DNOfTWy2gp0P3kClzegSXl5RVK6F8n+1uzfs + GnZGjA5OyNsMByr0DtGfAHvBvcbNC+tGyoxO + VVh3hNEzWuu1HbEEpKHVla2SHGEUUCHvGbBh + c7NcIc2WZNzIgjqah5vUhgj2fccImxzQfxvC + hQaHNcOGQ41GKS1QW42lKiertl6ivqZuhjH5 + CYQdyA4Mj9VyvF8tLRXIfDyl4Et7NXLKxTT9 + l0OemRyGnWw+BTdHNw== ) + 300 RRSIG HINFO 10 3 300 ( + 20181212121212 20161010101010 1862 example.sec. + bzKDbXyrkazWFhXhWhfsMcWtY6wTcg035fZU + 18rgZ1fAHQsfgRmtD5BiFOa+JVW3snT+eLJK + 9U9m+vHeSUyQkNbnxrl0s7RSny2oXbNRes8P + y+cknM3g2mmr4JNXOlAe+kwm6TdzdH4DuUm2 + mK3KfFgtagnWHu/j6wE4tHYEuGAgrX7uYVpO + ffalQ1AFO0pyhFmnErk2E072JYSrpAfi/8Fk + lE33sBAr4SmFr1KHnJTrO/WVaAAZhRJqUgbx + eWkzBXwiWwJPkZ0PDY7aYJeHXLLuNz6gECZz + DpY55ofOEFYLNpSo/qZH0DACfZW0cf5MyyHR + zMlkokhK/XcmmEv+LA== ) + 300 LOC 55 40 15.258 N 12 41 56.378 E 9.57m 10m 10000m 10m + 300 RRSIG LOC 5 3 300 ( + 20181212121212 20161010101010 516 example.sec. + U1RcS2POfW/akAGCD9RNOSr9MtqE8ZL646mQ + xFUNJWsgOCnc+w47XqB0ohbTMIDL+JSxiZYk + bgcX/9y5OwCR7eyy6drWE8J8Wqs0hbYQXVHk + AVb+4hrXY0XwFBc+outY4dxbagT05S33ki4R + OlDjwoe6NbGV+jvtSlDzKMWN/oE= ) + 300 RRSIG LOC 5 3 300 ( + 20181212121212 20161010101010 44427 example.sec. + dywJbQdmETg/tdyYGELZFrNYPATirURA4JvV + d8u+Ejce5X9a2StTHFG8AO5oHVHBob1z/SNp + JKFYBECnGxnTTb5MjZ43n0D/hcbX089HArFN + pT5MMCNlKlU01W2VrlYyMkMu6/KsyFQK6Mcb + Y/7UOu78DWbbePxwijigZmdhPFJM6PYYWLeA + 8mJaqX0MmB51o3FtkBEp834s1bxsktFKLI+o + QqSgbreLDF272tDleo9LkM8RwqTNBItHf92c + 99y+VRg8+cmP5hAADV0ANoFWmZ8LIKum6tJd + 48/kUnHjzSTMRbAPt7lGcw9ItgC074mku4WU + FywoK4EGwQJ7uH49yg== ) + 300 RRSIG LOC 8 3 300 ( + 20181212121212 20161010101010 48381 example.sec. + EdCsT05INrfXrxH7OJu9ZYVOerbeluKqTymi + tdatnHH6M85TT4djWnspHnVNsjNSPFy0+56G + N2CHHgXsqMW8p1OYAOzwZ+Ba0t2L3tIkeZ0y + Fo58ROSBwQFl5nNSX5fZR+VOg1nuAhZR88Zf + DM4clTLtCn7zV9TtuBINhqrI0vfXhYBHo5Rh + e97ZBVVcJzNMT8b0ehJ9GjTQ/Zy/XW6UVTF4 + RinWj4b9nZtxZMDCJD1fqpkQnAu356ja1Q7B + VgLLRuSi1rAULkISMJipYNowW0uCSdQK9vCH + KIDRskLR5d3DJkmjLSgDbaw3Lqya30/rGSgp + y2tgRWdgS2aEpjAv9w== ) + 300 RRSIG LOC 10 3 300 ( + 20181212121212 20161010101010 1862 example.sec. + MGe1S9ZySCoiyDHXhtEuRBFqgFfh6d9j1+8V + QSzpVZZt/D23ykb0kNovytKFnznYSq2mm5i9 + 1jGIbRkkTCJUmuKEF6o5BKeG5iIe006tDG+n + /2hr81FY58+p3qgY4uaFVcwMAGN5ixuL7J52 + QeX8qMrGwnLeS6/USfxyfWtu50nmpgPF7a+J + KaeV7Xy9E35eBtp/LZUzubxEsx78ejlBYb5A + XCLFT1FmxtRktRyQ4RNSOX54sI9XpUs8xqMr + YF3IY0C8atFhXJ42M0pr31SOVJjvF9KAax9Y + I5QucFL+ovQLRYgxVrj+o3OM0akoyd6ea3M6 + SxLo0XnQrhTkjr8Q1g== ) + 300 NSEC sec-00.example.sec. HINFO LOC RRSIG NSEC + 300 RRSIG NSEC 5 3 300 ( + 20181212121212 20161010101010 516 example.sec. + i6dgTc+9Y4X+JGSuE9o65dgxKLexkwcsLp99 + x/h1iHgEkck0Y0i+d7MDGNg6ZeMA3uuaxnGr + vSntLNBywTMDGQG43aRjn6jZ/OwL/9e/0YNC + wU0PoIsKqg3FKgaPFXGk17dPz5U56Px/nymo + zSero2AS1cAXyihClqKZ7EjeAdI= ) + 300 RRSIG NSEC 5 3 300 ( + 20181212121212 20161010101010 44427 example.sec. + WKK7b9fLcJRs/xI74VSpnCf6sVr4gPG43TUu + etxbTga8TGGHchOzrLhR+l3LVtHkos2Y1p27 + bZtYxApqZThMUZ/3fsHwwjhLU3dVNjVtymcy + Au8g2+Km7htzHPJfEsFtlBV1DEjiTnPxx9iS + Ayi6Ib4p1Bp2h1AaltgEM/EbzRtqnBkVq2+j + JF+DRN74dB1ZSWltzNXhZaWNuHi6C+ccXd+Q + A2EVSg5f2O6GzVS+RjueuE6SH/AifFjcU+Wu + p6QyQUe2umElIk4kTmE8RWxFOO8JbDBdX4Hx + CyLcvGFk9XKGmtVpC8oLilxTNXC0pgLI+/Cx + uNvtYbpYweguxAUduw== ) + 300 RRSIG NSEC 8 3 300 ( + 20181212121212 20161010101010 48381 example.sec. + 03EHsunl3E31Z3leZefzCfpwXIw5ZSjvwITg + DQJNsSFQ/7xCAozjkuaSbzi26t93/L5ggDdN + zK3qAyxslqbCQhc+ILItcsu8YS1AYHce7ATr + 6lg5QUij7eZp6mvCAde+0N1kun2pvgHXakBr + YM+u1ifjJNBwtMFU6DkDYVMvaWGcq+Y48zT6 + p7Wdt02EZFrUWAu4ZOSjksRxpsQrTc9AfEch + xMmOEVGuFP2xpVDRYbYE25gSy5qvyoVqgQWm + BgHbCDHzR+9BhInrI9yzhUV64ZGq/wZEOtz6 + tj2OAh9f5bp3N0rn/BAqh5c6mDfd3S8K5yix + MXKlpr8ojAhJNXF17g== ) + 300 RRSIG NSEC 10 3 300 ( + 20181212121212 20161010101010 1862 example.sec. + oNhHACRQ6raBdFx4fpCx+UW6OHPUGGyRd2LN + AliBFGKXCXdAED66EJlwjnTTYduegY07zhXu + 39DVCsTfNWu3nurjLel1J9LIIGwkspnLnQ3z + tZftNUfVr/PjQNoA7q29TY7B/LxHcGDniBZI + 0JfOATi2J4iWRd3UJMMOUAY54FGj+dVzPiCU + cKEt7WSlHDSq98EEsoPYkZTWrTpM46LvC5KI + hgFwpWKbIIzwFNV2C9ykMfLLFRLi3JO4MQbd + qbtxkUV+j2T7NbTWml9OY96Vs9oMQjSlKN/v + CpPPoRqwXyzpsMt6NfznBYNFWV2VGknXIsXu + TDTjFhCaXd5uDEKOwQ== ) +alias.example.sec. 300 IN DNAME anotherone.sec. + 300 RRSIG DNAME 5 3 300 ( + 20181212121212 20161010101010 516 example.sec. + IuMBiJ2cfyjxV1O+K18LbL5OuVk6fG4iAogl + KxuKZi9biDB7UaH6Fd0ShEcM0rUL6MzcmEbg + FovFTTyBL8+O/LhzElse+dGV0hOz/FilEE3m + LZzjb+WB6sh64zSRQTV3vzMgJxs/I60JbVtE + eKJ5ktnNmcCS0T+0Vdw55dX+j+Q= ) + 300 RRSIG DNAME 5 3 300 ( + 20181212121212 20161010101010 44427 example.sec. + WQTSaB4LddH6Y/sQuvqAawmY7bdhTeY7vZD8 + YNUvtgx798+DZWKQHmoWD4KDhvqMO3D3rFbM + AvjtZJsamVgHFDVnblBfi1oGKL892nRquFa9 + d40XUtKW5d6I6MaYyO6Cnxs0DFNOKC5NUuUE + dKWOx7fuuVaXliZqsGzDESKU6mwiOwrvuSqx + wf20bNXy+NgWHom36L4dOkBdiOWgcJ7fmI0N + XCmVLTRRrzw5E4kIIX1nIysGSW5WyWC6gxz8 + 9EYBBK5N38eqIHmxwUO9a/8tQcn2PWNqBNMD + LFYiuhweentelGwe8E8yajaLfjBZjmr48Jb4 + HNI7A+9xbiCjBseGOQ== ) + 300 RRSIG DNAME 8 3 300 ( + 20181212121212 20161010101010 48381 example.sec. + 010KT3MX1e3al35LdCNFqsZT7+TbZerO9AQB + DdaiVgmyQw7+UELxrTEyxPS3V0bMzUc3g5jz + 2XHzCo/ch5tFN8zlV7KUzQSqKO9+vt15JSNk + 2sSW4jJVK3S7KXH5+YRj0EOPL6O21K2KHwef + VZItT0jxk2COVl58qYa1PQ9DoFZ/mzWwC/ko + jRFwQc6LXFW+kDDzbHoj8JMeRhJOOFUQhRfL + QS5P6CruFekgMJRyeIZabQnqfzgk7yw0YAdR + 06X7LlxBwsVeS+un4VHs7+kL4TvaFHTfOgpC + /d1A5ZEeBSlRF3WrwrcqBNlm/DHb7rkn/w/n + osE3j9hC78lfgnm1Lg== ) + 300 RRSIG DNAME 10 3 300 ( + 20181212121212 20161010101010 1862 example.sec. + SIK086vGT9CP6NHhDUzNvbF5e+2Wf3tngnBz + wOXyU78O5HqY6c3urVCwJqnZa6FfgKigfRui + uc6nvCtIIx5/iQvjxKi+3oGGvLiYKJQlJmbe + XOocOddpBKkJ2QEx0VWK6M/1MqrHFtOh5l2A + D4R5j5Ximl/8K/P24Ek7WFnCBqlpBSS5s0SQ + l0oZo2gvZd+GNkiIxIBt20U400p3suKhglEQ + MwdOR/8+XHT2KsqUssmsIYlEPBCBiZsLn0aj + /tu6brATslv/qmsqc+HQMJRbJ5YHCRpbMOAl + rEWgYFEkxachPaRRIVuQwkcTJM3eTjn+D0uK + hdlOiQrBACuchImlBg== ) + 300 NSEC cert.example.sec. DNAME RRSIG NSEC + 300 RRSIG NSEC 5 3 300 ( + 20181212121212 20161010101010 516 example.sec. + SG2SiQMpOH6rJ6ZhQ3EK9bnnGiKL/7LQILSi + D4/agyclVc+vMnfVY9waoA+Jt70MFJEBd32p + GScUcRu9MkpdcZ0MiCCWwsGG+nrufdq+rxFr + +FOX85LZf4v7qp7s0xL1kf6Uol5G6J7rZIcT + yZgWGZfl4WuFSAouPQRnHV/eoqU= ) + 300 RRSIG NSEC 5 3 300 ( + 20181212121212 20161010101010 44427 example.sec. + uIRc9Iio/aaMx8R6vVIuIqMq92y/1iS/mYch + wupYiy4A2oz9AjQNZbtGNFu8gInyWPdZVfRM + gwSVk5Y6xFI303UWSCDSaFpd3VhkcPFToioi + scgtUVI7/v72JOBkhxFrB6nukU923E55ya7L + DCZ0lWnLh6VMvSe3MtDLPyUDQKfCZQVAlmNn + du4S7uWN6vh5CU8aTNwn6A/bOodtOAx3aDjU + m/oFGpn46FGuoYTcnjp3NGUFYOTdLlyWb5wa + V2pS39lJgUHBs69+93RP3Lgkhc6ZmsBP/J5j + vddRQ2kr8sBQ1g768buWyqeE2566mnGi6PoY + lqAEpXO9ReqdPgXqYg== ) + 300 RRSIG NSEC 8 3 300 ( + 20181212121212 20161010101010 48381 example.sec. + xw3R+vgGkofS8s1ihzSnMLoKrEEXxWB60hxL + cl3uJpaXSzayoXwco2dZaUzq/Wa9xFBPE06b + USSpn00JVhPA5UpAWBx1W7aD6pgyXN4Lfpk2 + VpjJ/1jjsQEWGZfhvaFnHF2uuPddNaQfWHMX + kZDjjpyWC9wLOusy9/7n67vie+SMI68vwqcU + pOKlrlTgumJ/HxbTvCEDM2jU5+umyaP4ZvIA + mtXSr3r5FUiF5cA5CkrYW0cd5CVivfkHJ9bJ + 3wEbUZ4NfImKxHCCgzS37ICNl+yB2ldHTfXy + 6Ho3jmteFbvNVRE5IVNrSozcPaGU9xBLZFVg + sle3rAROarz3lLDiBg== ) + 300 RRSIG NSEC 10 3 300 ( + 20181212121212 20161010101010 1862 example.sec. + mF729lkzA2S/Yif4OEuROLkcrLzhValIq/Vs + ahpCu8/LQOZrexKLlC/d9SFaSlQaB8KjLQeF + L0+s+3OvBk+AGcOxDSIlwm08P5lTRM4kvzdY + auZpiNS5rIgLEMM62Yla5mMhvvt+Np/lQ4yA + ISpdjAWaCjuV1xBs8099uIX49YNKBLloknSe + K4MWHIbEagDbxY8qnF2ao89msx7yQQeCun2k + ep4OGnZOWOBMJON0x0InrjUOpQC2XjJPgvIE + XTkl041j3leC8nvzpcTDvD5IDlVswExmFZ3a + inFdWQq97blgbbDItF82MPdrXUSWTAy/qmjR + oUdhgjyO878jx8aicg== ) +_443._tcp.www.example.sec. 300 IN NSEC _8443._tcp.www.example.sec. RRSIG NSEC TLSA + 300 RRSIG NSEC 5 5 300 ( + 20181212121212 20161010101010 516 example.sec. + c9om8Z+YcSMHdl9Y9JyXsKtmd4s5dJwnWWBI + XC32Gr2gbo2myvNacNo0EOzlnDndF23he+57 + 41VeKKE+jCuHPMzZvieq/INcNXu+wuGytWiQ + XTrYQSt3TiejxQdE6OxoxR69RqCyySRBLjDP + WT9fXekxVMbSogR0oLjWsuoCREs= ) + 300 RRSIG NSEC 5 5 300 ( + 20181212121212 20161010101010 44427 example.sec. + yQC7jAIX7VS4SSN76lt7Tu0meff3EKGD2RKb + hSo0hu9xfRMXlAkxx9W13bnmbg3o5rDD31Wd + 1x4xjd408l5eswm8G5IZorNvvlmBJHXE0BSu + dOHrmC5WmfyqlqRx8kEMsoUrMqQTqct+QmtP + rKAKrXdIoSx1kd/76R2YOrzbHWD3ydChvoLy + sfHQEJIPd4tvfuMokWzU/CpMpeyqTzebgGN5 + dSB2B++boFu0sfgTTjt/TGlXsgaU1mHBuknz + k0MUvaq+f1oDuw85RGo0/sDAKpkqQVUxW/j4 + bLv2BhAFhQGaSsv621WDziYWn02wxEccTP/t + uc8lah+VM9YF/6NjqA== ) + 300 RRSIG NSEC 8 5 300 ( + 20181212121212 20161010101010 48381 example.sec. + x8TxyxXW/d1su2ijhe449HrUYcjXCLDDlh+/ + MwZhh+6O3fdZX/bim/q53XtNCOkoTXl6DMus + Lei/xwbIQYo8f1J7rEe7bvv44U7z9XR5cpoY + bPIXof3EZiEwsqHSb93/UstNpRsDufUeyv4l + cdhJxVM2YLmQJ6v0UjwC452NYg3tTfM8vpMU + YAfgBn3ajsSpek2TEkW5nt2kktNkoydpnbuj + jZk7Pxmw8KbEPt1PO7n9LI80OA8DRkykhoio + 8SaXh/OI4sS4Mt+wG5+lJixMDUIT7m4jDW9n + W2skYvPYyaW4fS8Cfp4gwoIJuKpopHpy10oK + f/5s380ql82LvP4uTw== ) + 300 RRSIG NSEC 10 5 300 ( + 20181212121212 20161010101010 1862 example.sec. + mU1SJISNmam1aeKgThUF/ejRdU3Ltet3NgDy + 50W5MaqpPOSXrR7Ag42R3OziFaxjcbuY4MY6 + iOIuQQeXh/PcCORCP81+GWI62DxB5ga7hdcd + k2zZHSp1FYgtAWoZ4SflxjOBTkFb79irVLpQ + 3a5Z5CyBZka8zZcFr1Y4EgsAvm/4JRB2616E + GJgUbcWxZeL6XHlWHIz+bV3lwv4xctFcmBsh + SsGvtn/2av1Sq0Bl+PlbvAYrPhm/2sY8Rtbj + 5JWCI2Shbr2QUFbp6GlSBbS3oOkeLFz+0L2j + dY/CnmRpUHagML3xdd0nhHlMwClFkEEFo5Bm + hXIQvYzFz6SpJhaoGw== ) + 300 TLSA 0 0 1 ( + D2ABDE240D7CD3EE6B4B28C54DF034B97983 + A1D16E8A410E4561CB106618E971 ) + 300 RRSIG TLSA 5 5 300 ( + 20181212121212 20161010101010 516 example.sec. + m9FBBhkcIdh9DYhNur12tjTfoz5Qtvq11Kwl + oYPz8TiUK9P4wqGa3Ufhf/z5ciaASeMueQaR + 8nrGI0y7WD94mHm9Jg2u5BtuZ1z0hJOUuTRk + vETishONzRxv8K9N2W3Jv1ygLMwC7Di1o9D8 + S0qxYrzkTHmu8bLJj8oPD04+DIQ= ) + 300 RRSIG TLSA 5 5 300 ( + 20181212121212 20161010101010 44427 example.sec. + wVp5u5xaoOntqexU/0tiNrAvPD0KxN5Lq1RG + 7PkpEMFgR4uf91jgneoIBiUVpTE4agwTO//q + 0Qt1JAnTwPAo2GrHcTDut3ZkvIbK6SQERC5b + c+9l1IR6Lt7PBtDW9NqcSiVTh9SzU3plGEtu + KqhAPUzIIAm+kKEDpoOI1JTGsTdJwId0ttSi + Qt4QA6OFkYfdjWxm4qSsregIrTdhNuDtHTA+ + dk9XOmlHlCtlpUnxkTE2uqUors2tk811xkWb + aGM+VhFATKRBgNiUt43LkwgCH/Gfordas1fK + UsEXIZzAwp7Z3AdY/4PdhO3OAA8uojqHqTp2 + QO0xKJ7UnHueEnXR9g== ) + 300 RRSIG TLSA 8 5 300 ( + 20181212121212 20161010101010 48381 example.sec. + C6Y2zTg8SKAQBlW5bqGel+4LbcgHjitoxtH1 + gUv5h07NWCuS97gKv7H0jtQu9vyKE0szSMkZ + 88tHvFfpVOMfsWxkMiRATJaNP0j4bqlhW5z+ + 48hSfMa0X1jljYVhtxEsXrDqTEUhIv8kZuvM + 0IpsMDwSWljCFSmf0rspXeCcnpPPJL64I3IX + j/EZ52MsBoN3ifSTqodpMxs57xtGfi0lGDJP + yvWq2/9Z8BFmzDxvVEPZLvYUCl8w6FbELhgN + QD7fpKqM6TmI2xXmsQaEefvl4um5Va+t+e+U + mW5T6A+GNYRCNyk4VhBV9bKKPukInMJNolPJ + qMbgJ6Gc56V7l3tf5A== ) + 300 RRSIG TLSA 10 5 300 ( + 20181212121212 20161010101010 1862 example.sec. + EC8RLTAf2ga+FZQVmKQmN7gJxHYFXwQ3FUIQ + fGYQEiF5O7Nwpl5WPmT4062SEw66EW0mw0Rc + Jpq9fXaA2uyf0gWpiuwAlKiLNo/PJNor43Xg + JyIO+XqDIpzW0SQGe6sTmCuNciQvwdORR/yA + iipYsQW402lR1w8mNF+9MzCJa4w9dHuZQdN1 + 3WvkatYKhplmXxOEdpZ5FlvV5NYEuJi29Mkr + 2J05Zr7HLGZErDerRjcQRtZ2Y5NgDTXsgC26 + HB9ODan7Zop0bErddBqXAyTU1p6iS7Mm3eWa + 5GwVrB94jFBO502HIMIyZbUrVAq7K1PXMRlu + /WzABsxYiy4rXER29Q== ) +cert.example.sec. 300 IN CERT URI 0 0 ( + V2Ugc2hhbGwgbmVlZCBhIG51bWJlciBvZiBt + YXRoZW1hdGljYWwgaWRlYXMgYW5kIG5vdGF0 + aW9ucyBjb25jZXJuaW5nIGZ1bmN0aW9ucyBp + biBnZW5lcmFsLg== ) + 300 RRSIG CERT 5 3 300 ( + 20181212121212 20161010101010 516 example.sec. + RsaoHrajGSkKePvJDvBsaLjVCJO5Mk2VsTZA + XfNAWUSi7703MqkMlO13RWdQdEmCx56NxG1x + qiS2arILR0fPMo1emt5J0CnZV2FrRk7kbXYG + 0kDPmhddvIlvTvF4H2WVd1Nysu2SPH5Ve34F + luIsEWYv2B/XmCqY8QFLJXutqNw= ) + 300 RRSIG CERT 5 3 300 ( + 20181212121212 20161010101010 44427 example.sec. + dEOANGqMChlT1sRhgajcl5XbWFT+cPJbITHa + V4ekQxaKRT5/PZOQCYtSX5iOF6lorg95bkQb + ztIV1IUckp62dBljoQ8123vhZOpSgClDXZqm + YsVinJUx3qKO+XvTEGH+vf/b54f8aywQL3Pv + ojw10OHBm9b2vDfww/lZRvtB+RygnoGz1prX + jt3AKnKhST77NZktFg77aWbbO/WtuWLsxgZf + pckBqB12GSES2r6+6JVST6DE4dTOarCeL14z + Z/eygkwFOvXBSG8RzakMIDM4JRUrWC5XQvoF + WVmZ1CQM4TGKJylgc6UosC+/kEGyYIZeuLd0 + iTGYakdsLw++k2XC1g== ) + 300 RRSIG CERT 8 3 300 ( + 20181212121212 20161010101010 48381 example.sec. + ifn21DSpcORCBrZPARt8sL++XfPYx74Ay4Cw + nWqm2tARJex/oE6Frm3iR0BZ0EYvhVjOjP+/ + IGlA8LXn95iad5/lk6fY20YA3MVfovN8qt6w + uSbQDewWIVgfjR31NhPK96YFruTq3p/KwSCQ + ekAobJfx9idiN8B0AdhzdvxLdboeABaUmpkm + 5e9cC3u3pP0fSAS4GV0ibfSAUNnoMvrTXfmB + Bf5nrzx4Weq+AVEa1yltF6UK/P1VWnGAG/Jf + PcCYh/XFoTcZfGjso9BGln24vEpkrKd3kklx + Hmgw0Ypn0SCM5yhaVRgX2UQtCYFD70BvWrdq + p4PfYBm0TZfUnEbQjw== ) + 300 RRSIG CERT 10 3 300 ( + 20181212121212 20161010101010 1862 example.sec. + IFwmeo5tNfQ95J8yoi4gpJJQJ+IUF9G4wjou + Be4bQYLqP5Or2y3bDzIJ3rRjFxF5Wst5Ovyk + zXwEBShFPuQjBXUDoKtCKICR9/pi3eK1FVff + 2xn40PXk8TrfV/xNA9Izfd2T2BmK0m2HBsSW + y4SwyF1sQPPFZC3Z3LpR0yeP5Xo8xD/GUn5C + FbncyR3ex7XYNpBytb25Eyy8+eImzM2D7ZZW + tXucCN1timxMGP1A34zoa63fsT2y3XlD1Ax4 + 14Vf/Leqmot3h5+85cLbrYbNRAj5SGn2MTO0 + dbnGpmbAQrTl5mXQRYXY1VEss+eLb2Wq6Jtb + mF1MJKJHgLzEYI0GBg== ) + 300 NSEC c93f1e400f26708f98cb19d936620da35eec8f72e57f9eec01c1afd6._smimecert.example.com.example.sec. CERT RRSIG NSEC + 300 RRSIG NSEC 5 3 300 ( + 20181212121212 20161010101010 516 example.sec. + YTeprqPKiHtg/ynH/YEPVYktL2Ca2/ZErO41 + NVUSnK74tUFC6X9CYdnslXOewT9HLmDthr2E + 7jBUlu9XdJKbXuoRdx7WDbuGl/Nxcjh3EIDK + Qi+sVxLE94YQH7gAeYSj0t/HneLhwoRdPf+t + pf7O3SHbb7FuBj+cRjCQZMpHWXs= ) + 300 RRSIG NSEC 5 3 300 ( + 20181212121212 20161010101010 44427 example.sec. + qUEKyNbyf5rnPyUEYv5RU9Piglqs3cdkz/yc + by3B+W+bvPa/bUMHXnQE5uaSmQ4eSIhBcDQW + z+/TKR7zBOIb/wda1wzjjlI3tL2O65UE5s67 + fAJrDByQ0zEreXM2RiP8eIdYnea3TENoMrUQ + c/j+Wj1+nEsbesBbfEXVeE730HXMqqCZPRHT + Y8XooxSqBlvY6J/RSS7c/sLYBAc6iHNxni34 + y5vj5D/mV+yd9hkZiPe5SHuYwsz9wjhbOY84 + ndtakY7DfG3txgI9W47+HA4qWZESGm4bvdnF + OKYZudwMBP2KS74clPqjPoradLRR3EOf7SLH + Y/tgBy62TMYXaNDd/A== ) + 300 RRSIG NSEC 8 3 300 ( + 20181212121212 20161010101010 48381 example.sec. + rwPUoJ+kph5rb8FseqpipqwywBvfyfEGT7JA + FMAF5R4tWePjo8O+6b8WPydJv0eck5JYkPX3 + DwJcGBbKiFi8OYt/mdBpxrzhyK2RafMPP0Da + t/swWv1NplkpCztJVjHb2aNAITdofe++Hm11 + NHJE20g4wb47rIzOAaf0fPwb2dsEJhGWGy4W + Kb5mpimb26JaKUUy6mmcwfLGo9eLJc5PHA73 + iQ3cQ/t5/ffQhIXgS+GvgkSF4NKGCuXfoCf8 + 4h+brT3IUv8RRQnWrldFEj8n4a309/nomaMg + iZNx3UAebt8DUHl3URtXh/eQ69+enMDIniUs + bn+t9OXBFl8WOWc5TA== ) + 300 RRSIG NSEC 10 3 300 ( + 20181212121212 20161010101010 1862 example.sec. + acAM4O4hfy0zz348eNtTs/eb/Pjq+loT7iZM + XgyRz0dugP8VRSz4vQmHGYY3JvAvpfGQN3GX + aAPDc+Gz0bwM53+4QmOfei4OczpZoi8dSID+ + fIBS5TnntB0PpCF72pSMR4yyA9D3QY8PFUXg + d6rPTE4DGYw5w1vTIZBJjW/wMbF7MsVG+7Wu + NGLMFqkX4OSXgeubuWipyL6QkSjMseld3dKM + 1IQWDgJeBBhPKOsf1IE/7jVl26/6zISGOOM0 + 2u8g+DbnmF1uvUXdbmsrCviCary1KJ8h0G6P + 8Lh199dYNDdXZat/Vh6xyYgqsov7scSK0yCO + P1FRAWUtLq5SEJls1g== ) +ns2.example.sec. 300 IN A 5.6.7.8 + 300 RRSIG A 5 3 300 ( + 20181212121212 20161010101010 516 example.sec. + oSyWhdoAFyep3WDMhrXyH0m8rvVrdmE9hn60 + tbC1Jo860HcyrnCzIx8KqC0HsmTmlZmTuhOh + ATOMeUREaloT8ShrhMNJKzgxLJ2FY1kCRS/i + CfwFteHCEXCJ198rExdW4yFVQT94IiyFKoXf + FYe2Zc8yZFHoIBwhklXBJuiYur8= ) + 300 RRSIG A 5 3 300 ( + 20181212121212 20161010101010 44427 example.sec. + 20kC0SNVgkIOAfd8S0EBlezuw+Lye/EAX7QB + 0G7WPlJXOlDnMxqvTsyjaoETbxLSqo2lZ5zV + Tz92cULBzIra7F61eXnaaB9jVDk51crpOV2P + rU01sYrYpQlPqoC6gXa+o814lglX5ez3nvT+ + IzIISSU44yhUIyqSCCVzR5wC69A7QrBzumsf + ZI6YvYjqB/s79nPsqzOqxvtpg7GWRYb1OE1m + cd9zRQPi9+uVrTDF5WLI/UAA5NzPuY8U20L1 + /K08/uqKP3K5rdGRgos8hwmXBmSxwnBSS96I + NJaCeIGf96b4cvYDyZ2HQmtS8c1U1iUhPk1d + S5+S5TDnLGwL/XCOYA== ) + 300 RRSIG A 8 3 300 ( + 20181212121212 20161010101010 48381 example.sec. + m9Uk+u+ZJZzPph6KNf5vnyfNWrIByvwQRPg4 + Qs8veUo7XDiQUxhbZ0282eprW0TVVFtD1q9i + QTC68cjnsqHCTKd9+QingWdBr0RwuHSxiPpX + 8Zbv4LXnskjEbND15gDJ0GRy9W8UgtWoUyuF + 3MSK/PCxFuWVftNGnGWCl4iuDZM+Q9C/o8hQ + YI8YK18zgqlOaqSKPqzMiOK1Yobv6direlf0 + iYSlWFBHUkm6sgeTihwSPCrLrjVwGqR4Ux3m + 4bs+SSy1xIOS2nrGNiu809Lhg9arAzkKg9FB + DusYCJHQ5VyP1kGcpWbQNpT7ur1D52rtNO6C + PudRbNk47qsanIbRcw== ) + 300 RRSIG A 10 3 300 ( + 20181212121212 20161010101010 1862 example.sec. + Z/yfD2G/sWFbFsDqZC20BIoKSjniE89aiSKl + n/hqmwzzx1GgoK/uTDs9LlIdp7zESPifZ5n4 + t03pvFxMQgPw5bG5eklQ4Zf/am84DKmIZixz + xaUP+SAMjB0IhdpCRBSnC55knBdHlsMC5ryA + SdBHOcZ5Df6iX57cpon24fXkI8fqWQ7m1MLR + sYXEXs88mFAElh/ARcGIm93T9vwUnk04cxrw + QodpUam47Pjp7C7GY1XExtSSdW+h8KijJarR + tiYYE1dkOPdT0OjzBybRjbuhjaCa7CPPzGm9 + tNMph25m6D3Zv9Eay0cvJHYWnbwOZDxO8w9r + QpkYgVpLnMvYRQ4iow== ) + 300 NSEC public.example.sec. A RRSIG NSEC + 300 RRSIG NSEC 5 3 300 ( + 20181212121212 20161010101010 516 example.sec. + QBDT5kIi+hdEXsZ7b7y/ovk5lGRpKiYStdeK + 9sKrQvNCC1MLhG8DiT+ssX/66jQEEwZWOBsG + R9f+pkm/Y7jImE2KqXfcI2XTaZvmh7bU1wKF + 17PpytMMqj7bvmomvTJwaIZvyzBX7x65Vm0j + B3M1dfQc8AsXruIGlPMyNDJwExM= ) + 300 RRSIG NSEC 5 3 300 ( + 20181212121212 20161010101010 44427 example.sec. + T5wLuqX6ohtXSEIXifG4Yui0TTkNXRkDnaIV + 9yJrRjFk/GqgYhWzwj0e89yAup9eZNKoftVA + bdXOCtEhPHL9lPVK2b5NsQ3+E/TSKvjgxbyy + OWAZRkucKKJeQWhzPBbTach3bkEvaWC8fSCH + K3X4/R0GFQ39qY6bgxIH1KtamqypTp77EkE/ + B736JUPhGRX96kgEu+bumR0Z5Nqi5m24pg/5 + 6k+8OL0o4k+SFMP8va1+lryqtpG7eInWRPQ7 + F4X8DNAoqttpsmf5v6tOpkpgoB+0gt4tNTaw + 6DQDRX0YCCnCBZEVNQbs04qC8Ij1MhyJSPqO + ZOyNSBBNJzdYebkrUw== ) + 300 RRSIG NSEC 8 3 300 ( + 20181212121212 20161010101010 48381 example.sec. + IMXgJDl9M8F6xgSzzFU1GxSpjz6sJ39xRYDj + M9ZRXqmIGtZUbVLYiuGksy9oMX3+mXkRdgGc + COys/CFeVeJ0slUfT1L3I1ZEpCqi0GpPtcNh + muGdvVN0msrbVG3Mfz98vSMg08BJb7r1plPA + D0X1bcO+3NGwx09zHGmrZSlhyGfH+rui4nCK + U6PAlXNHlany8yfzp/t0IWFS/Ryl2Y6nPxiZ + /opY3TJKSIRoXTFgLkxNdiIpyAd8zsbuzq+o + hQ0/joZ8cc6Yrs5zpxksSRvdsKAlqj+BWEvC + 8zGYKygQcv73OmOizw8SSZH1Nhs9Bdv+DNra + ka7jzpkOZeE0bA1Jfw== ) + 300 RRSIG NSEC 10 3 300 ( + 20181212121212 20161010101010 1862 example.sec. + HpKVsDx5dLGlLQEKBKAoMrjHhmjccYQepTsK + CDILuW8b/Zpx5wajf95xlcutNHp/nuntr5Eq + U4ou8jqCmhV6qPXnMnPDoQsmEN7S/Gmwe9oh + X6JdmUOX1UimNalp8BycyBwbc9qhCJyadv+d + sKds15udRnbqBDmmPGur51k/1k3cSCMAKzqu + I3QytXqThwqRlWlOWb032LfnVYNEz5Abwck1 + XeX5LVc54JBKF1R22yofR9YnDAVBHbVjYt0V + ZHtWBtqUTlY5W0ehffEHOBf8r+N4aCA7LfmC + BQj8tG0xx1zFMPxRvlQh/bC1uRtuH1lChoK1 + /ugjjkqZdXRLE9h31g== ) +sec-02.example.sec. 300 IN IPSECKEY ( 10 0 2 . AQO/C76MVA5WN743YYeE537SLNffRZvQ9yxo QqJP943gqs4QATtnJWHQ1SDWiRE2aXl7SJoy JAu7jaUTGKWXzStD2wpkBIJ1IZ+avxf8zxRt @@ -2063,332 +3001,94 @@ sec-mixed-31.example.sec. 300 IN IPSECKE br2pQnZ5ul5NCgkhhcr26IPPiZm2eww6ougs ogj6kPdSSQYZYayHzVnl8NFQ9uCwbRTryepP zZP5Vd2t ) - 300 RRSIG IPSECKEY 5 3 300 20141212121212 ( - 20121010101010 516 example.sec. - l5GfjmKbBuz+kN5Zt6vXuI79OxxgUqd+CKMg - HjuzrizNLaLgaI4zV/986SrnxiNn1Q7f6b/v - IHKTfJCt0Cz7oZrz6e1feeAFeZJLDF4AWmhY - nJmnAouu2bWXpRvGvEC20Jk8to3DaPKb+yvM - pCXt1Pv8xZDIJEmUDx/aNpJGJNE= ) - 300 RRSIG IPSECKEY 5 3 300 20141212121212 ( - 20121010101010 44427 example.sec. - yY6veWwWxEb5X1w0LSomZjGKsGegq3jpuAvy - FNl29cLzk3O6FKCEQ61vb8st4661tCuFeYkw - Llx8VN34VHVHZnE8Bf3AXURjJPAw1exTWM66 - fd9/htwG2TcaTDp2Jb05HSkmI1fQwKsUpYwH - cXDGmVe0ClD4oOJ4OsTnUMsP/DjvP+p8fb/b - jFlpUxMUBzybbmSsfog1H0J63l5jL266sB+b - 8eCofztUfcX9omPZycT1p6qJ/ZaLYe0GnWeL - JeMVHLVkP+iwIge5LcfNIZMXeeEtZ3YrnSAf - WxKdWNh88OLO7vC9XTgnxDXRKyxPXSH4BwmR - Rb1IsKIqtFvDli76Ug== ) - 300 RRSIG IPSECKEY 8 3 300 20141212121212 ( - 20121010101010 48381 example.sec. - yfAMmCbwB2JXh6PAjJxPIWVloV90O4VaJTiy - DeVrY7QAI4iTHFFxPlPD0L//UY1Xf86X+ZT2 - lD3X15tlOEbyZ72OhA/+miQNd3rHxVAip37q - Hrkrmi6CtDNRHbxdExjE+NUNTUZH+zn7B/Za - kZP+iT/eeV9lhbaExwk6+ACCxD8w1Achdo92 - tLzH6cA6dVzFPKu0+IeD40gN4d8t2ghJgjJS - D0g4xHhYmzwtHA6m5TJHJ2e4P4YuIgp/DCKK - FARapMyEjBUQxS8q8Mn7D+ezGjnA6y07rmLx - Ov2WoqgdmdI/Xbhpo/U0SrL0lghXARe6PucV - cq5x9fCOuT8lSsc9Kw== ) - 300 NSEC sec-mixed-32.example.sec. IPSECKEY RRSIG NSEC - 300 RRSIG NSEC 5 3 300 20141212121212 ( - 20121010101010 516 example.sec. - l0YvQfuMnpBx9CSQd50J/SFIky8BoS/Xpl9a - dCV8GF79Etl6S4/fY7k2VCr2CqB0bR3+Qj02 - BtTJCqHMrPUjZHL4ug1AUOfPLlsWoE5k0NDm - TJi6Fb8f0kPcdpLOSA8ig60b+zMVsyp2GK9i - d3d/imAL1SUWNkob2B0g3CoIRM4= ) - 300 RRSIG NSEC 5 3 300 20141212121212 ( - 20121010101010 44427 example.sec. - RnNJWYZ4RSDCxNkn2HgcT3/rIjaZZ/2ZkKRp - 6tX+ZeWxqk+sRaCvL/mgM8eFCTifi053609l - c6OASaUGfcJJwF5amQoU4icYOZV7UJdnz83Y - ZVEnUD0ndY2Ix++UOeRCjk2I8H5GfhkL+Kaa - Acf7Eg1CXN6PthcSDb2S1ver2QlOm0yuM6A6 - kJ4CMMWoEtjRAigUGldTQG5Y3ZLoDjhbSQ3v - T3e7nncVkLib7NdTHmkpA8uiV9WIIC7fchpA - KjIkNC2OHFQaF7f1EbyzbLQ0oJuXEYwcANWX - WP9b+nkXhlIXmVEtpHMtoM+L5enYwfqNs8WC - NfzISWHmX+GO966T6w== ) - 300 RRSIG NSEC 8 3 300 20141212121212 ( - 20121010101010 48381 example.sec. - wLPBkQlHUAzWgeLiU0w2fe4eCJBJOU32KCPN - +7Dnvv6ulBgcuABIZPNg3QSB/RoMt8RqIOSF - DOJ4sWB9Q632AXVLQ0zjfWRxj9oNvlFtKI02 - n0zK3t7azjjAYNDiB2nHwT5HPaBrOnT8Ucel - whayIs6iArpERLbk3IuLgux0VRjIfiC8eYG9 - CyYQZL/lPtaJOe8bmXpoJTPGj/jJLFDwSIU9 - pID+nedbWSkS0O8fVYHLj8evvNLQqAGhXJLI - UKrlGw+siO6VrNp4iFo3k84XJm0ZBDon6Nbf - 8q/6wN4xrJmZkRH6Ljvn4HVAamFUXvG62apQ - EV3rjNRYeQNSbWa0gg== ) -sec-30.example.sec. 300 IN IPSECKEY ( 10 3 0 some.name. ) - 300 RRSIG IPSECKEY 5 3 300 20141212121212 ( - 20121010101010 516 example.sec. - rAqWyT3TmNObsQxO0Q2FnG3ZlGAwYkZRCYMv - EYuVBhlaaYA7ZDD4RprckK43l/MGPcJkT5h9 - U4vtJQXnNztWRMpH4Z8jb2LOU1tZzsBiHNjs - mQcYlCGmBRXAZ5yi8DsXZTXsjo3iSKUxYNQF - GoxS17+zY7P2GrGdVxDZz3K6kXw= ) - 300 RRSIG IPSECKEY 5 3 300 20141212121212 ( - 20121010101010 44427 example.sec. - AfB4UY/rL+H/dMztnW9/Ajhv7e0DTQ+f6hAk - PiA0CphU2yQL1Lv6R3X4p4iKWz9CDs/sa37C - QlEAoBiUGMqVpHO8vKHREcfn7v8RJCtvzhOz - ZmuMiqWsCOhVkS/EJJtxIAyeYVeD2fABWwV3 - DfmG1sAslzN1SrGj9DY2LiZch3FbyXJRzvTt - s5wO/8lnGSj4ws5DaiNMWKt5vvkZneU2otiw - 9EXGBJGIAyUpGblzvlsasMQ8j6ixrXiva/yX - 4KSUCa5fNWJfgYllNIzTaEBZkXwcdUYbWvJe - bA0ZN6J8ObsnHd2hBLDV2QBl+tV63J4d4EP5 - tMw/XynRxYFKW1cMRg== ) - 300 RRSIG IPSECKEY 8 3 300 20141212121212 ( - 20121010101010 48381 example.sec. - tMBxGjqgyirIdIZidMt74conTmA1ZmTDZKKP - 9m5HxBTOG3+oMHsi4KOETVUujTlRFMQruL01 - Ii4enuob2MJuZQ8Uw7I0q100KaZzBzcAdSaK - IIcNWGEThNw5fE9VTOMLMnVxJoJZFwlpDnZP - MF26aP+apom2VLMx6t0TYpKAkKYjln+TW0Xb - TaKf5lTW9CnOEVLEa9YOUojGFt5HWyz4X0cc - LrjH5f1OV3H/TCIpNENr7u+iMBUqt0gfF8l/ - V3Xa8sm+R4YDII8Zkmj4rIbPzAKmqO5uDFMx - shYjiTxued2fAw2a+4dqWMgCbOm1utqEDE2Q - dp70f7dYLTy4scQy9g== ) - 300 NSEC sec-31.example.sec. IPSECKEY RRSIG NSEC - 300 RRSIG NSEC 5 3 300 20141212121212 ( - 20121010101010 516 example.sec. - IM5xqIiOsST2LlMPAdvfmwhXiM4xBsVEOMnK - z7W6bYj/R22EzvC1P87j1RlleeHX/rzd1jvR - FaDTOWu3vbRO+Z4tfY/TGZOJaocIVqidsPsO - M2yWDhRdWhhgq49D0RlfHeSQb7VCIM+Sao0R - tQcOqb0HoXsCd1JXdaVmLL7MRG8= ) - 300 RRSIG NSEC 5 3 300 20141212121212 ( - 20121010101010 44427 example.sec. - r+pgljSgBNKaECIwN+MfiquQ557TXPfsYxUA - 1efqX2cbAlYTFVZPuPsTXSb1frWtdCHzCUeh - QhU0oJlDqmgT4nvPyXBnpmvgM691TnZz8Zmw - qZP/kE/m4bjgs3KwKXlUsDcW7iTmI2XPfZmX - f7BxuBrvV87DS2x4YbHhfshXhLiDdV5od/nC - aNLHrbQlYKaV9uWMcdggcMuaGxHn6Q6VgFMX - IAXhA6Bl7jnogVjtbE4rCE/E2OaPNoxJMIJ2 - TnNEvroZxtW8ctZURG9Q8H4riIfaqerPb6hg - x9wFi/eujNlQpE/L1RF+EMmyRn38mlm4W1z0 - 10kjKRjbQOWUphDG4Q== ) - 300 RRSIG NSEC 8 3 300 20141212121212 ( - 20121010101010 48381 example.sec. - lFP+AFHKPP4KOaZXDM6yiQp/OYodqhojrTkA - ZBdLSGoAZQAGMbb3uzcQUQwFuua9mBPANnsw - kHYeyKa67i8CXiVfWFN1bGQ7KCxcCJrRYm5o - ePKAf2zoI8aoTtnjROS6CpG6lS2XK7zuc/FB - 7oBiAG/QPl1gyAWwvk2kRTjxpVoDwyAQnSqe - hVxQtdOt7ahOmW+xl9xUQcrLURbv0lanjjyO - L0PCnr/LbWi5q7a0VO27QgvOReGJCzm8sCdb - 3aZOIz8c6rpahqy9WR/u3mA2WkN9OxMsrxHi - oETHOaKPzg0ZojW68LAoh2YxSjWaiw6P41RQ - 5qL9Hh4i9iU5rUrLag== ) -www.example.sec. 300 IN CNAME example.sec. - 300 RRSIG CNAME 5 3 300 20141212121212 ( - 20121010101010 516 example.sec. - M4e9BUzl1pzv5jJ7jrIxpIgU6UhUnyFJOGs7 - 5LNW93WKd4Edqh5eeStwAdpKzLUN7eVQaYcD - +wCaQ7MfazDqC8TaVGRRVGmhmsZkBpZXgQ7I - 2eETGSY57rMqQqmDYs1dYHIi0AVDDA0/yhFj - BlaXl0aqceouM61vU2ovtYI3EIA= ) - 300 RRSIG CNAME 5 3 300 20141212121212 ( - 20121010101010 44427 example.sec. - cLYw1vhsQYUI6NSqvwTT8s2CV3atwm/rhekg - nUc1MVFZFYGYrxgPT2KAZ0LHg9onbays2kZL - wrn2X5VW94eOwhDaA4Kd2wpO0hbuKSbLWn+D - HxUtAjdLDjQyXH0s1nfjYSMrjY6BeQWsOIWi - 2Jt6SCEEt3oZhDWmNflKk30wejR/03eRAdqn - BE3X7eZPw6koEKQQV+djGv5dK5d6D9ywcAnA - tdiE1cCQt1n8daOuVNB8G2ab3NrlPGQ+yzHF - 8rdLiNS4OCiopSrk4x5m3mQykzJcExbR3Gb9 - VSP5wEWkl+GP9a6eEcY6AHWb0ZAL6bnyvUFS - XbIX82ewQvjLzbahbw== ) - 300 RRSIG CNAME 8 3 300 20141212121212 ( - 20121010101010 48381 example.sec. - U84nYJ9iha0zulQtgH79h4BZy4vRQL57Y13P - e+yGYb29AAwJTR3euJWwtKtWRxyXbssyGiBM - KaLEEjd29VXLai2ZnWPVDJ48TWHMORj8G4uJ - Li0oEZMuBBhIUgYXXEZTQ+u9hw46hiIGGzhF - A3QEDOfxXPzi5gqgVtULXbTaaxRptHoSToX+ - 6eANmce7lN5O/bjGWANG2ngf2qbhOBAjFVSW - UjFQJyZOME9/VVfqoLXmlvP7sBWSwJCIdVkl - CkrYUgcLYT6gF3Ym1FgHqVnYOiNHL24PeI09 - 1kg+SOG5gU24RIBWG14zSpuztU1XCSsje/D3 - OW1jEQO9VvTQ79pK/w== ) - 300 NSEC _443._tcp.www.example.sec. CNAME RRSIG NSEC - 300 RRSIG NSEC 5 3 300 20141212121212 ( - 20121010101010 516 example.sec. - SFkcGKNRIqjuOPIyR7rPoEmNj/1FmJ1KISfL - zFVnW4zFsGMRAimqX7H3WhVj3JRqtglEA2M8 - 4RCU2gr2Moqk29Ef0Ab/t8lxCocR0VTtd/ui - 5f6ZPCoNls/cVc0F2shAFy9uACtg/vOQ0JOQ - 7pL3DVLCBEeFwaUwohlgMEdyg7c= ) - 300 RRSIG NSEC 5 3 300 20141212121212 ( - 20121010101010 44427 example.sec. - uCFXDUkjfk1oFOep8G8zz3Gzcy9ERqRH8Y59 - syns+HIL3BvcTE1/Ay53hojkljKeQljnvIZQ - dzluDtJEj+BlMNjWgfem08VSHQ54eaGEWZvT - yFSAPp0SuXbXPeDrIxNzg0kjAKinkVv9rWef - p6WEukS6exUJfWkIcFhYI8/tFT+YQUxxQE6s - 7xi0IPOldV2re3pJnH0xsptQlTaVZzeVgbCB - j+hbATX4vv6arYcRbJf5RMmpqU6Hx439VQyg - i7bxwElezV07BmHPG4D5wcKW80NYnONQRfBU - xVCx4bmeE5aLnTJB4PitOVH/t+FCrCywboMC - FkcNbOeM0uBvx9xePg== ) - 300 RRSIG NSEC 8 3 300 20141212121212 ( - 20121010101010 48381 example.sec. - eclin/1XUGbVezE0CIM3sNn2pESSAonyfnyi - EosJopPabPNoucHsW1mXa391ErLx5ua7nxL6 - 2cLdZwxCamGiBWxj9p3ulM9tweJ+BRkEQTNu - YjwkphZlCo278m2ZSbVz3wA456AUNyid6tqc - jzXUG7xkKcLIqNGJGuPR3Gc+M1ouLZ/6MsNn - 2VnbsRJg+bqFrccd3F0TUul02td5OBI4FlMn - xB77ltqZo3mkIUgwskgoTrNRb0otJoxlYGVq - 8V1qO0g9Gi4LCzanK+s8CYaE+ImIOV4oJz7G - UXS0LAuqIEJJNRWdpeLvRMipYNLzAppAZN4j - IaCXa9pE7/iStJGRjw== ) -_8443._tcp.www.example.sec. 300 IN NSEC example.sec. RRSIG NSEC TLSA - 300 RRSIG NSEC 5 5 300 20141212121212 ( - 20121010101010 516 example.sec. - rT7/LuOh9UQtWIl1QJ5d/Qcy/YJH+kFRI2rF - nEII1DR3yEuAuz/IQBwAbN/Q9RUXdt98Zza0 - KobvN8o3QVPUkXouJiS5D0GJbmnhU9YUvJoP - gxU/ONagplm4eLB8Ehqn0U2z3sOPFuf9nrKH - MnadGiVdYMSeqwM8IzWDhluk0GA= ) - 300 RRSIG NSEC 5 5 300 20141212121212 ( - 20121010101010 44427 example.sec. - vZ9JMfyjj1tPn8z1y+87J93N5ZfJIxl2ULyl - huGe3agDcbcvCoqW1G3g5j1Rpno2WYF8O40w - KVySTltRQtf7EuiEVsvYw2NqgfUaYXbv+xLx - wQ3XX0iqBQslY/5GmptTTqKoYyQ0ooWseN1u - prLpoNucpKu0k+muBU9tRk6v0NGU/FZz4lwp - ozQNVakLHeZlXQZvyZWerg63/dxhmJgaTMeX - TGorae+9X8DSEvLxk/CWbEaFHWXlLyPYnat0 - njeN5leMB15JJfA4Hfa6IrMuRyVkO4GPL8CX - DB7YcwELt3A8PCGds6FT6l2Oe8GIcdb4qRQa - 4aSgi6kwgAXvnHPnZA== ) - 300 RRSIG NSEC 8 5 300 20141212121212 ( - 20121010101010 48381 example.sec. - aeVnnhP5UQu0xtDzs0uq/2kcvsAo2lXiBsqV - 4dAmwnsdTQFkWQxa1JyqZar6AxRpPEJOTSOB - rmuOApn9YbsTbfHhG1/Seh+kKyJdoEQT/oiZ - xb6x1tZPPtoyzD5cjIlEVK/mp6e+C8l5sXIi - EnonJxeKmtPpC6L+V3wFpTnpNG0OQ8dmcwZF - mm/8yKZoT2P3fTmwgQ7IIO3hJ2hmAJJh88aj - IxORQd3UK3A1lPcXLXBFKmi2hPCWPLR2oTF5 - zG0sc5yGmqDtAA8Y9U5Gjfh88fbdiQu0ZGLz - MtyaK9PrwLJUoY3+KX8YXQC1WrYOjmYZYgGI - LEgtHHbWKUZuzdAihw== ) - 300 TLSA 1 1 2 ( - 92003BA34942DC74152E2F2C408D29ECA5A5 - 20E7F2E06BB944F4DCA346BAF63C1B177615 - D466F6C4B71C216A50292BD58C9EBDD2F74E - 38FE51FFD48C43326CBC ) - 300 RRSIG TLSA 5 5 300 20141212121212 ( - 20121010101010 516 example.sec. - a6fW+/Hv5PA5jluWFZTSn66JYhM/cKlfWcrB - ZtSqAVvqYrMxbARcqMkVkQN8W0eFiZ+6Pqpz - cm2jpDLPn9MafMBsM3rc0VxhHPssxghDXAO6 - eYcyf6HOkw5tNimo7GNXfxsVy0W69994+m6z - wWKMTm4gLS8ABjpndjxQpPDSkdM= ) - 300 RRSIG TLSA 5 5 300 20141212121212 ( - 20121010101010 44427 example.sec. - CqUhSqFjikCArbLTOacgjB+RK9d1p20eu7ni - kiQx/P0evcYvvLwePeMJZntWcaDx+slpqf1G - YoCpNGfV1T61JALjrwyjz10hdEmFNQJ3H7yf - Xp29pkK7AqUaDDhk9gvZ7vGyaYUOhLUcdb6O - zr4ZFn/T2W1vN9Qj+KklxGTJg9jIIdxeUJOo - lAx6UiKE4xDD0bS8sQqG4Ec8+P07/oKyjZR4 - Wemsrh0TzysiOWW8l944GX3oNQVHA0Cl1RaN - HWDp/OhMY9+dsPVtP0kQ3tivyFV/ZgDJGyQi - nZWgeLtDhdUo6fHDTWTgz4tOtNnhPC0GgLwB - S1IOHv28cPRkn4Mc9A== ) - 300 RRSIG TLSA 8 5 300 20141212121212 ( - 20121010101010 48381 example.sec. - OJTlC1aiTM9UwKHbSFe3q3a1oYdRRMW10lT8 - gD4boY8aP2dgWDtaMG3khRjSmSessmvHGw7x - wUnOnk0M3sY4HnXwK3mioWRNdyPC8jYuZJJ5 - w9QBEDVvpXwYISm1hi+WD+Q62VeEQ+9Du0uB - qKSQKiFi5FE51mYNKmnjQUkoJ25aZ8ykGjk9 - LStfwcxX/uE1oYpsW1eo73ry2YSxAcUQNMli - 3BiKHnWV9uLz7Z+YBlSkBylQposQfKCVVv9W - Ipq3wyL67dGXRNJ/zdOFVT4FYX5k6Aw8QOkl - QLhF1yPx+fVsuM1Ae7Cmq2Bjkr+JAVvRVSBE - sxWTVdJmkaTv2lK3Jg== ) -_443._tcp.www.example.sec. 300 IN NSEC _8443._tcp.www.example.sec. RRSIG NSEC TLSA - 300 RRSIG NSEC 5 5 300 20141212121212 ( - 20121010101010 516 example.sec. - oKnCz9oWOO9OcUxeeOOPe1pxPnLVRq8k4UKz - M5utgsqU687xWJBRtzRwDz4agyT1TPtDMdvm - Df2v1pXvx8GgdDYTJZmZTv3lDJ9Nbwrr80AO - lGQZgajAbKrMUiwoE9kI5vkPogx/Pnh2JAgu - q8hpapOMtMdKdidkshH7RlW2lDY= ) - 300 RRSIG NSEC 5 5 300 20141212121212 ( - 20121010101010 44427 example.sec. - kNbqHCDsVwRs+7jMZ9Q5XwbeDr9xmEg5VZxU - 9NViIHZHqVd/JJQGCwWGkY5jcToQuLTJ06js - 2nBsPzzAWNDJGv3HU8Zp4ktYu9HZ0OooE4Fa - zN3j1uuqqHqPQGzb8neeKzEcqbV8m3KIWtBI - viSSQuoXK/c2zERyed56rGJb2J+TCKIlMa82 - ZLJpzVVrBFPWuKVtpG2lN6ffs5/HqE4+7JiI - UmEhqukUPMeXFcYoXDFx95VyzuIUf3mvhLDN - 5iXsYTrbcXEN1rybnrfO6esraV983hxvx65S - TuEiC+4us9O73NzQQGQVg/FnziSBIPayU5eB - 9Qj010JsT8TuBImc4A== ) - 300 RRSIG NSEC 8 5 300 20141212121212 ( - 20121010101010 48381 example.sec. - sY1MZuqEvrzYlOCuw8GKrupB1W+E2djH+hYF - b8NWkS4deq21EEXNF6KM66npXaALn+e6Jt5p - DCTWdxmJzg1V7QXD3++zLREp5L8ICH5OUdgX - Xl5YNwxWYj94UcO64oATbLdJ1Y2OM9TMDRvO - pVa5OOAh58On24zJqm9BowvGGo13nJN1ibIV - lCQc4VThk32kYcn3o9/urzIF02iovp+UPb9e - 1GYLuCiOgqYqq1te9UAHv965Dz7VKOSG3MuE - Ni1lZdOQnZ5LBe2VyVCq9+oV3Zw74S1hevWk - Fq8ixFLR+fc+mylEeIVbKEhpGfWvvJE93lk6 - Vg9n5kpwhkeM1Edbzg== ) - 300 TLSA 0 0 1 ( - D2ABDE240D7CD3EE6B4B28C54DF034B97983 - A1D16E8A410E4561CB106618E971 ) - 300 RRSIG TLSA 5 5 300 20141212121212 ( - 20121010101010 516 example.sec. - Q1nMaEHS/5pGGOmds2suU9kHpm5oInEQU29Z - JNZ20BWMq2hb1C7GMGJCmB/18IvnxTTCPzLV - m0T+9lQo7UPdmNatQlBRFLM1YjPw5KT8CP6m - 4uWbSbVZWtGN+rx3gon8OFnTcgh667OBOkQg - kPBd0yTQY+rTjaMfTcP9EunJm8c= ) - 300 RRSIG TLSA 5 5 300 20141212121212 ( - 20121010101010 44427 example.sec. - d9kmVufd0Y+v0RQ2zAOffwc3kzfcHoh/ejYn - NobWJB+jrGM+VyG76BiTd862+Ij67kKOVYY2 - w4ToTGDvRqCw4ZaGfRt6vcCnfrg9FlCOjwEZ - tpJsuf3BtzQXa1bSwJwNC5UBHiGhpD7LN7W0 - G4YHussYcu4w2iFZTif0TvXN/gSYSDMliTHA - 5759FTb+MfKb84Ccp/YSKKebHataTXQAYWd4 - 6dr3IeYfjVyqQg6VYEA2qHCIJfsRxN9gDR5K - oCzN1bDfatwSO5eV1KVuRgV/adHiPApxpfpR - 8wPf1Z6Z3RnplVJdT/jnY3SVA/PLzsS8mfOF - BF37wLnLKc+Rp9qjbA== ) - 300 RRSIG TLSA 8 5 300 20141212121212 ( - 20121010101010 48381 example.sec. - FTCh6C5jbvXb67BRf3nJgL8iStbsNMe+It0K - 2v0GKePaE5gzsrJToZpzWhytVA+OpgBdWkAP - IYWubejwoGXYp/EDU1FH3SAA3zV5N2W25lfn - XULsEWLAr7gCpdeamG6Zg10qOVnfWYB6iSaq - xisMO90+luZz61i0J0/wy6aVtraTrn7s+Kpo - KHuZdV9hWZzNl+1Uuw+hEzBiWxEQK+0VAh5X - 3mMqD6f9LgfqaD2L9pmyZI3Un1UBFn6qbbfu - zl0Ff149O/9dfRHFrmtrNJBnHindLFh1sRMZ - yNXbUcoNrzwfQ/Q9Uzq/ZCGKntrWLB5mHWBx - bJj+v7003y9raae4vQ== ) -sec-22.example.sec. 300 IN IPSECKEY ( 10 2 2 2001:2010:1::22 + 300 RRSIG IPSECKEY 5 3 300 ( + 20181212121212 20161010101010 516 example.sec. + KFMeLm5jSyJuu1dYPNjwtFd4Ojx8/o6Rf0BL + P0dRMWwSjAs7ncbP3uMOUdTEnVko6EsjWTHT + dakYr+D/RHiEgH7r95BidEHI5FXFD5tzCKNY + 3Jxo1eLw/TSHF5VPMty0/Q8QgwKs3B2lGiFV + 5EMy1Gy7sBki9ZTmkts1anW8tA8= ) + 300 RRSIG IPSECKEY 5 3 300 ( + 20181212121212 20161010101010 44427 example.sec. + rFbj5Kieh1vU2CxD/xy7bl/xOasrPpapBXsn + mMijzocDzvrNbxfB0+sKUxdYGgW60oE0t3ds + B8tud5HqfW0XuDeZ2WjpuamefUifeEpU6x8Q + oO3Tecgg2NDSn9A1mlBrgfWybrkLNa5jWuW2 + wFKyzHTUOSzqnYsC9MHZz09OszWshcy8Rlds + hKBnMaXRUOzerwtrRZ0zWpllMfQ104F9hTmS + 2O31UAUDzsv2TjQ5/Fj/15F1FBWGYMRjP0/W + wdJ7h2d+Fv3XJTzYvH3V/qx3lpEEymfXGirP + Jm9IZLMZiVXeqYKS0MIpbJ8SVp7lBW3rTYt5 + aCrivAZ9Gt/oGAVGgw== ) + 300 RRSIG IPSECKEY 8 3 300 ( + 20181212121212 20161010101010 48381 example.sec. + ble1OK51ZiXuHX3RfWNBpt5RbG5yM7wWbIu5 + yHe5oD56Fagowo+flqjQ/xQXZ/n8UG7Mbd9L + 0jq+gg4SETDl752pw3257a+AvZYtQw+e2iyC + lKLQEofIMwrfJlqRXk/1HO176pqc+h7XDThQ + 4gH/RkH5MSWubmG9z6Zli/hM8ndIxebQ7Wgf + 3Gqe2+JVzaG1RBgrtxJ7DOmHWOI5+8WOIdTQ + W7XHzjYOY5fqXCSs5Qkr8v6++KKgJgy8Emsr + ttnKTP+yUL23M/UDMmYTM6MhetsyRF10rEUS + CNCOfSYXyBvEeBxUsSWV01/LRcL8XP1fBt24 + YdfTDsfKtfUxYu04WQ== ) + 300 RRSIG IPSECKEY 10 3 300 ( + 20181212121212 20161010101010 1862 example.sec. + U9SWYQdm78OqWlARa9Js+gltOM39ndb12Fw2 + 3OpXe3J4CKXypDVcJ21pPp/u3eH+ju1BKLOE + 53/UUUcwXFBmzpQBzfK1g2n6hF3CeHx6PX3i + 1Lq5YPDePqBz4XHRCllgOnB4fkISle0uhRlt + MLALW+BAilqVs2JHsi7ooOR5RHbDEadUDJrB + tMaIsqRUEkAtvRRB1VDBgyTiU5k4nrXdeSNY + 2rcXYkK7DsRh0mhBX5CYHQJyVKtqlqK7WFCF + SqrMsWUeQlXkLCt7rhsHbsiP9hkEhm0t+Vnf + LCGYQMp5N4TC/UewMq1XBmV7oj4/BdeSIz18 + E67MiHX8skvb+NBd/Q== ) + 300 NSEC sec-10.example.sec. IPSECKEY RRSIG NSEC + 300 RRSIG NSEC 5 3 300 ( + 20181212121212 20161010101010 516 example.sec. + WfrxxSuFA4fUfSkH7MPqYBLR5Gu0ciFsIaxc + 4RvwDP9RemntRt8q8KfAxpngjd+gDpsWFNpl + HErdcb9Gim/x9jFyu3yb0cHu8/SAxL1HFZiZ + RzG9geX9gQSEgzQVdsDwMxesd4m/5uTdxnm+ + hstyplQHPbWzS4hmw3jfBD6qTvQ= ) + 300 RRSIG NSEC 5 3 300 ( + 20181212121212 20161010101010 44427 example.sec. + xtuCY84o2p7fEXud9TFbWA+idFgiKH7EfVZQ + JbPxgxCr6K97EcCDaVz3h6p/buhGPzOkjZIy + fOkwTD/DHpkcRow7ZzoYOHrFL3fPZTLAg98T + E+NxlQkrZQqpfIh3eLM5tuSvJq5kgG4eOc7B + 8z0jDArk5CQ0+R+WTD2XhxdYvhBi6qy4SIzv + M1ja6Vel4WoEysx7nzEju+SyVG1SYgx28amR + Db2q+9HO8G6R2aqUmSMKef/Nn2Ci6nMWjgfb + zxGwdMpwNLsSD8zOqni38rUpclrKLYZ6c2Hi + 0nED+xlwcZZ30XoWMSKlvuaBP56/s9B3LICY + ev8Gv7693c/7s6YEVw== ) + 300 RRSIG NSEC 8 3 300 ( + 20181212121212 20161010101010 48381 example.sec. + QIW+9Mz6a3qTOQ5q1XgSK++F0BM6LExejjzN + AUsY1Nhdhak6fmk8eNs6OunhVP4JVnFgaREn + jhzjYaQduSnj7kMCcjcu+2s07FjFhO8tUxYa + Yk6gNFhjulbySURFna69mBAH8ZG+WZay1oUa + uBdcJLD57WkuYhg0jZB4W4BCHU9gjzrQyyG5 + nu2CTz4v1efVgY1Dt8/fQHs+jMEipwiuZLdO + Nz6bu/orwMfcPWY1HffxB8Nc0exMuDxsdzs4 + UiB1D/GTrUjZz0dfwtXqGv2672sDS2PC2d6w + Rt1QVl0W7paa57JUy8t+eGL7c8INMybCUlw6 + FlG90wVdfSHTff+uWg== ) + 300 RRSIG NSEC 10 3 300 ( + 20181212121212 20161010101010 1862 example.sec. + OtbnEwYt1s9dhM/rkAgWVl3WRPoNYUXJiRr2 + IGkTgZK+YABHNf3XX6Y49AB/S1SxAQQEJLme + suFsUnxGgxbwC60sgKJP1247NRi5R3XpkY6a + 3azOYw7qCE2joQvRmf+nEqzWwd5iRRPQixAk + oykADq/LLt+grsoNnNdkqybZvMLJoPY2ViIy + 2lJ9E8ArMMfD3dPf5tUR0TTIyBzrvUIi6cx1 + gW7gHdvC17aDNPYBMwZgG7umuv2u0CIRqvDo + pHdl8WJKJC8xtRCrVjptVmCPeYnx1e2rYfW8 + z5T2AqtX3P7+RxB6+si+r4f4/L1zH7JJDp+h + aqh3e0PJOUmxXtoPHQ== ) +sec-21.example.sec. 300 IN IPSECKEY ( 10 2 1 2001:2010:1::21 AQO/C76MVA5WN743YYeE537SLNffRZvQ9yxo QqJP943gqs4QATtnJWHQ1SDWiRE2aXl7SJoy JAu7jaUTGKWXzStD2wpkBIJ1IZ+avxf8zxRt @@ -2400,130 +3100,543 @@ sec-22.example.sec. 300 IN IPSECKEY ( 10 br2pQnZ5ul5NCgkhhcr26IPPiZm2eww6ougs ogj6kPdSSQYZYayHzVnl8NFQ9uCwbRTryepP zZP5Vd2t ) - 300 RRSIG IPSECKEY 5 3 300 20141212121212 ( - 20121010101010 516 example.sec. - LVpb6IWrv/fkkbRP+/U/4i3za41GlD4BKBgc - U8Q272YAusl5Kq0qvRoOvjFqRwbz0BVgtdj2 - C+BkaKiPs75iw8+pGct96WQHHPCitNxtWod8 - ZtV39PgnRO2XqkeUDxXjih179ax8Po8LFMyP - aqUkkXHUaOyCVA6pmukDDN0JaGo= ) - 300 RRSIG IPSECKEY 5 3 300 20141212121212 ( - 20121010101010 44427 example.sec. - 4UrsGwZictKFk5BcOJTTMtg6VADhPm6v9CHl - S3czYvvqFxAmV38go7uWorWhgQJhAYSF1p08 - Rc2M21ou5JQK2M1ifJU7CoT3iyMicRyYgMJl - qpa2O4s8wjf4Ikp5n3E7ir34F7uOkLHGDj6P - Ll04UNf+5sZnMTqXErJPkxFDG6OBeR8PWQvF - DXlbeqlPRL2P1+AmA++tr912JZPTNTsykWtv - 7pcsv++MB6MZ0c1bMzqza7HAh9zXiKFyS0tL - FpWIUN88zdau7QimsIDXSr5rYJ2qRS2UP/JJ - RHdCGsjNPkw/wEhGTnvkh7XW5c7c+pG3pt5E - ytiqkkeoM7XLUCSj/w== ) - 300 RRSIG IPSECKEY 8 3 300 20141212121212 ( - 20121010101010 48381 example.sec. - qXvlXC9E4JCVNKb40BfrvSW1DYkb5MaqQ6o7 - ds41koCGdmRSPsFp9W3Ut8/mOGZDLQvU+0sM - mRGDuz5CJBHFCUuIy0RqrTcd1Hvb27aptkhr - 0t40iaRQr3nTZpYFwV+3dp47ux4qhbIg0s09 - 8GB0VZSfmdqvdy4Y5d5p/QzSka/F7it05nWJ - IewpgrKf3aa3O0srNwwVUi2ZXzPelibx1J6r - o73nxNmNYp8uWkY2tXTvYAfbqvq0+rdUv8H/ - LxNzKDElvOcat4mX7Wp+Uftp7jgizblFtqHg - cASPgfKyNZYGPx5pjVPKbffz8o8XtXZHbtOf - 3rftFlPcw8fnCSMCLw== ) - 300 NSEC sec-30.example.sec. IPSECKEY RRSIG NSEC - 300 RRSIG NSEC 5 3 300 20141212121212 ( - 20121010101010 516 example.sec. - IevfxPqRcQEP4aKs8xesSnChDAE/33+a7v9x - Uh7eb5CzHJ1PGqwcjDAeJyO6Y2dU5BzwAXv8 - gNm9MsxRYz2PQxy1rmqYB0aBt+vWHbRUpksP - FWOHeDN7KNpszF3r9DO4d593gbckjfC4a9t6 - wpkvsxy8bv654YWQAlzSe4X1UN8= ) - 300 RRSIG NSEC 5 3 300 20141212121212 ( - 20121010101010 44427 example.sec. - FDC0BlhPEF+0WO1Ft3C+cnUSn0Hl5P7Uc+Ar - ukmVZgYVY9ChaujthxcFwwJ+fuNIfk6fuu2L - Lr0ya+iuuOpUrMxF/xWxSnMNTOhrysjA6DrQ - svSGZGHJPfRcTR1hPZQBiz6wl3oxwwUE9uTR - O1J7IDHsL2sZ10jGVIj9YPFhPtcAFUHGMEIt - qeauxyZYOP/IZ0AxpXClQ5+zYepHnbcigebE - cn3FDSgxDDYHJDz3C9ebuXYzmO4+X6s3wmbQ - JDgSFSz2hHdYTv/vPkIkBYBJ4fOMSV+LgltC - LnyE9u7m4pR8Q+kijkOD8LU2Bh9++SR4uC2+ - Et80y6CO/wAbDGJR6Q== ) - 300 RRSIG NSEC 8 3 300 20141212121212 ( - 20121010101010 48381 example.sec. - S1mlTix9jV3mDmRk795AWNBC+ylzCsWXkArn - CK6wW7xXdi6vtSnvvhXzov+zVHZNAMwwBkhJ - 8YLHZcjANtrYHxgre59bAYahwpTUR8lqjJYA - RnKvVjGcGZFZPV8CUcY42A4iGCgvl1UiO7Z8 - m9VzxPJ7LjaLBLhYzdXBqC+SFSyjpz4fAJDf - J7juj1rPhb5OnH4Ca2nEWlwQGn7enesNWkU1 - Yd8QslOMrvbfzmlzB6JKrDecO1aMz+soYbmr - TeW7A0VxVvFNdudFtU0fjRgM7lf+IbGEPf5z - oQT8kYhBG60XHITDaEcqTQFVN2wPayYUcPji - JoTeGda5m0g35bZPjw== ) -sec-00.example.sec. 300 IN IPSECKEY ( 10 0 0 . ) - 300 RRSIG IPSECKEY 5 3 300 20141212121212 ( - 20121010101010 516 example.sec. - enZEx05BNsmnCvan+Bhirxn9/GJel5bTDM42 - eQV7dH0VV11kD/QM3JdhpCmJASFOo1P7puXN - WWvRkCnSyokSMwDkOiBBHqzA+XBVKCZMoLNV - M9M5OJbXCaOByzHPlJEfEOisNsXHNqgFJzXb - 8NuNuTLUOHd+z7vAt2/y2rsvmCk= ) - 300 RRSIG IPSECKEY 5 3 300 20141212121212 ( - 20121010101010 44427 example.sec. - Q/uFwU74dwroyXluozzM/VZfPm5YIslvHYJ6 - IPoVOVWkaM8hiYHlN+IxZMuaCtRK9SWyHGZ6 - ++/hqeBW6KezUcpBeOpE49tqNS1lFa2TQCIN - o602Z+Uq1ZaNsxNRzCen8nh6aPk+Ma3VMQeZ - pjifEf3LKrPNOqcocr+vBrb/yTP4Ns9aMywK - Whj18XkkUvZ3Qwc5dmkY24Tr//YlOKieyqNv - k2k1HtU7i1igtIa8/EZ1LSID3P1l6MhnSoAc - vHmqcEo50kZiHPEBRuP9vMxeLo03C5ogetcA - 4qSlUsz3PyDKSNXLTn5Oy6WzdnrlZsaQZml5 - tqE5oOqMAn14NWkZYA== ) - 300 RRSIG IPSECKEY 8 3 300 20141212121212 ( - 20121010101010 48381 example.sec. - sWztwS0jdkc+wToR+bYvyH46tiotZ3W/YdsD - b30HDNZovIjbKXNLofxglzpvg6EeRnuZi4qD - xlC38uoE7Poud7N4l0d7hQbQkz5gdSbHlcII - 1TmOAmNNyYiE/7kQHYyfpHPPC48p90bSjPOJ - S9bHdKKW925Vp3RN3MfI4dhNNH+o4xqPIiLY - ZB8jwUHh7zbs0EgWbFiBCtiPsaAq01pAwWp7 - RCKfJ9w8wE6dq505icDTLhBrWf15QYPNDgXC - zjLn9pmT+YGWhs6hgPiW5/y28nbiwID2771P - qXy56JjbqSgGBsgHTxE7iBnXr1nyOFrOEyUH - V+YrBe5waLIpgn3MxQ== ) - 300 NSEC sec-01.example.sec. IPSECKEY RRSIG NSEC - 300 RRSIG NSEC 5 3 300 20141212121212 ( - 20121010101010 516 example.sec. - L/At1YRILr1Obw284RFZlWU5m1MCYtjJNg/B - XUOlcATRaiCPCA4ugZSJz5EWO3j0VFcgMIHN - ynyXm9Ng3SoSO67r5KI/DrjhqdXQDWZ5JNBM - VrJixQpE3Q6pV3CXvHd9e5z5WZnwB1Ns4p1e - S1K/FdSp8uLotwOpedUPS8TEb5o= ) - 300 RRSIG NSEC 5 3 300 20141212121212 ( - 20121010101010 44427 example.sec. - zkP9awQpTKHAzBEAY61Lvbhnn2gEtk4EPYkm - 4qxVfs9Hcf12X6qRtyK2j1Hb/WuynyhLaZ9O - 71Zp6isKaG7+gTBGSz1RF+oEcRJRl6r3iRPz - 0xzL90PcGtREtbUUz/N9BXDbYT2/w3kB89up - KewS0/Eb8zV/63YcJqRdurzk4FgJdo5kUb+I - Rs4XdZMHMIF5UEvNuKocsevLn1ldP1hpN3a9 - SFhUL7nsA2XdKRcEPA63MUS6VYYv8OWCKPds - z1c+/wvBHksDiGe2+0peC2f7rS6XMoULl1hL - czlYssdSkiQveN/K4pQQmUssBhtldKIRq/63 - adQouGFFSMuEdPL9yg== ) - 300 RRSIG NSEC 8 3 300 20141212121212 ( - 20121010101010 48381 example.sec. - Lt4gdhFZgltCfgukt7w00G/Cg//MJBLSAKSd - gxtXMP20hvZ4QvSCQ9KSGwLq5ntnRMzQFYSv - Ew28bIl7SGW4fAPALl9WrXMyQ+WG4Bja6E7U - 99iYx39j8ZqmTZO/Z2OsH6xM5TPJFO0x/uRY - QEBeLl7mFVljPh1wA5NmMw9fRJxSsR27t0ne - oelM7uZGYPFaPYis1fWLeH+xheLOXeV5QvHr - MZ8H6xsrSXFhdr09q9+SRuWIFI7LG8DLeiAV - UaeiJwd5HTbFOEL/x3KcMH5dUISseyYZmr4+ - RdE8KbTgv/c0xG97k3q5bne9tiBnaYsI+0Z8 - hBy+OVaiQ83HIRpMZA== ) + 300 RRSIG IPSECKEY 5 3 300 ( + 20181212121212 20161010101010 516 example.sec. + goJhatdkze7WqFGplnO28uBT9AHjrsrK54Sb + I13110ffVWk/6DaQhNX3GanFXDcbhi1m0N7B + MbYFIWZX7y3u24Wyuvak180hUqUdcyuA3G+Q + SP9WALt1+7aghjPLWhJ9/igHxC785Cq/Tgf5 + +KVMN1RT4pi5l/uZQ5jcKdw6J2o= ) + 300 RRSIG IPSECKEY 5 3 300 ( + 20181212121212 20161010101010 44427 example.sec. + rXrTeN01xY+uebYRE/bhpy2GThFjdfePR+ll + vLe9PzN9GauBsaHCIMl3rr+c4pB0FwVtrGzD + DGodUkbqikHmkzw6gAhx9nAcEGl7jCJpP3Zy + eirRuNTb4HPsXNSniwXSXryMXeBnHanpERsl + 4n3bfwvOQlytAqC+X1L0HfvGkSi7DMRGBKK0 + yZCHuI11dZehOEVUoBGlWV1o/sBr6YwwLhIG + ImwHzEzunvRRC7e9SiY41nIpm3zGwnbsVVj8 + kDGQq9YxOgR5ymFbLhCYAOcM7jSBBQRm4Pcv + WKMijHXzFO2e0fXf1nOsJH5VnQEQTxBWiyRc + D0SCwpkMKHNIK/D3cA== ) + 300 RRSIG IPSECKEY 8 3 300 ( + 20181212121212 20161010101010 48381 example.sec. + T6OZoyEvW0es+JEYsHoM45PIUYcjZjhS8jwy + mCDfL04m7fmyjzfUvK8hR2VVxT+2QR6jg1vp + DnPFUpVrr0jJnuicU2lCdptTSb2/7jQzlpYa + M5b1aaqmlGxCKnSfjWfdeaW4PC/+Oj4yBdPF + DXdKHWgFxWPDOuVIkVtKuD2MgG7G/PVOPYw6 + S2qMn6BSesM1UM274wiAWC4+n86aY3rkH3Ly + fgwMP4q6DktOhygDOK082NANVkoGztcVNaH0 + pqL/5UoUtgN/4wndeLh8Lb2LrRz818+uZuad + hSyJKB4pN+u1fs/Z1BQfaw5til/PAVh49KNr + IWL3nkNOlCb1pXPuQw== ) + 300 RRSIG IPSECKEY 10 3 300 ( + 20181212121212 20161010101010 1862 example.sec. + v1TyfkvJIwEJ76lle7anDNWl1V/l8m0oHlut + eihGwNdar6EGmH1uyxNDH9RhGvgUVx29to3p + +lWtg1VwYzxXqj+e9TnWOlCfV2MRD856UQ6T + htHk16GVJvzfAwx9rX6KMu2lvCxigz+xePwY + XJALDOlddHif2fk0CgAlOyH2QSc0K7A99rTr + sDaOLYk6qetqRDwe+7XiscNePIc2YFqbbkq5 + Isl9qUTYZD8Rli8JiJGIP3Iotywqo21lVTv5 + niIgLU955vWfO7QAYbSMubXpyJtTT/wpPXL6 + 0mjuoJmeKOrTXei+k96gnj0akD6FrRfkzzQr + bADlicW9RVcCNxvOPw== ) + 300 NSEC sec-22.example.sec. IPSECKEY RRSIG NSEC + 300 RRSIG NSEC 5 3 300 ( + 20181212121212 20161010101010 516 example.sec. + OHE2OH6FGv4SzBbJAWGFfmrtxr/0BhA2xU+s + aYg5idShv1LYS+YL/1VRXgNneOsSgF2iDZpM + RAp7liIaKN5ZCZHY09chlwjWFvGUDVqT5J3y + GJ7oolFFw8xB4raX2H6nGuwkq4PTEZcl5OoC + 42wat+/Dq8kbSEFtL9Bd3ztcGAk= ) + 300 RRSIG NSEC 5 3 300 ( + 20181212121212 20161010101010 44427 example.sec. + C9oAxEQWQLV1BtoUxvPo/ofqPiFVSKObG7Qu + 7Dtb/WgmnkhYztsQtXQYw0a9VJ8/VuDKxvW1 + Bky41/VgioLz1iQk2/+4aMeyVBpfLVp/+Iz4 + lAldSRUkBQt41XGkWLG3a4msXfGxc0wlOhPe + fd5RV/R36T7tXCFWKw9C+b63we3G73gCJytj + ZWLD2wVP1f7oaWPJWatLiWsfomqnmp5DDUu6 + 7f8qJ5sNgdRoXIKWXbXX2SBaY8Xm9ot/Nyfb + 0jXZGMHhw3rl2LQz3rvR5IGCYTtTWF7yyOQ0 + 2cyyPkp2/qZNrQF8Cdq5ymSvntSwC5yMx9DC + g5jBBZRK5RlrcNnCjA== ) + 300 RRSIG NSEC 8 3 300 ( + 20181212121212 20161010101010 48381 example.sec. + INMHa0l28dAXSr/0Dk4cKSBWQY8ONmDFWbn0 + VyoXVPXCrjFtAPu4C1bBdmhgx9poKz4DRN2j + WQLepltrq+6+rf+lIEMXj3NkLaoSRv3VTEwT + hAKnLv4erWvGAvcWdkzE6FNNOT0T73nwS6Aa + o1M5mdg2DRwqx6Nmvz9heBIbgso4ULzi/KIW + lI6RjZcIIlQPrYBWBtxB2mQ1PYJMjJGMo99f + sq7+LHezKyF0BRktYN0zEUKeV4AYwQmP1o35 + o3jDlUlCdusrelEXPykBfNGgtFTTlTo9d+hW + OGWVsQhJzYAU+Hm+VslAP5eF7LhYCX56ddJO + b3/tyfGjTTyZ1Kaztw== ) + 300 RRSIG NSEC 10 3 300 ( + 20181212121212 20161010101010 1862 example.sec. + ZgP1+3VHbAc4NsPSQqS3Sl81SF5AKHFq0A71 + 0gH/OoNCNvHQHbtmFH922IQsEPJNQA8cXPx7 + yFNfE2zgG00v2/Ua91Qj8WxJgfXePtJhZ8Lg + d4bHaGW+tbx7qM53CWrd9vtg9reWVb5/4Xqc + +iUbWHN8zEOIbVeSyOK0Z/94Q683urO23C3E + vj5coGlSHsFu5NyAl/B02mNZusHJ1UZ59sGj + 71nJgRw9Vg75QGDr8XTP/AINRNYq7pvlWdrb + pHAEDKVkP7ZwNFzbf75VVY1UAV/sk2Za2sTB + qyMBMRzi/svqhnSqYVfN20Glkv+Snq6YZuTT + Z21Nnpdk58SsOxxFJw== ) +_8443._tcp.www.example.sec. 300 IN NSEC example.sec. RRSIG NSEC TLSA + 300 RRSIG NSEC 5 5 300 ( + 20181212121212 20161010101010 516 example.sec. + bB/mN5odg2j9RXrzTyFdm/IIVLNT2JkHsyUQ + gziMnpv3vt5TZryVrkEmInIs/PegcSZFbD+A + Q3m4ww0Yoz7f7a6rkqFbm6iUs/khaISrLF2X + YwPqlPq2MOCfp2P6LaEgoIvmz8QWLmSk4clv + /NbCjL/NgBJqe8RPC7zRymwa9IE= ) + 300 RRSIG NSEC 5 5 300 ( + 20181212121212 20161010101010 44427 example.sec. + d84Fcjnygh05Ll4LdYC14XYZFiXbaZlLEAOg + SbwGq+kAGohtW2MfKYSMHOt6ynPLNasaAKTN + c3XCL1MuozEIQ9I/+2RyelxYSSMIA7XSHjPS + vw9tQr4JHX8xZDoUCzZRht1VBYnPRadiZx0M + /Dv+iaDM68bEggsu1PhBDvksx+86Uz6Kbk9C + fB5GReS7qpS2jHXgS4xksK3UhUp4zUIql3Xp + E1uf5NF231sw3HXIEIBox1BAZyUBj7ShaNOu + MQg3eg6moAteUxAjubApS3P4UyHaXISOHnzY + fVNEUzpP7ym549S79BG22vhlF6/rxfdFS8hp + +ijBTtHpoKUmy9IYIQ== ) + 300 RRSIG NSEC 8 5 300 ( + 20181212121212 20161010101010 48381 example.sec. + mn64tEag097G73PBv6nLmaxqjTmSxYUcK7im + niJsDArHlxg7xyP4Bi2jQ7KN644aDc5Ck4PW + SvmnuVNfISX7HIOmxT/oc6gHRmfJ15CiBx3y + xTLmfrfv5nAk9fLErkEdX1+ET39/7hgu5sC9 + qOkVvIDBqF0PuuYcF/lXz95gWjhaQ8PSG7WJ + 24PejLukdvCaEp7XuQLiJguoUfIkxDdYPnnI + AlNuKyiONntzJuPI96zvQSYQJig69pbHr9k6 + 7BkuCSbfimYP1g5bveGngxZ+tUQpx1UaHfEV + YPH4ve2JQhhRT/4awhD9VoPdMAp+abdDRqRK + v85EmPPcLz+6NnlqHg== ) + 300 RRSIG NSEC 10 5 300 ( + 20181212121212 20161010101010 1862 example.sec. + nY6RmMUxCpkOsHMerlf+btKjBbSYCwsfNW9c + 7v8zh95f5iFGf1XTRF9TqAugQg7sCAuAPg/t + GfMWw8jFAIZnx/SbRxC80EXDs1wcrfWwk8gF + HgWq4d7g3p94pTDhAtIovHeIdZBDMb2f2k2a + /3Rbrll8RV/QlOBsXlO+lE+T/RNzO6C/Xl0a + wwfALpJPHRpDHwK3+0SRVf6Tlg7oAUHWAhsJ + +XNrixGalx+DCeB6k6KHvw46hAX1j9EzwM8f + 8pAYaJfhsfLAvg2qQPN/14SKx0npeRLvq9t2 + RS13BTNWUrHoUJ0FID5JaVIwFS+TLFX5XcaM + u1dhgLgOQPN7ZAbLsA== ) + 300 TLSA 1 1 2 ( + 92003BA34942DC74152E2F2C408D29ECA5A5 + 20E7F2E06BB944F4DCA346BAF63C1B177615 + D466F6C4B71C216A50292BD58C9EBDD2F74E + 38FE51FFD48C43326CBC ) + 300 RRSIG TLSA 5 5 300 ( + 20181212121212 20161010101010 516 example.sec. + TS+4QDNXNzLiEd59Gu0osqODeilrR0ewk+4K + J76FS/MWdTby5FRuZoO7dlWknyGcJF8mwsKV + PLR/N6PCmlLmPhOeN+LNxkYCH8xMWNckHIwM + 5rY0Y9zWy1n2oG9c4iObczcA7skeoV7xv4if + W71kBgDKeLURupwuXFJs0JEGOkw= ) + 300 RRSIG TLSA 5 5 300 ( + 20181212121212 20161010101010 44427 example.sec. + CBo+fTtF1ypKVYQKHBlv+Z5lSvpFKkGHdP5G + cjTWyIZKiWANKJWGK8VhEzvDuOTd3oTPK5L7 + OABpgyTlypwrTfzMxtz+0sb3dGKAdGAvFWiF + 20KSv5iYcYo8tABNvxcJQUVe2iEoQaNtKZAm + Nw6e9Mvzgj6DjhhrpbAOIOQbq8geKfM9mYTQ + dCwDiFdK0PKNHeQquJwbTLofDn2ah7AbOX+9 + +9OSiORH0drMMbiAvOx1JSRQGgCXYYEXMg1n + S3EycAH7uyWyauVNBblPnSAA5wQ6SAzRcpKH + C3iYXb70P+1Qwy1AEB3aDdyLKBbi2g4j9bFq + pK/pHwt4kVatWUfvZg== ) + 300 RRSIG TLSA 8 5 300 ( + 20181212121212 20161010101010 48381 example.sec. + aEqQxblSO8hE1p5DhgwIcuy3Rmm+yzxwGnUf + QQx0RBEzWiIYUoR7BY8hT4q+MRMCjtHkAr7Z + g+Yswjgx2/jaPxgxmKSsmQN9ADamEmuIIIFc + 42THiAzdwKdd3MTHDQJ9PrBkjIYike3Nc+xC + jVxnYH0Hk0MlzfDi9pYn035EXINF3Nda2BfS + 7c6xLV/SJpaIPE00p9EIKIdYtNYpczzoImVM + YbmIi6B0xoBhfScMi9q3Tarcwrb9B2KIP60K + 9n8yVRBVwu6mSsoWw/mGpwiZtwoFZt8tmX0O + 5V/sQMkhvP9wWPxGI+NWYeO8Yt+DE3VFnPZM + qmO6t8FbVma6nFgp7w== ) + 300 RRSIG TLSA 10 5 300 ( + 20181212121212 20161010101010 1862 example.sec. + HpGtSiqI9HWZZPFPkNCgjxteGZ4p+XrL+9Q1 + PZBi9BX4GjSNhQ8kXDzNBjhc9OCMfePxXf9g + VukFekCU7n+HSdDVEFnGizSYBmyG0KSktRg4 + jG+BrKxmKLLqLN7VpnADQnbzjcRvFILsTrsE + 422K2cNlAidZrKiEydOauaoV8Y5XrtHOhckj + 7BdpJBTcJhG97AxKm+tRXVAuhwHIvpXf277V + t32b/stuRVaY1mixrDhsyTdqOUui5SA6uxHN + kMWVjx3QSeFpn7BSSQ1/UBjP3CglE0U2dKwI + eCTZpjpS11dkiR/7Hp2juu3FYamF/Yj4nciX + /DxrYrURdHXUkyYYcQ== ) +www.example.sec. 300 IN CNAME example.sec. + 300 RRSIG CNAME 5 3 300 ( + 20181212121212 20161010101010 516 example.sec. + FZ0ONSWPkz+5Aomi5/TA+T1eVEgF/0UJCraG + ZgVCjxw3jO/v3w1ByrR9BpoXPIwf5CA2TkJk + gtGvphzFRrYNF3MEhgOdTRbiLfqpcC1L0pDE + 6IAvRU1rSoXZRo3W2Uzmr6I+KGm55Un8pF5X + v1uFVPw7ziaeHnYAZ0b3TXSRX0s= ) + 300 RRSIG CNAME 5 3 300 ( + 20181212121212 20161010101010 44427 example.sec. + DNnNbCbJQz/+9ExNHu+M6nnVmytMbLLgHlXM + w5UjfIbG3EijYDWenUo4ai7K23l3HHCJRZbz + jJITPJZdNUVvN3+bB+RSGeoFwCPCfHkkb/yy + VeXJIQslaSmcBIpwrnlIu4mztwrSzce7WI6c + iKL+K51a8KaqzQX0H9PaEtw7z8KUhSNhO2lV + kbiva/NwDlfsWULjo+r2izTXmMgKU4cgdeG3 + 8RqmpeMSRLP6H/P9B38pfBpvnrBbEpYiK4BV + 5GlLdiETYtQWV3iHsLizYCNCkYhs4b55UNWI + 02eVy2jpmeYnNVBx00wqiHBjHy5gkTAn2vNc + LPagUqrpq9PI1xiY5w== ) + 300 RRSIG CNAME 8 3 300 ( + 20181212121212 20161010101010 48381 example.sec. + BbLte7BZWvbNdj+tYuA4kk+u72ckzBxnBcM/ + owhFOtB7IZWKd/696MOq2w0MuD2OSqSm7mq3 + A3Wnm/3RN0+OQImy464IpKSmXwfHHI7ruxFD + jX79azCcpY6p/BaIzdusSPtIzN/gjpxJnZU2 + jTjL2Xx2V3RWoUw+nO3CNJSeH8ltND8hJX8N + V+cH1Mu7eRC3oO5cLZeRuS4QILAVFGgf8ZF+ + kWkruQzwc4e4eosgNFOg5WC4VXnPfW3cqWk0 + sZTs+q2P21YC9cSBTOIgIxCoczMVQW7GhPLQ + 8LIea0faxJ6VjB0qHcaKyd+xpR5Jhe8cRLUS + +40ORu5rOyJMa6386g== ) + 300 RRSIG CNAME 10 3 300 ( + 20181212121212 20161010101010 1862 example.sec. + HoXdx2zby92ALr23GyTVvTZ2sdaJJQH5TeZd + ubz1toQEESDns+8WvS8gkaOWhPaLKLmKIq5E + fdWaacrscexINxk6NlMjNRBiu5dkAuVfYA9a + xOWo/344pACrqKIoboHt2spQvTdIKAmhFuLY + JWV9x3uzXon69k6jcedC+rLumGfJGgodkRim + mxn/LNU1NHdaCoD2Bo7q0nGbJwDIq+Re0WFp + bMLSYJqFHKyYJVhQhhVPHmYtMAgvCFBwulgj + lHU7uUl/+yltjxgkoKnXFS+Bfhe/G84rXBRw + UX9AzTSnt1tCo4ItiSSja/kHjkcGlJJ3Vs4S + h8KDXRRj/FVau4flxw== ) + 300 NSEC _443._tcp.www.example.sec. CNAME RRSIG NSEC + 300 RRSIG NSEC 5 3 300 ( + 20181212121212 20161010101010 516 example.sec. + oaIvvXFtkyugmxcLgpeo7tNMhTidHaI61vHy + qHCZdzZ6L+7vp5sNbZPQevTbAPXhOSPkr5wZ + LcoWtRMZtS9NpFvRJkMiV6aJL/rc/o0hQGBh + TkCnpViK3vPsXiH8kvJSvtQy28hDHoW1nS+V + BjciCsfcXBFqBuJdbz+msoY+B2E= ) + 300 RRSIG NSEC 5 3 300 ( + 20181212121212 20161010101010 44427 example.sec. + iQtijIDg9MYpZaQdctLPcAdUfUHYgS8v9y4M + GlpPwfSg/lyns4vY9HF9jhHO/yhVYriiPAX0 + INxdKq0D/9te1BgNOKeWRVkV5hJtj282fAfW + 7z8P48eTvOZi4vWPrhYU/UzcEw4qKS15Nep0 + U++yhyagqPdV0g8GS6q5hobOvZ+lSNkCL/2l + GcAWLq9QDK/urxNdpYQx2PB85SmAjGaD6tMD + NjToXfttE9MiUUjAscziJ5lcww0WObBDl+6u + mEp/F00wchU7mIbbipzpkURSSL0wxQzhgJ49 + 30aM3Nlw/P2ItyCL6FbcYiEVhJpQB3jCnjKu + JptAgu3NkCpLdVJnjQ== ) + 300 RRSIG NSEC 8 3 300 ( + 20181212121212 20161010101010 48381 example.sec. + yJ07XSzPqaco0u/ZfUeYRuVKSrG/nuTxpP2e + 4gR2eIE8IXcVOp8J9XACvJ85dnqabRkKDea3 + 04ZA083dXvhn7JRtOnPbG/4TyTsmahl13/fd + 4WL+s+nTMBqqk084BuTClr/spKCgLzRF358X + SaQZHtUD+6e8SbOKwDOhUPWp4jn4b7tirgkP + ZJ72Y3k1OwMV8JL3eLwhRbGH5iNDZMDfs4gD + mLGPSQLaleN/Qekcqzo7Hh1wNBfh3eyTy65I + 1WhhHCe/L29cqAWAhw+3Fz/zqwyTSepjkwcQ + v2G0jvEJEEYA1bRDqQmKMN586ZbHRVgL2/Mx + GSqdZCWmG3xoxn+Tuw== ) + 300 RRSIG NSEC 10 3 300 ( + 20181212121212 20161010101010 1862 example.sec. + rnsv561ekllNQ3HeYnHvQPFzZBnMEpKt2Maa + 2lumqNgrYINBhsAWRjCY+O2PQK0PDf+7r61i + ijKRb8bJDfvjy9G3YZyo3A6ybQ0tq7iLfDfL + H0zLoWyD220CXI5foZDQJJccJrcroFU8t/jN + 9oBFAN8xd1mPC7Otd6nEd70fyqH5AM16eih3 + K6+EeaB4GKK37kHf8VABMddaDoU9WbwVdrr5 + r8NBB78c4jXF3SdyfOqjWhv/Z5ONiuSZQpCa + G3w0y1S987knZpghphycTvQtc0cekgvdxR5B + 88vBuEoItgAS7uKWJ6bvHxXic7M4N1XzG07D + mBIdn4oHHDmqJV37rQ== ) +lets.introduce.some.empty.terminals.example.sec. 300 IN CNAME example.sec. + 300 RRSIG CNAME 5 7 300 ( + 20181212121212 20161010101010 516 example.sec. + i96ICBMEwhjWsLMqRNNygtCZwba1Gn/r7wrR + ZvMrYzr/HPWRMQwon7/RbEU4kXuQSMpbU+6v + vhcm9QN2K0k/lq67efN1JXNGo6P+L8AsY830 + 0FwqiW4q/ufnyexoQ1i9cJe3pZ4QO56f9Umq + Qg+m6JBgVHKn6TCVIp6rVJ16y4E= ) + 300 RRSIG CNAME 5 7 300 ( + 20181212121212 20161010101010 44427 example.sec. + PNhMqeo4gJ1emZy/sNwdkJezO3dORiEvPWC3 + EhfIzK1ZagVYQAlo7yfAJ56/Qhsq8+VEcJp8 + 2tt8J20waiDTbES/FY92Y0i+kSLM11fnZZ9a + plG54D4gQnrv1J0BOjMXnYW573kw88aAciaa + /XX5mP7JtHdItcTiK3hozmq9cTTsfisChitW + S+CqJfiWTRaL0vLDhbfAK/lu5zaCFsTRHXtI + 3oQdWjxJANE24OjG83JWWWHc2HBfBdMH0+d9 + 6kRbUSAoFXxK4uLZDgsXOvDspRhMhZJsq2+z + OB3QPZ6g/n6tbFtMx759a4ZZlR7+k9hleHd7 + oo377OcIV1iIerIWpg== ) + 300 RRSIG CNAME 8 7 300 ( + 20181212121212 20161010101010 48381 example.sec. + EKWV63NnX9sGZGXPdahDUsw4jcrLDWXJDMiN + 3D+UTOH3nUPgm2mA7MbGGXPa5emnpaEnJN8Y + NFXTKU+SENXN/fYol03Pm1PKRGbmdbpY8Obi + KrYIHEazypviyTSPmmZjcHd8NOxcX0pDdybC + 2mrK3v6K0lOinIeOO/fdHc7/IkS6FmU78/r8 + 49l9+0oI6yenzOYVz9qHGWUGP040eR8h25uo + tSNxqvoiNmfz/9hsWKLuwaW0v8mNzeuK4o8J + 5wkbjc1hemSLUm05ryA75hx5/U+Jt09lLvxP + BhwU7iH+WPTCRO/cxavp/k/H2V9vQynPB9kd + Pt/VwXnM/hbJlbjqZQ== ) + 300 RRSIG CNAME 10 7 300 ( + 20181212121212 20161010101010 1862 example.sec. + HZBPL0Wqk8WCcTBsMLdefVVsS2aywUC9wgwE + SlDx2kP3+Kuw8udz+s5cPRRj74kiKwholxHK + 68/qH3Z+yiLKHXOrlK9gbDROr/w8hyRqgylT + QPvVoPtvffRms/kYck9t1ZtgYpYsUF/VToYX + pY/WvLyb7HH2xDeaiOW0XMQzMgaLdCOFXz6h + rvRbrWG+8LTvPO483RkzkYjgWVbcjaviMm2M + Livb6R6hDcDdUAhq7wyHJOmIOmsoho0prbGO + o2uMVHhvQSELDSFkweP1iu4C7h57ZYQv+bFZ + ZYBgh45wWPj0DazDhqit7X1sgu2qHMPBlhjs + LWpRTSFkPO6T/GXoMg== ) + 300 NSEC www.example.sec. CNAME RRSIG NSEC + 300 RRSIG NSEC 5 7 300 ( + 20181212121212 20161010101010 516 example.sec. + ByFYkS41yP8gBlLSknKz3pLdIhYnzXFWsI4u + Y+U12xBy9+l6MCWwgj/RcSGIB5+1FKFeQ/SX + KfXDK7Bnr+DxK7ymPCmNzZBJLdJm8bCLA/S3 + YpM9ABg80VbcYW9s5vqXyst8Uf8fvMtal7Zb + a6Z5Q+cC9WQO7wrYtWnSS0WRUok= ) + 300 RRSIG NSEC 5 7 300 ( + 20181212121212 20161010101010 44427 example.sec. + kJGdpompkai/KaP9fpyplXN0vqsBqsqig57j + fkqKIWhERB2EABBrZF9nAPtdV7axwJEJrViI + iLcHU7lN1YQRO4eYUcxAbcLjXFbr9L75MjpL + POnvcmaB8eG/aW0H6mjvecacU+DN+ykb5Ef2 + C5I64PFluL3iXVN6o1xonKpXIdmnj38HMkG2 + zFwlQnhRAfFKlih0hBCL8dtzr8OaHHq20aH/ + pOm29fuOyLWUliBTZkyg/q43WMKKbiyLVVNL + PXNsicKTYXrQ05oH/EjDkNUtElc+OqJcsRQm + FnQgF60rzOfleNBaLDnZTNO5zMJQ2uwVuD2Z + II8k8l68zj4p7n6zKQ== ) + 300 RRSIG NSEC 8 7 300 ( + 20181212121212 20161010101010 48381 example.sec. + fblA2SxSL+ZL2oVqUTlbKt4DVZwEbFbxS9U0 + s/5QvVmiROWviIRZ7hPXqOTh6uRJYiii+4zz + mMBhjFuw1EJovHMabEvYRdYqBhihR8KhRK36 + TYi+tP2r6ByP+O6rBJB2BehyYXqKsFceQpv3 + LJY7pxBI2RWDsRQdPSU1WDmYVjBX0YoES8IS + y4l6Lr0Jdlzk1whzgballdu+ZMlq97g+JvsO + arWq7DQBtcgiWs4S7f3fO3PNzE1ltKgsvc2f + mtaCD+g+MpjaDLSRXdxmNw0B3MgYQm3Xj1YB + gL8SYkzvuj4jK9F35AhvLNGeY0h1UyuQIEKP + RmsDN/xIo1C/NY2Xvg== ) + 300 RRSIG NSEC 10 7 300 ( + 20181212121212 20161010101010 1862 example.sec. + c+G1yL4nXJyEfrwW6wewKSi4RzH8PR/LbiXz + Xdw3l4s4f8bJI7F5SJ/mdAl8qEoQY23euq/u + 8lXTok65b70T/n1y1wSj7WBvhEFOLAlh8RcC + kEQ0GHP/qjTM7MPJsDjPjFRXHDwp/2xJcWpE + T970VWXOKd6S01/BQj06yk056L3GvRW9hswE + Oi31T0VLYFcBZacfX12lxRhxwrKRaRAMLuu3 + uyZOf9FK3xO6Rit+5HOFRX3YDgI4+RKL9Fjv + +wC/cXGL8nYzUXG4TmtT5kwsheXd5KzphGkW + Knl5KyFJ5tCegS01dx1Qiqox4ujHin5kS8K3 + bkgejnhECTn7dZMmPg== ) +ghost.example.sec. 300 IN NS ns1.example.sec. + 300 IN NS ns2.example.sec. + 300 DS 50458 12 3 ( + 2E40B2A6CCD2760EC70AF69D1C144064C893 + 1E53A6B3EEE78BDB9E0BAFBB9C02 ) + 300 RRSIG DS 5 3 300 ( + 20181212121212 20161010101010 516 example.sec. + iclGupmUkGsPDWdWkuEDKTkYMqD6kCvpAyqS + fZBuDZD4vrpOciINX+iSWzVO4iFNUhzjZRW9 + cEbwhA3JDJXcXjDOFQheVWU+2l2+wgsI4LvF + ebykSWuJ/bcXZP17uaulK/XUyXZf08iFOBNQ + 6MOQK7LtilTg4x7hD5KHsepvm0M= ) + 300 RRSIG DS 5 3 300 ( + 20181212121212 20161010101010 44427 example.sec. + yC8hYQPjoYu1NY0MSWVvsF+ME/+9Qk+CwUkC + JbdrnGR/BCQn9c+vOjJyVp8JVFqvTR+/MYrF + l/8qNUwPf8ZjWie2MEBb03pTtscY2dZxM4N5 + gzWJNeD0BLv9k+z5gIZGchC6P9E0gGiRdGFS + L2IayJ6kPl0UQz98VaJH+hdtgH8Lw+K5EATH + 9ZIccq6Ea+VOK+51GB4ttvQuIBKqfh4y2nox + dJdHZH9iGnXoB8BeQoZsh4xMUdpNMjL+JHRc + ZCDazd8EeiDz7x1opJG9LHT4IZ41O7UL3vOP + vejFmXoLbQ8s/d+wOhpJbTTEqmaFm3hAJi5I + dfru4JX94JRntdguaw== ) + 300 RRSIG DS 8 3 300 ( + 20181212121212 20161010101010 48381 example.sec. + ch+jJnF6K4wSqfo0Rg8kNedNkumPgNL96ULu + nqN7R6JA4aZx7wLxFejYWN6ss6aHPFyDMEkT + U8TheY6pBpzD88P7iFhPSjIDI+odzAqsUJGk + CabrMijcDyX6ednOu3JnFUvLr3SS7s2Qvylb + rGVaDLrQDdLJ6oZLMVpGvIIkVFQ5+IP4dhmj + Jb9NvhkEomLQVlWynHVvYCjrR8naPmptKVok + Lymc6BNeYqNJLS7huwcKWrl1B4rJTQL5BeP7 + mRwWxJJoZf4XL7nqO1xiJ5onVTYjunseCBiQ + jPmjCV/8c7/arUYrvL8yaFwi6UaRZ5V2MkuV + qfJhlSQv8Q8CpBUIKw== ) + 300 RRSIG DS 10 3 300 ( + 20181212121212 20161010101010 1862 example.sec. + RfhRZ5IfOTfltrfRj5WG9YZA9V+nbcUdYRLy + Kx+fVPXLQde5rWlATNS8bdxh17H2aWAfbG/q + sF+AePm7aSCXSVHRCCgDe5STbsZCumZPU341 + 0DEx5LEP03YGGMXxu47OjDwFeXmBNY68R1pJ + XZqvTBgcofLFW5lIuzgHOvqAfcfoYfdVMZXN + 5bHGbPOYTxRLzOozvHs+CPrxVAgfkAbisPxh + 9kKT+Y7gzPFEeHv0gn45eyNZYEz0/3u4mL7K + dHN7HWzo40SOjwwfjMaqnBlaFWZr13GWinpQ + tWqhp4cGIQGyhOexh+nw7oZH1fvpEAuMM/Iv + 1EwmI62OiEuAey+onQ== ) + 300 NSEC jumphost.example.sec. NS DS RRSIG NSEC + 300 RRSIG NSEC 5 3 300 ( + 20181212121212 20161010101010 516 example.sec. + B387vqwneeYj2vq2NgMyz7RqY+osCm1GRn9R + dg6ucSC+2siErQ5CHZVw6huRCE3GJrIZeHsB + fehIs0i4Fn3zCHJbn41nbsvCv9lnWvb+x0Zt + RdgcOCaXsZwufczgTCvuzBWv1ujZCoJj4AJm + FFETfNSVwNFoXbr2rljhomm90Hk= ) + 300 RRSIG NSEC 5 3 300 ( + 20181212121212 20161010101010 44427 example.sec. + keFijgNnTGMdfPcoBgTfpklCGxi8kIPvi6z3 + NrLEP5QKq5EXUzN//M+1NlzaczzIHBjPLRcK + vdhMnwU6jwhE9U+/209IolARCahz5C2S7CUc + Uv8nugElFvQkHfZN4zOnMWiTJ/l4MFs9lxt6 + JCBeNOVt1hoETDKgiphHH1lC1sXCcFaeA4su + JCcHy89n1cuR+iirm6yWuclAIvjYsxyJRJTQ + CHDvsKDSt1qlaslstw0jrI3guqxmiUKol7PD + 7+L9MV+VnNwsR6aHu3DuLWRXaMizg+6lTtp4 + ahg4LrhywC41KRCDczMK1ON2emH8uTsJIIc7 + ONkHvohOex/H3C1D8A== ) + 300 RRSIG NSEC 8 3 300 ( + 20181212121212 20161010101010 48381 example.sec. + p3djDh0TA5LBwzPvtBmJZsjlAs6DPdlmBTk5 + ighk6mxU8WuocwwkqbHS686mdrIlaUEMo/oO + RIO4WC+P9jWrkDAFzpYpjqw+zlF/YooKhP3K + qXDUxXHcrPdV1UtEv6iz1ps/1YEbTVwACPZt + Htpzemt+/C2/ZlFr+fuvJqvTkSjA1EuQufX5 + Rjp+gG9iUh3Vw33PutCYaLvSN4ksAWcGb7qv + 9P9xExBSLGPvtDtCOK9Wheu2whVigh0s+m9s + nbDxbUmbK3AuhnETES+tT+JdnI5fz6UzTik7 + e/qHQ4hL2ntopbjdUuxk9K8umzTzSWhf6l17 + CfOBN4w9blpdg+7gtA== ) + 300 RRSIG NSEC 10 3 300 ( + 20181212121212 20161010101010 1862 example.sec. + nFdtbKA6VF4Ong9P6CNqLy7KXtfPkJqlaVHK + 3ANEcVkKqbcYl6oBJY442RHqHpxUdtn8dvKg + xnwePylEozcaY/GI0Oy3bDIcWjFnlIzW04XW + NuellO0OC9vQ+o3AX0wgNZ3lboKNkHHEUTdF + KOD3gX4z0r1A/D9Lh50e1sVgCGwQj7Bp/Nhb + 8m4OU3Kc5UrBOhlS7oC1QWvL2r5HjEcXVCK+ + 7HSPSwM3h88f3DHvN2BpPZJpuro6ZRRitenM + GG9gZwAt5UxiTFFG4DnriPIxhn2SbqRF0vNJ + kwoejT4rTX+/M1Ht4u4e4p3ad/7Vx6rEvlEJ + bvU12qtqXIFOQdAtRw== ) +sha384.example.sec. 300 IN NS ns1.example.sec. + 300 IN NS ns2.example.sec. + 3600 DS 10771 14 4 ( + 72D7B62976CE06438E9C0BF319013CF801F0 + 9ECC84B8D7E9495F27E305C6A9B0563A9B5F + 4D288405C3008A946DF983D6 ) + 3600 RRSIG DS 5 3 3600 ( + 20181212121212 20161010101010 516 example.sec. + pA1orlZuEjb+1rxkN7qvO6gFFg3ebxgM4CqM + TxFhijcBNbdtQ9jR0zOgNgIpb5UsFe0kj//b + +VSKaLT+OtS1bwf5cHvRcgIXGpsTRaGOSEle + bbaw1Wk9h6oALjbZ9vaoYGFas8NeIddklabr + GAcPeJuWdUTlZOPftHhvcKip29s= ) + 3600 RRSIG DS 5 3 3600 ( + 20181212121212 20161010101010 44427 example.sec. + AxvWrRmB91L3EBQaq3IMiAwS1SxB30bbgM+3 + xFL1mb0zNUSwV96VlpHGgw5TX3oEXFl3eUp5 + KYrxzzkxjZEPwNABysgzaju3ovCJ+w4d5mU6 + S0x8mf8HZUOZB0OXqYAeC6Z3B7/cmCfrOCIG + 6i3eKZ2vbBJBhGVUDAeEcHblIgeoutbKTHTW + YM5+zCSHA2FcIBYxyp+aPQiLBnZrKsOAL3bS + hcMiOug8tyBL+qGALIA5BUEViwIYWmDGwRAE + SNmsxFTKFNzov9inzZk7THF1iJfCIFBNSoyg + Wd0V1DDm3IwH2XWeQfGcQjIMpkvvENHeYcXX + 6WeSgcFwCmLysuARAg== ) + 3600 RRSIG DS 8 3 3600 ( + 20181212121212 20161010101010 48381 example.sec. + KDoVg8SMwz86zyQLZY2KzLkFLWPJvni/2BAt + jTRpL93pDxHoOl8jLs8eI8zjmkoNbquKlpNe + +QHFcspLkLUoiNO/PiJej84Ou2H4rykXUOcM + qzk6B7Svy4Iv4eSi6hUUzcWAy3L6jm+fM/Hq + k5SCBMH+mQ4BYmmY0VnRbOefj1kd89S1foSl + NYH+2U9RRmSf0D4eqIO11aq3RUVcQYFMIlWK + r+BjsRcRn1MQhrAKWG/WMkEDWibIYGjMp/Ub + dMRCGA5hIzVrBqy22756enNdRsoYmmiidpTW + yRCk8APk3cPbR6lPtHdpsjS23lV5fzcsUdXB + rwGeYyOe0MNusvJPuw== ) + 3600 RRSIG DS 10 3 3600 ( + 20181212121212 20161010101010 1862 example.sec. + Jgc6PlkpSUz1I2Fj0GRFW3VH19gl7upEMQf8 + 32hoT0X770oyo6NbvmovwMiBibUQAVRkR4vY + R7WlTcCTBn+WS/nueu9/Rdu5BFAT2P5uyDCp + OxPS8aFk3PPYvIJs6T/Q+xkM5lgN7qweljwY + EBRPgOznpUypN1PIMj1k76lLFhDqgjAoTpVd + whnE3mo9sEQRnZtHkGY+5ZcVEjrJzp37/Iie + 0UfoRYTUxtK/Odm7Nks9HmNWo8VxASizLafY + I1ij2YTLjJiEj6a4V5gd89C+gq9y/dfhats4 + /IjF5ImtFpBUGAvQ90+DKCGba1dqKo7+Ub60 + 8bCo75+TZJYiMWzjkw== ) + 300 NSEC lets.introduce.some.empty.terminals.example.sec. NS DS RRSIG NSEC + 300 RRSIG NSEC 5 3 300 ( + 20181212121212 20161010101010 516 example.sec. + qtp/vJ/rxl11yZtvFB1AeRt98JPoEiB7iUo8 + //o1B4DNTdRjUQoUlWXo6qCppHiT6X+X0jBn + QF2SQpvUBuvOu3ycWy3v0nBgVp5ZwdTYb2f9 + hko4c/sxmcFlRTQ6pWEfiCoSUxsuWWucWtiQ + THEZbUy9AInu/nRAfqC/Nke7/eE= ) + 300 RRSIG NSEC 5 3 300 ( + 20181212121212 20161010101010 44427 example.sec. + afbTauPUX2myihkQu0XMw4bUPe67MGI60HGA + ulUmQMgAJTUMdvzsQTj5u+ywfSzJKK2xz+Rn + euiGXw16/O/BbEoNC3O2rsyzRa1d+x467U1r + X4SZx5QhbRSi7BwmRiaUFJH8e5ZQTwMMws7u + fWx5mGFCDTAp+G+lrnDnGB/QD84AS5UqYLi2 + Se+ZQyWH69chcTQEFEyqFXtf90T6sGXiKBG1 + 908uOXbc7bDP6kSSIfbFUebsgut2tOTI3h8r + YkDwCwgDfqSSkc3bqRHqEqiEtuucdBcdtZ4G + V3bo6rVNGGz4b7Ltrij/lsyergKSLxmn6RGw + wDKSoxIN6OBjj1ThhA== ) + 300 RRSIG NSEC 8 3 300 ( + 20181212121212 20161010101010 48381 example.sec. + pam09BNhE3P0spzFLYYr2Cm1vHZ5DXtVQ1cH + fdc09RER//D9pzZjkJFZN1XArmUyyaL2epps + Zi0mIhroiP+98JdhyjLthpgvyl/3pa8ARVjr + /R08qknRfjkyjUBh2/kopZXZ+hEtnuv78dKa + 49lbViT6jbL0giz/uaCdFZo4w8sCCb+FBKW8 + tlDlKTciKiZlmScNDeFNZxk0C07OwJ3zRwkU + F87MgvZ9inslXV4qbbKL92VmF9lK485XLxx1 + LlDTCvDRkWf8m9f4uRI3DHk7cVjJRhu9P9HR + Sihc3gdVqZIt276vlN0DtVnfFLt97s7QNkHa + srPp3F/Q+3pysTfL2Q== ) + 300 RRSIG NSEC 10 3 300 ( + 20181212121212 20161010101010 1862 example.sec. + GtKFam1EVbVXETNxw36NHJLG4czkGlqHbSMz + 6/sGtV1XblNJVFMUXTy5WW31QX5rsYpXHIWZ + XcTsBLAZqLjhxjYKjnXXGgkOQe/ci7EsNG78 + pDO8fDb5CqORIEhcocsoCWXOkHCmopQyXlIv + 4Hk/3SwKxMhJXt0Ox3DFhuduaPT/NHXTUD+u + vxXpZuc6YrxrpDA28slByf5lAJrpgq6s2Q7E + kPcDOAsXmGDmRQvVR1xn0XN+5Pheysxr/zIQ + 9XtN/YUrLn7loSmjS9+3oiDIi1Y6eHnCvQJP + o0pkkTNnEsmUSfVaXdXXkZ47dwuUIw93V/mD + nxxGe2Hc9+F8fRtsaQ== ) diff -pruN 0.8+git20160720-3.2/t/zones/manyerrors.zone 0.8+git20170804-0ubuntu3/t/zones/manyerrors.zone --- 0.8+git20160720-3.2/t/zones/manyerrors.zone 2016-02-04 14:14:15.000000000 +0000 +++ 0.8+git20170804-0ubuntu3/t/zones/manyerrors.zone 2017-08-04 14:27:44.000000000 +0000 @@ -112,6 +112,17 @@ _30._xtp.www IN TLSA ( 0 0 1 d2abde240d7cd3ee6b4b28c54df034b9 7983a1d16e8a410e4561cb106618e9aa ) +; policy bad domain name for SMIMEA +smimea IN SMIMEA ( + 0 0 1 d2abde240d7cd3ee6b4b28c54df034b9 + 7983a1d16e8a410e4561cb106618e9aa ) +93f1e400f26708f98cb19d936620da35eec8f72e57f9eec01c1afd6._smimecert.www IN SMIMEA ( + 0 0 1 d2abde240d7cd3ee6b4b28c54df034b9 + 7983a1d16e8a410e4561cb106618e9aa ) +c93f1e400f26708f98cb19d936620da35eec8f72e57f9eec01c1afd6._xmimecert.www IN SMIMEA ( + 0 0 1 d2abde240d7cd3ee6b4b28c54df034b9 + 7983a1d16e8a410e4561cb106618e9aa ) + outside.org. A 194.28.255.11 long.outside.org. A 194.28.255.11 outsidegalaxyplus.org. A 194.28.255.11 @@ -156,6 +167,37 @@ zzzz5 DNAME a.b.org. ; fine x.y.z.zzzz5 A 5.6.7.8 ; DNAME must not have any children (but z.zzzz5.galaxyplus.org exists) - yuck zzzz6 DNAME x.y.dk. ; fine, no induced error +@ CAA ; CAA flag expected + CAA 0 ; CAA tag expected + CAA 45 ; CAA unrecognized flags value + CAA 0 meow ; CAA unrecognized tag name + CAA 0 x-y ; CAA tag is not valid + CAA 0 auth ; CAA reserved tag name + CAA 0 path ; CAA reserved tag name + CAA 0 policy ; CAA reserved tag name + CAA 0 issue ; CAA missing tag value + CAA 0 issue ";" ; fine + CAA 0 issue ";" blah ; garbage after valid CAA +; commented out things are not validated but probably should be +; CAA 0 issue "hello/world" ; CAA invalid issue domain + CAA 0 issue "example.net" ; fine + CAA 0 issue "example.net ;" ; fine +; CAA 0 issue "example.net ; sometag" ; CAA missing issue parameter value +; CAA 0 issue "example.net ; =sometag" ; CAA missing issue parameter tag +; CAA 0 issue "example.net ; sometag=somevalue othertag=othervalue" ; fine + CAA 0 issuewild ";" ; fine +; CAA 0 issuewild "hello/world" ; CAA invalid issuewild domain + CAA 0 issuewild "example.net" ; fine + CAA 0 issuewild "example.net ;" ; fine +; CAA 0 issuewild "example.net ; sometag" ; CAA missing issuewild parameter value +; CAA 0 issuewild "example.net ; =sometag" ; CAA missing issuewild parameter tag + CAA 0 issuewild "example.net ; sometag=somevalue othertag=othervalue" ; fine +; CAA 0 iodef "hello-world" ; CAA iodef value not a URL +; CAA 0 iodef "hello:world" ; CAA iodef value unrecognized URL + CAA 0 iodef "mailto:tobez@tobez.org" ; fine + CAA 0 iodef "http://example.net" ; fine + CAA 128 iodef "https://example.net" ; fine + @ SOA ns1.catpipe.net. hostmaster.catpipe.net. ( ; skipped again 2011011400 ; Serial 1H ; Refresh diff -pruN 0.8+git20160720-3.2/textparse.c 0.8+git20170804-0ubuntu3/textparse.c --- 0.8+git20160720-3.2/textparse.c 2016-02-04 14:14:15.000000000 +0000 +++ 0.8+git20170804-0ubuntu3/textparse.c 2017-08-04 14:27:44.000000000 +0000 @@ -26,1014 +26,1060 @@ int empty_line_or_comment(char *s) { - while (isspace(*s)) s++; - if (!*s) return 1; - if (*s == ';') return 1; - return 0; + while (isspace(*s)) s++; + if (!*s) return 1; + if (*s == ';') return 1; + return 0; } char *skip_white_space(char *s) { - while (isspace(*s)) s++; - if (*s == ';') { - while (*s) s++; - } - if (*s == 0) { - if (file_info->paren_mode) { - if (read_zone_line()) { - return skip_white_space(file_info->buf); - } else { - return bitch("unexpected end of file"); - } - } - } - if (*s == '(') { - if (file_info->paren_mode) { - return bitch("unexpected opening parenthesis"); - } else { - file_info->paren_mode = 1; - s++; - return skip_white_space(s); - } - } - if (*s == ')') { - if (file_info->paren_mode) { - file_info->paren_mode = 0; - s++; - return skip_white_space(s); - } else { - return bitch("unexpected closing parenthesis"); - } - } - return s; + while (isspace(*s)) s++; + if (*s == ';') { + while (*s) s++; + } + if (*s == 0) { + if (file_info->paren_mode) { + if (read_zone_line()) { + return skip_white_space(file_info->buf); + } else { + return bitch("unexpected end of file"); + } + } + } + if (*s == '(') { + if (file_info->paren_mode) { + return bitch("unexpected opening parenthesis"); + } else { + file_info->paren_mode = 1; + s++; + return skip_white_space(s); + } + } + if (*s == ')') { + if (file_info->paren_mode) { + file_info->paren_mode = 0; + s++; + return skip_white_space(s); + } else { + return bitch("unexpected closing parenthesis"); + } + } + return s; } static char *extract_name_slow(char **input, char *what, int options) { - char buf[1024]; - char *t = buf; - char *s = *input; - int d, l, ol; - - while (1) { - if (isalnum(*s) || *s == '_' || *s == '.' || *s == '-' || *s == '/' || ((options & DOLLAR_OK_IN_NAMES) && *s == '$')) { - if (t-buf >= 1022) - return bitch("name too long"); - *t++ = *s++; - } else if (*s == '\\') { - s++; - if (isdigit(*s)) { - d = *s - '0'; - s++; - if (!isdigit(*s)) - return bitch("bad escape sequence"); - d = d*10 + *s - '0'; - s++; - if (!isdigit(*s)) - return bitch("bad escape sequence"); - d = d*10 + *s - '0'; - s++; - if (d > 255) - return bitch("bad escape sequence"); - if (d == '.') - return bitch("a dot within a label is not currently supported"); - *((unsigned char *)t) = (unsigned char)d; - if (t-buf >= 1022) - return bitch("name too long"); - t++; - } else if (*s == '.') { - return bitch("a dot within a label is not currently supported"); - } else if (*s) { - if (t-buf >= 1022) - return bitch("name too long"); - *t++ = *s++; - } else { - return bitch("backslash in the end of the line not parsable"); - } - } else { - break; - } - } - if (*s && !isspace(*s) && *s != ';' && *s != ')') { - return bitch("%s is not valid", what); - } - *t = '\0'; - - l = strlen(buf); - if (!l) - return bitch("%s should not be empty", what); - - if (buf[l-1] != '.') { - if (!file_info->current_origin) { - return bitch("do not know origin to determine %s", what); - } - ol = strlen(file_info->current_origin); - if (file_info->current_origin[0] == '.') { - if (l + ol >= 1023) - return bitch("name too long"); - strcat(buf, file_info->current_origin); - } else { - if (l + ol >= 1022) - return bitch("name too long"); - strcat(buf, "."); - strcat(buf, file_info->current_origin); - } - } - - t = strchr(buf, '*'); - if (t && (t != buf || t[1] != '.')) - return bitch("%s: bad wildcard", what); - if (buf[0] == '.' && buf[1] != '\0') - return bitch("%s: name cannot start with a dot", what); - if (strstr(buf, "..")) - return bitch("%s: empty label in a name", what); - - *input = skip_white_space(s); - if (!*input) - return NULL; /* bitching's done elsewhere */ - if (!(options & KEEP_CAPITALIZATION)) { - t = buf; - while (*t) { - *t = tolower(*t); - t++; - } - } + char buf[1024]; + char *t = buf; + char *s = *input; + int d, l, ol; + + while (1) { + if (isalnum(*s) || *s == '_' || *s == '.' || *s == '-' || *s == '/' || ((options & DOLLAR_OK_IN_NAMES) && *s == '$')) { + if (t-buf >= 1022) + return bitch("name too long"); + *t++ = *s++; + } else if (*s == '\\') { + s++; + if (isdigit(*s)) { + d = *s - '0'; + s++; + if (!isdigit(*s)) + return bitch("bad escape sequence"); + d = d*10 + *s - '0'; + s++; + if (!isdigit(*s)) + return bitch("bad escape sequence"); + d = d*10 + *s - '0'; + s++; + if (d > 255) + return bitch("bad escape sequence"); + if (d == '.') + return bitch("a dot within a label is not currently supported"); + *((unsigned char *)t) = (unsigned char)d; + if (t-buf >= 1022) + return bitch("name too long"); + t++; + } else if (*s == '.') { + return bitch("a dot within a label is not currently supported"); + } else if (*s) { + if (t-buf >= 1022) + return bitch("name too long"); + *t++ = *s++; + } else { + return bitch("backslash in the end of the line not parsable"); + } + } else { + break; + } + } + if (*s && !isspace(*s) && *s != ';' && *s != ')') { + return bitch("%s is not valid", what); + } + *t = '\0'; + + l = strlen(buf); + if (!l) + return bitch("%s should not be empty", what); + + if (buf[l-1] != '.') { + if (!file_info->current_origin) { + return bitch("do not know origin to determine %s", what); + } + ol = strlen(file_info->current_origin); + if (file_info->current_origin[0] == '.') { + if (l + ol >= 1023) + return bitch("name too long"); + strcat(buf, file_info->current_origin); + } else { + if (l + ol >= 1022) + return bitch("name too long"); + strcat(buf, "."); + strcat(buf, file_info->current_origin); + } + } + + t = strchr(buf, '*'); + if (t && (t != buf || t[1] != '.')) + return bitch("%s: bad wildcard", what); + if (buf[0] == '.' && buf[1] != '\0') + return bitch("%s: name cannot start with a dot", what); + if (strstr(buf, "..")) + return bitch("%s: empty label in a name", what); + + *input = skip_white_space(s); + if (!*input) + return NULL; /* bitching's done elsewhere */ + if (!(options & KEEP_CAPITALIZATION)) { + t = buf; + while (*t) { + *t = tolower(*t); + t++; + } + } - t = quickstrdup(buf); - return t; + t = quickstrdup(buf); + return t; } char *extract_name(char **input, char *what, int options) { - char *s = *input; - char *r = NULL; - char *end = NULL; - char c; - int wildcard = 0; - - if (*s == '@') { - s++; - if (*s && !isspace(*s) && *s != ';' && *s != ')') { - return bitch("literal @ in %s is not all by itself", what); - } - if (!file_info->current_origin) { - return bitch("do not know origin to expand @ in %s", what); - } - r = quickstrdup(file_info->current_origin); - } else { - if (!(isalnum(*s) || *s == '_' || *s == '.' || *s == '/' || ((options & DOLLAR_OK_IN_NAMES) && *s == '$'))) { - if (*s == '*') { - wildcard = 1; - } else { - if (*s == '\\') - return extract_name_slow(input, what, options); - return bitch("%s expected", what); - } - } - s++; - while (isalnum(*s) || *s == '.' || *s == '-' || *s == '_' || *s == '/' || ((options & DOLLAR_OK_IN_NAMES) && *s == '$')) - s++; - if (*s && !isspace(*s) && *s != ';' && *s != ')') { - if (*s == '\\') - return extract_name_slow(input, what, options); - return bitch("%s is not valid", what); - } - if (!*s) end = s; - c = *s; - *s = '\0'; - if (*(s-1) == '.') { - r = quickstrdup(*input); - } else { - if (!file_info->current_origin) { - return bitch("do not know origin to determine %s", what); - } - r = getmem(strlen(*input) + 1 + strlen(file_info->current_origin) + 1); - if (file_info->current_origin[0] == '.') { - strcpy(mystpcpy(r, *input), file_info->current_origin); - } else { - strcpy(mystpcpy(mystpcpy(r, *input), "."), file_info->current_origin); - } - } - *s = c; - } - if (end) { - *input = end; - } else { - *input = skip_white_space(s); - if (!*input) - return NULL; /* bitching's done elsewhere */ - } - if (!(options & KEEP_CAPITALIZATION)) { - s = r; - while (*s) { - *s = tolower(*s); - s++; - } - } - if (wildcard && r[1] != '.') { - return bitch("%s: bad wildcard", what); - } else if (r[0] == '.' && r[1] != '\0') { - return bitch("%s: name cannot start with a dot", what); - } - return r; + char *s = *input; + char *r = NULL; + char *end = NULL; + char c; + int wildcard = 0; + + if (*s == '@') { + s++; + if (*s && !isspace(*s) && *s != ';' && *s != ')') { + return bitch("literal @ in %s is not all by itself", what); + } + if (!file_info->current_origin) { + return bitch("do not know origin to expand @ in %s", what); + } + r = quickstrdup(file_info->current_origin); + } else { + if (!(isalnum(*s) || *s == '_' || *s == '.' || *s == '/' || ((options & DOLLAR_OK_IN_NAMES) && *s == '$'))) { + if (*s == '*') { + wildcard = 1; + } else { + if (*s == '\\') + return extract_name_slow(input, what, options); + return bitch("%s expected", what); + } + } + s++; + while (isalnum(*s) || *s == '.' || *s == '-' || *s == '_' || *s == '/' || ((options & DOLLAR_OK_IN_NAMES) && *s == '$')) + s++; + if (*s && !isspace(*s) && *s != ';' && *s != ')') { + if (*s == '\\') + return extract_name_slow(input, what, options); + return bitch("%s is not valid", what); + } + if (!*s) end = s; + c = *s; + *s = '\0'; + if (*(s-1) == '.') { + r = quickstrdup(*input); + } else { + if (!file_info->current_origin) { + return bitch("do not know origin to determine %s", what); + } + r = getmem(strlen(*input) + 1 + strlen(file_info->current_origin) + 1); + if (file_info->current_origin[0] == '.') { + strcpy(mystpcpy(r, *input), file_info->current_origin); + } else { + strcpy(mystpcpy(mystpcpy(r, *input), "."), file_info->current_origin); + } + } + *s = c; + } + if (end) { + *input = end; + } else { + *input = skip_white_space(s); + if (!*input) + return NULL; /* bitching's done elsewhere */ + } + if (!(options & KEEP_CAPITALIZATION)) { + s = r; + while (*s) { + *s = tolower(*s); + s++; + } + } + if (wildcard && r[1] != '.') { + return bitch("%s: bad wildcard", what); + } else if (r[0] == '.' && r[1] != '\0') { + return bitch("%s: name cannot start with a dot", what); + } + return r; } char *extract_label(char **input, char *what, void *is_temporary) { - char *s = *input; - char *r = NULL; - char *end = NULL; - - if (!isalpha(*s)) { - return bitch("%s expected", what); - } - s++; - while (isalnum(*s)) - s++; - if (*s && !isspace(*s)) { - return bitch("%s is not valid", what); - } - if (!*s) end = s; - *s++ = '\0'; - if (is_temporary) { - r = quickstrdup_temp(*input); - } else { - r = quickstrdup(*input); - } - - if (end) { - *input = end; - } else { - *input = skip_white_space(s); - if (!*input) - return NULL; /* bitching's done elsewhere */ - } - s = r; - while (*s) { - *s = tolower(*s); - s++; - } - return r; + char *s = *input; + char *r = NULL; + char *end = NULL; + + if (!isalpha(*s)) { + return bitch("%s expected", what); + } + s++; + while (isalnum(*s)) + s++; + if (*s && !isspace(*s)) { + return bitch("%s is not valid", what); + } + if (!*s) end = s; + *s++ = '\0'; + if (is_temporary) { + r = quickstrdup_temp(*input); + } else { + r = quickstrdup(*input); + } + + if (end) { + *input = end; + } else { + *input = skip_white_space(s); + if (!*input) + return NULL; /* bitching's done elsewhere */ + } + s = r; + while (*s) { + *s = tolower(*s); + s++; + } + return r; } long long extract_integer(char **input, char *what, const char *extra_delimiters) { - char *s = *input; - long long r = -1; - char *end = NULL; - char c; - - if (!isdigit(*s)) { - bitch("%s expected", what); - return -1; - } - s++; - while (isdigit(*s)) - s++; - if (*s && !isspace(*s) && *s != ';' && *s != ')') { - if (!extra_delimiters || strchr(extra_delimiters, *s) == NULL) { - bitch("%s is not valid", what); - return -1; - } - } - if (!*s) end = s; - c = *s; - *s = '\0'; - r = strtoll(*input, NULL, 10); - *s = c; - - if (end) { - *input = end; - } else { - *input = skip_white_space(s); - if (!*input) - return -1; /* bitching's done elsewhere */ - } - return r; + char *s = *input; + long long r = -1; + char *end = NULL; + char c; + + if (!isdigit(*s)) { + bitch("%s expected", what); + return -1; + } + s++; + while (isdigit(*s)) + s++; + if (*s && !isspace(*s) && *s != ';' && *s != ')') { + if (!extra_delimiters || strchr(extra_delimiters, *s) == NULL) { + bitch("%s is not valid", what); + return -1; + } + } + if (!*s) end = s; + c = *s; + *s = '\0'; + r = strtoll(*input, NULL, 10); + *s = c; + + if (end) { + *input = end; + } else { + *input = skip_white_space(s); + if (!*input) + return -1; /* bitching's done elsewhere */ + } + return r; } int extract_double(char **input, char *what, double *val, int skip_m) { - char *s = *input; - char *end = NULL; - char *stop; - char c; - int saw_m = 0; - - while (isdigit(*s) || *s == '+' || *s == '-' || *s == '.') - s++; - if (*s && !isspace(*s) && *s != ';' && *s != ')') { - if (skip_m && (*s == 'm' || *s == 'M')) { - saw_m = 1; - } else { - bitch("%s is not valid", what); - return -1; - } - } - if (!*s) end = s; - c = *s; - *s = '\0'; - *val = strtod(*input, &stop); - if (*stop != '\0') { - *s = c; - bitch("%s is not valid", what); - return -1; - } - *s = c; - - if (saw_m) { - s++; - if (*s && !isspace(*s) && *s != ';' && *s != ')') { - bitch("%s is not valid", what); - return -1; - } - } - - if (end) { - *input = end; - } else { - *input = skip_white_space(s); - if (!*input) - return -1; /* bitching's done elsewhere */ - } - return 1; + char *s = *input; + char *end = NULL; + char *stop; + char c; + int saw_m = 0; + + while (isdigit(*s) || *s == '+' || *s == '-' || *s == '.') + s++; + if (*s && !isspace(*s) && *s != ';' && *s != ')') { + if (skip_m && (*s == 'm' || *s == 'M')) { + saw_m = 1; + } else { + bitch("%s is not valid", what); + return -1; + } + } + if (!*s) end = s; + c = *s; + *s = '\0'; + *val = strtod(*input, &stop); + if (*stop != '\0') { + *s = c; + bitch("%s is not valid", what); + return -1; + } + *s = c; + + if (saw_m) { + s++; + if (*s && !isspace(*s) && *s != ';' && *s != ')') { + bitch("%s is not valid", what); + return -1; + } + } + + if (end) { + *input = end; + } else { + *input = skip_white_space(s); + if (!*input) + return -1; /* bitching's done elsewhere */ + } + return 1; } long extract_timevalue(char **input, char *what) { - char *s = *input; - int r = 0, acc = 0; + char *s = *input; + int r = 0, acc = 0; - if (!isdigit(*s)) { - bitch("%s expected", what); - return -1; - } + if (!isdigit(*s)) { + bitch("%s expected", what); + return -1; + } next_component: - r = 0; - while (isdigit(*s)) { - r *= 10; - r += *s - '0'; - s++; - } - if (tolower(*s) == 's') { - s++; - } else if (tolower(*s) == 'm') { - r *= 60; - s++; - } else if (tolower(*s) == 'h') { - r *= 3600; - s++; - } else if (tolower(*s) == 'd') { - r *= 86400; - s++; - } else if (tolower(*s) == 'w') { - r *= 604800; - s++; - } - acc += r; - if (isdigit(*s)) goto next_component; - - if (*s && !isspace(*s) && *s != ';' && *s != ')') { - bitch("%s is not valid", what); - return -1; - } - *input = skip_white_space(s); - if (!*input) - return -1; /* bitching's done elsewhere */ - return acc; + r = 0; + while (isdigit(*s)) { + r *= 10; + r += *s - '0'; + s++; + } + if (tolower(*s) == 's') { + s++; + } else if (tolower(*s) == 'm') { + r *= 60; + s++; + } else if (tolower(*s) == 'h') { + r *= 3600; + s++; + } else if (tolower(*s) == 'd') { + r *= 86400; + s++; + } else if (tolower(*s) == 'w') { + r *= 604800; + s++; + } + acc += r; + if (isdigit(*s)) goto next_component; + + if (*s && !isspace(*s) && *s != ';' && *s != ')') { + bitch("%s is not valid", what); + return -1; + } + *input = skip_white_space(s); + if (!*input) + return -1; /* bitching's done elsewhere */ + return acc; } long long extract_timestamp(char **input, char *what) { - char *s = *input; - int year = 0; - int month = 0; - int day = 0; - int hour = 0; - int minute = 0; - int second = 0; - long long epoch = 0; - struct tm tm; - - if (!isdigit(*s)) { - bitch("%s expected", what); - return -1; - } - year = year*10 + *s - '0'; - epoch = epoch*10 + *s - '0'; - s++; - if (!isdigit(*s)) goto looks_like_epoch; - year = year*10 + *s - '0'; - epoch = epoch*10 + *s - '0'; - s++; - if (!isdigit(*s)) goto looks_like_epoch; - year = year*10 + *s - '0'; - epoch = epoch*10 + *s - '0'; - s++; - if (!isdigit(*s)) goto looks_like_epoch; - year = year*10 + *s - '0'; - epoch = epoch*10 + *s - '0'; - s++; - if (!isdigit(*s)) goto looks_like_epoch; - month = month*10 + *s - '0'; - epoch = epoch*10 + *s - '0'; - s++; - if (!isdigit(*s)) goto looks_like_epoch; - month = month*10 + *s - '0'; - epoch = epoch*10 + *s - '0'; - s++; - if (!isdigit(*s)) goto looks_like_epoch; - day = day*10 + *s - '0'; - epoch = epoch*10 + *s - '0'; - s++; - if (!isdigit(*s)) goto looks_like_epoch; - day = day*10 + *s - '0'; - epoch = epoch*10 + *s - '0'; - s++; - if (!isdigit(*s)) goto looks_like_epoch; - hour = hour*10 + *s - '0'; - epoch = epoch*10 + *s - '0'; - s++; - if (!isdigit(*s)) goto looks_like_epoch; - hour = hour*10 + *s - '0'; - epoch = epoch*10 + *s - '0'; - s++; - if (!isdigit(*s)) goto looks_like_epoch; - minute = minute*10 + *s - '0'; - epoch = epoch*10 + *s - '0'; - s++; - if (!isdigit(*s)) goto looks_like_epoch; - minute = minute*10 + *s - '0'; - epoch = epoch*10 + *s - '0'; - s++; - if (!isdigit(*s)) goto looks_like_epoch; - second = second*10 + *s - '0'; - epoch = epoch*10 + *s - '0'; - s++; - if (!isdigit(*s)) goto looks_like_epoch; - second = second*10 + *s - '0'; - epoch = epoch*10 + *s - '0'; - s++; - if (*s && !isspace(*s) && *s != ';' && *s != ')') { - bitch("%s is not valid", what); - return -1; - } - if (second > 60 || minute > 59 || hour > 23 || day < 1 || day > 31 || - month > 12 || year < 1900 || year > 2037) - { - bitch("%s is not valid", what); - return -1; - } - memset(&tm, 0, sizeof(tm)); - tm.tm_sec = second; - tm.tm_min = minute; - tm.tm_hour = hour; - tm.tm_mday = day; - tm.tm_mon = month - 1; - tm.tm_year = year - 1900; - epoch = mktime(&tm); - if (epoch < 0) { - bitch("%s is not valid", what); - return -1; - } + char *s = *input; + int year = 0; + int month = 0; + int day = 0; + int hour = 0; + int minute = 0; + int second = 0; + long long epoch = 0; + struct tm tm; + + if (!isdigit(*s)) { + bitch("%s expected", what); + return -1; + } + year = year*10 + *s - '0'; + epoch = epoch*10 + *s - '0'; + s++; + if (!isdigit(*s)) goto looks_like_epoch; + year = year*10 + *s - '0'; + epoch = epoch*10 + *s - '0'; + s++; + if (!isdigit(*s)) goto looks_like_epoch; + year = year*10 + *s - '0'; + epoch = epoch*10 + *s - '0'; + s++; + if (!isdigit(*s)) goto looks_like_epoch; + year = year*10 + *s - '0'; + epoch = epoch*10 + *s - '0'; + s++; + if (!isdigit(*s)) goto looks_like_epoch; + month = month*10 + *s - '0'; + epoch = epoch*10 + *s - '0'; + s++; + if (!isdigit(*s)) goto looks_like_epoch; + month = month*10 + *s - '0'; + epoch = epoch*10 + *s - '0'; + s++; + if (!isdigit(*s)) goto looks_like_epoch; + day = day*10 + *s - '0'; + epoch = epoch*10 + *s - '0'; + s++; + if (!isdigit(*s)) goto looks_like_epoch; + day = day*10 + *s - '0'; + epoch = epoch*10 + *s - '0'; + s++; + if (!isdigit(*s)) goto looks_like_epoch; + hour = hour*10 + *s - '0'; + epoch = epoch*10 + *s - '0'; + s++; + if (!isdigit(*s)) goto looks_like_epoch; + hour = hour*10 + *s - '0'; + epoch = epoch*10 + *s - '0'; + s++; + if (!isdigit(*s)) goto looks_like_epoch; + minute = minute*10 + *s - '0'; + epoch = epoch*10 + *s - '0'; + s++; + if (!isdigit(*s)) goto looks_like_epoch; + minute = minute*10 + *s - '0'; + epoch = epoch*10 + *s - '0'; + s++; + if (!isdigit(*s)) goto looks_like_epoch; + second = second*10 + *s - '0'; + epoch = epoch*10 + *s - '0'; + s++; + if (!isdigit(*s)) goto looks_like_epoch; + second = second*10 + *s - '0'; + epoch = epoch*10 + *s - '0'; + s++; + if (*s && !isspace(*s) && *s != ';' && *s != ')') { + bitch("%s is not valid", what); + return -1; + } + if (second > 60 || minute > 59 || hour > 23 || day < 1 || day > 31 || + month > 12 || year < 1900 || year > 2037) + { + bitch("%s is not valid", what); + return -1; + } + memset(&tm, 0, sizeof(tm)); + tm.tm_sec = second; + tm.tm_min = minute; + tm.tm_hour = hour; + tm.tm_mday = day; + tm.tm_mon = month - 1; + tm.tm_year = year - 1900; + epoch = mktime(&tm); + if (epoch < 0) { + bitch("%s is not valid", what); + return -1; + } - goto done; + goto done; looks_like_epoch: - if (*s && !isspace(*s) && *s != ';' && *s != ')') { - bitch("%s is not valid", what); - return -1; - } + if (*s && !isspace(*s) && *s != ';' && *s != ')') { + bitch("%s is not valid", what); + return -1; + } done: - *input = skip_white_space(s); - if (!*input) - return -1; /* bitching's done elsewhere */ - return epoch; + *input = skip_white_space(s); + if (!*input) + return -1; /* bitching's done elsewhere */ + return epoch; } int extract_ipv4(char **input, char *what, struct in_addr *addr) { - char *s = *input; - char c; + char *s = *input; + char c; - while (isdigit(*s) || *s == '.') { - s++; - } - if (s == *input) { - bitch("%s is not valid", what); - return -1; - } - if (*s && !isspace(*s) && *s != ';' && *s != ')') { - bitch("%s is not valid", what); - return -1; - } - c = *s; - *s = 0; - if (inet_pton(AF_INET, *input, addr) != 1) { - *s = c; - bitch("cannot parse %s", what); - return -1; - } - *s = c; - *input = skip_white_space(s); - if (!*input) { - return -1; /* bitching's done elsewhere */ - } - return 1; + while (isdigit(*s) || *s == '.') { + s++; + } + if (s == *input) { + bitch("%s is not valid", what); + return -1; + } + if (*s && !isspace(*s) && *s != ';' && *s != ')') { + bitch("%s is not valid", what); + return -1; + } + c = *s; + *s = 0; + if (inet_pton(AF_INET, *input, addr) != 1) { + *s = c; + bitch("cannot parse %s", what); + return -1; + } + *s = c; + *input = skip_white_space(s); + if (!*input) { + return -1; /* bitching's done elsewhere */ + } + return 1; } int extract_ipv6(char **input, char *what, struct in6_addr *addr) { - char *s = *input; - char c; + char *s = *input; + char c; - while (isdigit(*s) || *s == ':' || *s == '.' || - (*s >= 'a' && *s <= 'f') || (*s >= 'A' && *s <= 'F')) - { - s++; - } - if (s == *input) { - bitch("%s is not valid", what); - return -1; - } - if (*s && !isspace(*s) && *s != ';' && *s != ')') { - bitch("%s is not valid", what); - return -1; - } - c = *s; - *s = 0; - if (inet_pton(AF_INET6, *input, addr) != 1) { - *s = c; - bitch("cannot parse %s", what); - return -1; - } - *s = c; - *input = skip_white_space(s); - if (!*input) { - return -1; /* bitching's done elsewhere */ - } - return 1; + while (isdigit(*s) || *s == ':' || *s == '.' || + (*s >= 'a' && *s <= 'f') || (*s >= 'A' && *s <= 'F')) + { + s++; + } + if (s == *input) { + bitch("%s is not valid", what); + return -1; + } + if (*s && !isspace(*s) && *s != ';' && *s != ')') { + bitch("%s is not valid", what); + return -1; + } + c = *s; + *s = 0; + if (inet_pton(AF_INET6, *input, addr) != 1) { + *s = c; + bitch("cannot parse %s", what); + return -1; + } + *s = c; + *input = skip_white_space(s); + if (!*input) { + return -1; /* bitching's done elsewhere */ + } + return 1; } int extract_u64(char **input, char *what, uint64_t *r) { - char *s = *input; - uint8_t result = 0; - unsigned u; - - #define GETHEXBLOCK if (!isxdigit(*s)) { bitch("%s is not valid", what); return -1; } \ - u = 0; \ - while (isxdigit(*s)) { \ - if (isdigit(*s)) { \ - u = (u << 4) | (*s - '0'); \ - } else if (*s >= 'a' && *s <= 'f') { \ - u = (u << 4) | (*s - 'a' + 10); \ - } else { \ - u = (u << 4) | (*s - 'A' + 10); \ - } \ - s++; \ - } \ - if (u > 0xffff) { bitch("%s is not valid, hex out of range", what); return -1; } \ - result = (result << 16) | u; - #define SKIPCOLON if (*s != ':') { bitch("%s is not valid", what); return -1; } s++; - - GETHEXBLOCK; SKIPCOLON; - GETHEXBLOCK; SKIPCOLON; - GETHEXBLOCK; SKIPCOLON; - GETHEXBLOCK; - *r = result; - - #undef GETHEXBLOCK - #undef SKIPCOLON - - if (*s && !isspace(*s) && *s != ';' && *s != ')') { - bitch("%s is not valid", what); - return -1; - } - *input = skip_white_space(s); - if (!*input) { - return -1; /* bitching's done elsewhere */ - } - return 1; + char *s = *input; + uint8_t result = 0; + unsigned u; + + #define GETHEXBLOCK if (!isxdigit(*s)) { bitch("%s is not valid", what); return -1; } \ + u = 0; \ + while (isxdigit(*s)) { \ + if (isdigit(*s)) { \ + u = (u << 4) | (*s - '0'); \ + } else if (*s >= 'a' && *s <= 'f') { \ + u = (u << 4) | (*s - 'a' + 10); \ + } else { \ + u = (u << 4) | (*s - 'A' + 10); \ + } \ + s++; \ + } \ + if (u > 0xffff) { bitch("%s is not valid, hex out of range", what); return -1; } \ + result = (result << 16) | u; + #define SKIPCOLON if (*s != ':') { bitch("%s is not valid", what); return -1; } s++; + + GETHEXBLOCK; SKIPCOLON; + GETHEXBLOCK; SKIPCOLON; + GETHEXBLOCK; SKIPCOLON; + GETHEXBLOCK; + *r = result; + + #undef GETHEXBLOCK + #undef SKIPCOLON + + if (*s && !isspace(*s) && *s != ';' && *s != ')') { + bitch("%s is not valid", what); + return -1; + } + *input = skip_white_space(s); + if (!*input) { + return -1; /* bitching's done elsewhere */ + } + return 1; } struct binary_data bad_binary_data(void) { - struct binary_data r; - r.length = -1; - r.data = NULL; - return r; + struct binary_data r; + r.length = -1; + r.data = NULL; + return r; +} + +void +dump_binary_data(FILE *f, struct binary_data d) +{ + char *s = d.data; + int mem_len = d.length; + int i; + char o[69]; + int pos[] = { 0,3,6,9,12,15,18,21,25,28,31,34,37,40,43,46 }; + char hex[] = "0123456789abcdef"; + + if (mem_len < 0) { + fprintf(f, "\n"); + return; + } + + while (mem_len) { + memset(o, ' ', 67); + o[67] = '\n'; + o[68] = 0; + for (i = 0; i < 16 && mem_len > 0; i++, mem_len--, s++) { + o[pos[i]] = hex[*s >> 4]; + o[pos[i]+1] = hex[*s & 0x0f]; + o[51+i] = isprint(*s) ? *s : '.'; + } + fprintf(f, "%s", o); + } } struct binary_data extract_base64_binary_data(char **input, char *what) { - char b64[4096]; - int l64 = 0; - char *s = *input; - struct binary_data r = bad_binary_data(); - int bl; - - while (s && *s) { - if (!isalnum(*s) && *s != '=' && *s != '+' && *s != '/') { - bitch("%s expected", what); - return r; - } - while (isalnum(*s) || *s == '=' || *s == '+' || *s == '/') { - if (l64 >= 4095) { - bitch("%s is too long", what); - return r; - } - b64[l64++] = *s++; - } - s = skip_white_space(s); - } - *input = s; - if (!s) return r; - b64[l64] = 0; - bl = (l64 * 3 + 3)/4; - r.data = getmem(bl); - r.length = decode_base64(r.data, b64, bl); - if (r.length < 0) { - bitch("error decoding base64 %s", what); - return r; - } - return r; + char b64[4096]; + int l64 = 0; + char *s = *input; + struct binary_data r = bad_binary_data(); + int bl; + + while (s && *s) { + if (!isalnum(*s) && *s != '=' && *s != '+' && *s != '/') { + bitch("%s expected", what); + return r; + } + while (isalnum(*s) || *s == '=' || *s == '+' || *s == '/') { + if (l64 >= 4095) { + bitch("%s is too long", what); + return r; + } + b64[l64++] = *s++; + } + s = skip_white_space(s); + } + *input = s; + if (!s) return r; + b64[l64] = 0; + bl = (l64 * 3 + 3)/4; + r.data = getmem(bl); + r.length = decode_base64(r.data, b64, bl); + if (r.length < 0) { + bitch("error decoding base64 %s", what); + return r; + } + return r; } struct binary_data extract_base32hex_binary_data(char **input, char *what) { - char b32[4096]; - int l32 = 0; - char *s = *input; - struct binary_data r = bad_binary_data(); - int bl; - - while ( - (*s >= 'A' && *s <= 'V') || - (*s >= 'a' && *s <= 'v') || - (*s >= '0' && *s <= '9') || - *s == '=') - { - if (l32 >= 4095) { - bitch("%s is too long", what); - return r; - } - b32[l32++] = *s++; - } - if (l32 <= 0) { - bitch("%s expected", what); - return r; - } - - s = skip_white_space(s); - *input = s; - if (!s) return r; - - b32[l32] = 0; - bl = (l32 * 5 + 7)/8; - r.data = getmem(bl); - r.length = decode_base32hex(r.data, b32, bl); - if (r.length < 0) { - bitch("error decoding base32hex %s", what); - return r; - } - return r; + char b32[4096]; + int l32 = 0; + char *s = *input; + struct binary_data r = bad_binary_data(); + int bl; + + while ( + (*s >= 'A' && *s <= 'V') || + (*s >= 'a' && *s <= 'v') || + (*s >= '0' && *s <= '9') || + *s == '=') + { + if (l32 >= 4095) { + bitch("%s is too long", what); + return r; + } + b32[l32++] = *s++; + } + if (l32 <= 0) { + bitch("%s expected", what); + return r; + } + + s = skip_white_space(s); + *input = s; + if (!s) return r; + + b32[l32] = 0; + bl = (l32 * 5 + 7)/8; + r.data = getmem(bl); + r.length = decode_base32hex(r.data, b32, bl); + if (r.length < 0) { + bitch("error decoding base32hex %s", what); + return r; + } + return r; } struct binary_data extract_text(char **input, char *what) { - char *s = *input; - struct binary_data r = bad_binary_data(); - char *o = getmem_temp(65536); - int l = 0; - int c; - - if (*s != '"') { - while (*s && !isspace(*s)) { - o[l++] = *s++; - } - *input = skip_white_space(s); - if (!*input) - return r; /* bitching's done elsewhere */ - - o[l] = 0; - r.data = getmem(l+1); - r.length = l; - memcpy(r.data, o, l+1); - return r; - } - s++; + char *s = *input; + struct binary_data r = bad_binary_data(); + char *o = getmem_temp(65536); + int l = 0; + int c; + + if (*s != '"') { + while (*s && !isspace(*s)) { + o[l++] = *s++; + } + *input = skip_white_space(s); + if (!*input) + return r; /* bitching's done elsewhere */ + + o[l] = 0; + r.data = getmem(l+1); + r.length = l; + memcpy(r.data, o, l+1); + return r; + } + s++; more_text: - while (*s && *s != '"') { - if (*s == '\\') { - s++; - if (*s == 0) { - bitch("bad backslash quoting of %s", what); - return r; - } else if (isdigit(*s)) { - c = 0; - while (isdigit(*s)) { - c = c*10 + *s - '0'; - s++; - } - o[l++] = (unsigned char)c; - } else { - o[l] = *s; - goto new_char; - } - } else { - o[l] = *s; + while (*s && *s != '"') { + if (*s == '\\') { + s++; + if (*s == 0) { + bitch("bad backslash quoting of %s", what); + return r; + } else if (isdigit(*s)) { + c = 0; + while (isdigit(*s)) { + c = c*10 + *s - '0'; + s++; + } + o[l++] = (unsigned char)c; + } else { + o[l] = *s; + goto new_char; + } + } else { + o[l] = *s; new_char: - if (l >= 65534) { - bitch("%s string too long", what); - return r; - } - l++; - s++; - } - } - if (!*s) { - if (read_zone_line()) { - s = file_info->buf; - goto more_text; - } else { - bitch("closing quote not found while parsing %s", what); - return r; - } - } - s++; - *input = skip_white_space(s); - if (!*input) - return r; /* bitching's done elsewhere */ - - o[l] = 0; - r.data = getmem(l+1); - r.length = l; - memcpy(r.data, o, l+1); - return r; + if (l >= 65534) { + bitch("%s string too long", what); + return r; + } + l++; + s++; + } + } + if (!*s) { + if (read_zone_line()) { + s = file_info->buf; + goto more_text; + } else { + bitch("closing quote not found while parsing %s", what); + return r; + } + } + s++; + *input = skip_white_space(s); + if (!*input) + return r; /* bitching's done elsewhere */ + + o[l] = 0; + r.data = getmem(l+1); + r.length = l; + memcpy(r.data, o, l+1); + return r; } struct binary_data extract_hex_binary_data(char **input, char *what, int eat_whitespace) { - char hex[4096]; - char *s = *input; - struct binary_data r = bad_binary_data(); - int hl, hi, hb; - - hex[0] = '0'; - hl = 1; - - if (s[0] == '0' && (s[1] == 'x' || s[1] == 'X')) - s += 2; - if (eat_whitespace == EXTRACT_DONT_EAT_WHITESPACE) { - while (isxdigit(*s)) { - if (hl >= 4095) { - bitch("%s is too long", what); - return r; - } - hex[hl] = *s; - s++; - hl++; - } - if (*s && !isspace(*s) && *s != ';' && *s != ')') { - bitch("%s is not valid", what); - return r; - } - *input = skip_white_space(s); - } else if (eat_whitespace == EXTRACT_EAT_WHITESPACE) { - while (s && *s) { - if (!isxdigit(*s)) { - bitch("%s expected", what); - return r; - } - while (isxdigit(*s)) { - if (hl >= 4095) { - bitch("%s is too long", what); - return r; - } - hex[hl++] = *s++; - } - s = skip_white_space(s); - } - *input = s; - } else { - bitch("%s: internal: invalid eat_whitespace", what); - } - - if (!*input) - return r; /* bitching's done elsewhere */ - - hb = hl % 2 ? 1 : 0; - if (hb == 0) - bitch("%s: hex data does not represent whole number of bytes", what); - r.data = getmem(hl/2); - r.length = hl/2; - memset(r.data, 0, r.length); - for (hi = 0; hi < hl-hb; hi++) { - r.data[hi/2] <<= 4; - r.data[hi/2] |= 0x0f & (isdigit(hex[hi+hb]) ? hex[hi+hb] - '0' : tolower(hex[hi+hb]) - 'a' + 10); - } - return r; + char hex[4096]; + char *s = *input; + struct binary_data r = bad_binary_data(); + int hl, hi, hb; + + hex[0] = '0'; + hl = 1; + + if (s[0] == '0' && (s[1] == 'x' || s[1] == 'X')) + s += 2; + if (eat_whitespace == EXTRACT_DONT_EAT_WHITESPACE) { + while (isxdigit(*s)) { + if (hl >= 4095) { + bitch("%s is too long", what); + return r; + } + hex[hl] = *s; + s++; + hl++; + } + if (*s && !isspace(*s) && *s != ';' && *s != ')') { + bitch("%s is not valid", what); + return r; + } + *input = skip_white_space(s); + } else if (eat_whitespace == EXTRACT_EAT_WHITESPACE) { + while (s && *s) { + if (!isxdigit(*s)) { + bitch("%s expected", what); + return r; + } + while (isxdigit(*s)) { + if (hl >= 4095) { + bitch("%s is too long", what); + return r; + } + hex[hl++] = *s++; + } + s = skip_white_space(s); + } + *input = s; + } else { + bitch("%s: internal: invalid eat_whitespace", what); + } + + if (!*input) + return r; /* bitching's done elsewhere */ + + hb = hl % 2 ? 1 : 0; + if (hb == 0) + bitch("%s: hex data does not represent whole number of bytes", what); + r.data = getmem(hl/2); + r.length = hl/2; + memset(r.data, 0, r.length); + for (hi = 0; hi < hl-hb; hi++) { + r.data[hi/2] <<= 4; + r.data[hi/2] |= 0x0f & (isdigit(hex[hi+hb]) ? hex[hi+hb] - '0' : tolower(hex[hi+hb]) - 'a' + 10); + } + return r; } struct binary_data new_set(void) { - struct binary_data set; - set.length = 256*(1+1+32); - set.data = getmem_temp(set.length); - memset(set.data, 0, set.length); - return set; + struct binary_data set; + set.length = 256*(1+1+32); + set.data = getmem_temp(set.length); + memset(set.data, 0, set.length); + return set; } void add_bit_to_set(struct binary_data *set, int bit) { - int map; - int map_base; - int byte; - - if (bit < 0 || bit > 65535) - croakx(1, "bitmap index out of range"); - map = bit / 256; - map_base = map*(1+1+32); - set->data[map_base] = map; - bit = bit & 0xff; - byte = bit / 8; - if (set->data[map_base + 1] <= byte) - set->data[map_base + 1] = byte+1; - set->data[map_base + 2 + byte] |= 0x80 >> (bit & 0x07); + int map; + int map_base; + int byte; + + if (bit < 0 || bit > 65535) + croakx(1, "bitmap index out of range"); + map = bit / 256; + map_base = map*(1+1+32); + set->data[map_base] = map; + bit = bit & 0xff; + byte = bit / 8; + if (set->data[map_base + 1] <= byte) + set->data[map_base + 1] = byte+1; + set->data[map_base + 2 + byte] |= 0x80 >> (bit & 0x07); } struct binary_data compressed_set(struct binary_data *set) { - int len = 0; - int map; - int map_base; - struct binary_data r; - - for (map = 0; map <= 255; map++) { - map_base = map*(1+1+32); - if (set->data[map_base+1]) { - len += 2 + set->data[map_base+1]; - } - } - r.length = len; - r.data = getmem(r.length); - len = 0; - for (map = 0; map <= 255; map++) { - map_base = map*(1+1+32); - if (set->data[map_base+1]) { - memcpy(&r.data[len], &set->data[map_base], 2 + set->data[map_base+1]); - len += 2 + set->data[map_base+1]; - } - } - return r; + int len = 0; + int map; + int map_base; + struct binary_data r; + + for (map = 0; map <= 255; map++) { + map_base = map*(1+1+32); + if (set->data[map_base+1]) { + len += 2 + set->data[map_base+1]; + } + } + r.length = len; + r.data = getmem(r.length); + len = 0; + for (map = 0; map <= 255; map++) { + map_base = map*(1+1+32); + if (set->data[map_base+1]) { + memcpy(&r.data[len], &set->data[map_base], 2 + set->data[map_base+1]); + len += 2 + set->data[map_base+1]; + } + } + return r; } struct binary_data compose_binary_data(const char *fmt, int tmp, ...) { - va_list ap; - const char *args; - int sz; - struct binary_data bd; - struct binary_data r; - char *t; - uint8_t b1; - uint16_t b2; - uint32_t b4; - uint64_t b8; - - va_start(ap, tmp); - args = fmt; - sz = 0; - while (*args) { - switch (*args++) { - case '1': - va_arg(ap, unsigned int); - sz += 1; - break; - case '2': - va_arg(ap, unsigned int); - sz += 2; - break; - case '4': - va_arg(ap, unsigned int); - sz += 4; - break; - case '8': - va_arg(ap, uint64_t); - sz += 8; - break; - case 'd': - bd = va_arg(ap, struct binary_data); - sz += bd.length; - break; - case 'b': - bd = va_arg(ap, struct binary_data); - if (bd.length > 255) - croak(5, "compose_binary_data: 'b' data too long"); - sz += bd.length + 1; - break; - case 'B': - bd = va_arg(ap, struct binary_data); - if (bd.length > 65535) - croak(5, "compose_binary_data: 'B' data too long"); - sz += bd.length + 2; - break; - default: - croak(5, "compose_binary_data: bad format"); - } - } - va_end(ap); - - r.length = sz; - r.data = tmp ? getmem_temp(sz) : getmem(sz); - t = r.data; - va_start(ap, tmp); - args = fmt; - while (*args) { - switch (*args++) { - case '1': - b1 = (uint8_t)va_arg(ap, unsigned int); - memcpy(t, &b1, 1); - t += 1; - break; - case '2': - b2 = htons(va_arg(ap, unsigned int)); - memcpy(t, &b2, 2); - t += 2; - break; - case '4': - b4 = htonl(va_arg(ap, unsigned int)); - memcpy(t, &b4, 4); - t += 4; - break; - case '8': - b8 = htonl(va_arg(ap, uint64_t)); - memcpy(t, &b8, 8); - t += 8; - break; - case 'd': - bd = va_arg(ap, struct binary_data); - memcpy(t, bd.data, bd.length); - t += bd.length; - break; - case 'b': - bd = va_arg(ap, struct binary_data); - b1 = (uint8_t)bd.length; - memcpy(t, &b1, 1); - t += 1; - memcpy(t, bd.data, bd.length); - t += bd.length; - break; - case 'B': - bd = va_arg(ap, struct binary_data); - b2 = htons(bd.length); - memcpy(t, &b2, 2); - t += 2; - memcpy(t, bd.data, bd.length); - t += bd.length; - break; - default: - croak(5, "compose_binary_data: bad format"); - } - } - va_end(ap); - return r; + va_list ap; + const char *args; + int sz; + struct binary_data bd; + struct binary_data r; + char *t; + uint8_t b1; + uint16_t b2; + uint32_t b4; + uint64_t b8; + char *bs; + int bsl; + + va_start(ap, tmp); + args = fmt; + sz = 0; + while (*args) { + switch (*args++) { + case '1': + va_arg(ap, unsigned int); + sz += 1; + break; + case '2': + va_arg(ap, unsigned int); + sz += 2; + break; + case '4': + va_arg(ap, unsigned int); + sz += 4; + break; + case '8': + va_arg(ap, uint64_t); + sz += 8; + break; + case 'd': + bd = va_arg(ap, struct binary_data); + sz += bd.length; + break; + case 'b': + bd = va_arg(ap, struct binary_data); + if (bd.length > 255) + croak(5, "compose_binary_data: 'b' data too long"); + sz += bd.length + 1; + break; + case 'B': + bd = va_arg(ap, struct binary_data); + if (bd.length > 65535) + croak(5, "compose_binary_data: 'B' data too long"); + sz += bd.length + 2; + break; + case 's': + bs = va_arg(ap, char *); + bsl = strlen(bs); + if (bsl > 255) + croak(5, "compose_binary_data: 's' string too long"); + sz += bsl + 1; + break; + default: + croak(5, "compose_binary_data: bad format"); + } + } + va_end(ap); + + r.length = sz; + r.data = tmp ? getmem_temp(sz) : getmem(sz); + t = r.data; + va_start(ap, tmp); + args = fmt; + while (*args) { + switch (*args++) { + case '1': + b1 = (uint8_t)va_arg(ap, unsigned int); + memcpy(t, &b1, 1); + t += 1; + break; + case '2': + b2 = htons(va_arg(ap, unsigned int)); + memcpy(t, &b2, 2); + t += 2; + break; + case '4': + b4 = htonl(va_arg(ap, unsigned int)); + memcpy(t, &b4, 4); + t += 4; + break; + case '8': + b8 = htonl(va_arg(ap, uint64_t)); + memcpy(t, &b8, 8); + t += 8; + break; + case 'd': + bd = va_arg(ap, struct binary_data); + memcpy(t, bd.data, bd.length); + t += bd.length; + break; + case 'b': + bd = va_arg(ap, struct binary_data); + b1 = (uint8_t)bd.length; + memcpy(t, &b1, 1); + t += 1; + memcpy(t, bd.data, bd.length); + t += bd.length; + break; + case 'B': + bd = va_arg(ap, struct binary_data); + b2 = htons(bd.length); + memcpy(t, &b2, 2); + t += 2; + memcpy(t, bd.data, bd.length); + t += bd.length; + break; + case 's': + bs = va_arg(ap, char *); + bsl = strlen(bs); + b1 = (uint8_t)bsl; + memcpy(t, &b1, 1); + t += 1; + memcpy(t, bs, bsl); + t += bsl; + break; + default: + croak(5, "compose_binary_data: bad format"); + } + } + va_end(ap); + return r; } /* implementation taken from FreeBSD's libc (minus the __restrict keyword) */ char * mystpcpy(char *to, const char *from) { - for (; (*to = *from); ++from, ++to); - return(to); + for (; (*to = *from); ++from, ++to); + return(to); } size_t mystrlcat(char *dst, const char *src, size_t siz) { - char *d = dst; - const char *s = src; - size_t n = siz; - size_t dlen; - - /* Find the end of dst and adjust bytes left but don't go past end */ - while (n-- != 0 && *d != '\0') - d++; - dlen = d - dst; - n = siz - dlen; - - if (n == 0) - return(dlen + strlen(s)); - while (*s != '\0') { - if (n != 1) { - *d++ = *s; - n--; - } - s++; - } - *d = '\0'; + char *d = dst; + const char *s = src; + size_t n = siz; + size_t dlen; + + /* Find the end of dst and adjust bytes left but don't go past end */ + while (n-- != 0 && *d != '\0') + d++; + dlen = d - dst; + n = siz - dlen; + + if (n == 0) + return(dlen + strlen(s)); + while (*s != '\0') { + if (n != 1) { + *d++ = *s; + n--; + } + s++; + } + *d = '\0'; - return(dlen + (s - src)); /* count does not include NUL */ + return(dlen + (s - src)); /* count does not include NUL */ } diff -pruN 0.8+git20160720-3.2/textparse.h 0.8+git20170804-0ubuntu3/textparse.h --- 0.8+git20160720-3.2/textparse.h 2016-02-04 14:14:15.000000000 +0000 +++ 0.8+git20170804-0ubuntu3/textparse.h 2017-08-04 14:27:44.000000000 +0000 @@ -12,10 +12,12 @@ #include struct binary_data { - int length; - char *data; + int length; + char *data; }; +void dump_binary_data(FILE *f, struct binary_data d); + struct binary_data compose_binary_data(const char *fmt, int tmp, ...); /* * Format: @@ -28,6 +30,9 @@ struct binary_data compose_binary_data(c * B - another binary structure, will incorporate its data, * and prepend the length as a 16-bit word in NBO, * fatal error on overflow + * s - a NULL-terminated string, will incorporate the string + * without the NULL byte, and prepend the string length as a byte + * (fatal error on overflow) * tmp : allocate temp storage if true, permanent if false * */ diff -pruN 0.8+git20160720-3.2/threads.c 0.8+git20170804-0ubuntu3/threads.c --- 0.8+git20160720-3.2/threads.c 2016-02-04 14:14:15.000000000 +0000 +++ 0.8+git20170804-0ubuntu3/threads.c 2017-08-04 14:27:44.000000000 +0000 @@ -7,10 +7,10 @@ #include #endif -/* supposedly, - #if defined(PTW32_VERSION) || defined(__hpux) - return pthread_num_processors_np(); - but I cannot verify that at the moment +/* supposedly, + #if defined(PTW32_VERSION) || defined(__hpux) + return pthread_num_processors_np(); + but I cannot verify that at the moment */ #if defined(__GLIBC__) @@ -18,16 +18,16 @@ int ncpus(void) { return get_nprocs(); } #elif defined(__APPLE__) || defined(__FreeBSD__) int ncpus(void) { - int count; - size_t size=sizeof(count); - return sysctlbyname("hw.ncpu",&count,&size,NULL,0) ? 0 : count; + int count; + size_t size=sizeof(count); + return sysctlbyname("hw.ncpu",&count,&size,NULL,0) ? 0 : count; } #else int ncpus(void) { return 0; } /* "Don't know */ #endif -/* Supposedly, sysconf() can also be used in some cases: - #include - int const count=sysconf(_SC_NPROCESSORS_ONLN); - return (count>0)?count:0; +/* Supposedly, sysconf() can also be used in some cases: + #include + int const count=sysconf(_SC_NPROCESSORS_ONLN); + return (count>0)?count:0; */ diff -pruN 0.8+git20160720-3.2/tlsa.c 0.8+git20170804-0ubuntu3/tlsa.c --- 0.8+git20160720-3.2/tlsa.c 2016-02-04 14:14:15.000000000 +0000 +++ 0.8+git20170804-0ubuntu3/tlsa.c 2017-08-04 14:27:44.000000000 +0000 @@ -21,101 +21,133 @@ /* See http://www.rfc-editor.org/internet-drafts/draft-ietf-dane-protocol-23.txt * for TLSA description. + * See https://tools.ietf.org/html/draft-ietf-dane-smime-16 + * for SMIMEA description. */ -static struct rr* tlsa_parse(char *name, long ttl, int type, char *s) +static struct rr* tlsa_smimea_parse(char *name, long ttl, int type, char *s) { - struct rr_tlsa *rr = getmem(sizeof(*rr)); - int cert_usage, selector, matching_type; + struct rr_tlsa_smimea *rr = getmem(sizeof(*rr)); + int cert_usage, selector, matching_type; - cert_usage = extract_integer(&s, "certificate usage field", NULL); - if (cert_usage < 0) return NULL; - if (cert_usage > 3) - return bitch("bad certificate usage field"); - rr->cert_usage = cert_usage; - - selector = extract_integer(&s, "selector field", NULL); - if (selector < 0) return NULL; - if (selector > 1) - return bitch("bad selector field"); - rr->selector = selector; - - matching_type = extract_integer(&s, "matching type field", NULL); - if (matching_type < 0) return NULL; - if (matching_type > 2) - return bitch("bad matching type field"); - rr->matching_type = matching_type; - - rr->association_data = extract_hex_binary_data(&s, "certificate association data", EXTRACT_EAT_WHITESPACE); - if (rr->association_data.length < 0) return NULL; - switch (rr->matching_type) { - case 1: - if (rr->association_data.length != SHA256_BYTES) - return bitch("bad SHA-256 hash length"); - break; - case 2: - if (rr->association_data.length != SHA512_BYTES) - return bitch("bad SHA-512 hash length"); - break; - } - - if (*s) { - return bitch("garbage after valid TLSA data"); - } - return store_record(type, name, ttl, rr); + cert_usage = extract_integer(&s, "certificate usage field", NULL); + if (cert_usage < 0) return NULL; + if (cert_usage > 3) + return bitch("bad certificate usage field"); + rr->cert_usage = cert_usage; + + selector = extract_integer(&s, "selector field", NULL); + if (selector < 0) return NULL; + if (selector > 1) + return bitch("bad selector field"); + rr->selector = selector; + + matching_type = extract_integer(&s, "matching type field", NULL); + if (matching_type < 0) return NULL; + if (matching_type > 2) + return bitch("bad matching type field"); + rr->matching_type = matching_type; + + rr->association_data = extract_hex_binary_data(&s, "certificate association data", EXTRACT_EAT_WHITESPACE); + if (rr->association_data.length < 0) return NULL; + switch (rr->matching_type) { + case 1: + if (rr->association_data.length != SHA256_BYTES) + return bitch("bad SHA-256 hash length"); + break; + case 2: + if (rr->association_data.length != SHA512_BYTES) + return bitch("bad SHA-512 hash length"); + break; + } + + if (*s) { + return bitch("garbage after valid %s data", type == T_TLSA ? "TLSA" : "SMIMEA"); + } + return store_record(type, name, ttl, rr); } -static char* tlsa_human(struct rr *rrv) +static char* tlsa_smimea_human(struct rr *rrv) { - RRCAST(tlsa); + RRCAST(tlsa_smimea); char s[1024]; snprintf(s, 1024, "%d %d %d ...", - rr->cert_usage, rr->selector, rr->matching_type); + rr->cert_usage, rr->selector, rr->matching_type); return quickstrdup_temp(s); } -static struct binary_data tlsa_wirerdata(struct rr *rrv) +static struct binary_data tlsa_smimea_wirerdata(struct rr *rrv) { - RRCAST(tlsa); + RRCAST(tlsa_smimea); - return compose_binary_data("111d", 1, - rr->cert_usage, rr->selector, rr->matching_type, - rr->association_data); + return compose_binary_data("111d", 1, + rr->cert_usage, rr->selector, rr->matching_type, + rr->association_data); } static void* tlsa_validate_set(struct rr_set *rr_set) { - struct rr *rr; - struct named_rr *named_rr; - char *s; - int port = 0; - int len; - - if (G.opt.policy_checks[POLICY_TLSA_HOST]) { - rr = rr_set->tail; - named_rr = rr_set->named_rr; - - /* _25._tcp.mail.example.com. */ - s = named_rr->name; - if (*s != '_') { + struct rr *rr; + struct named_rr *named_rr; + char *s; + int port = 0; + int len; + + if (G.opt.policy_checks[POLICY_TLSA_HOST]) { + rr = rr_set->tail; + named_rr = rr_set->named_rr; + + /* _25._tcp.mail.example.com. */ + s = named_rr->name; + if (*s != '_') { not_a_prefixed_domain_name: - return moan(rr->file_name, rr->line, "not a proper prefixed DNS domain name"); - } - s++; - while (isdigit(*s)) { - port = port * 10 + *s - '0'; - s++; - } - if (port <= 0 || port > 65535) goto not_a_prefixed_domain_name; - if (*s++ != '.') goto not_a_prefixed_domain_name; - len = strlen(s); - if (len < 6) goto not_a_prefixed_domain_name; - if (memcmp(s, "_tcp.", 5) != 0 && - memcmp(s, "_udp.", 5) != 0 && - memcmp(s, "_sctp.", 6) != 0) goto not_a_prefixed_domain_name; - } - return NULL; + return moan(rr->file_name, rr->line, "not a proper prefixed DNS domain name"); + } + s++; + while (isdigit(*s)) { + port = port * 10 + *s - '0'; + s++; + } + if (port <= 0 || port > 65535) goto not_a_prefixed_domain_name; + if (*s++ != '.') goto not_a_prefixed_domain_name; + len = strlen(s); + if (len < 6) goto not_a_prefixed_domain_name; + if (memcmp(s, "_tcp.", 5) != 0 && + memcmp(s, "_udp.", 5) != 0 && + memcmp(s, "_sctp.", 6) != 0) goto not_a_prefixed_domain_name; + } + return NULL; } -struct rr_methods tlsa_methods = { tlsa_parse, tlsa_human, tlsa_wirerdata, tlsa_validate_set, NULL }; +static void* smimea_validate_set(struct rr_set *rr_set) +{ + struct rr *rr; + struct named_rr *named_rr; + char *s; + int hash_len = 0; + int len; + + if (G.opt.policy_checks[POLICY_SMIMEA_HOST]) { + rr = rr_set->tail; + named_rr = rr_set->named_rr; + + /* c93f1e400f26708f98cb19d936620da35eec8f72e57f9eec01c1afd6._smimecert.example.com. */ + s = named_rr->name; + while (isxdigit(*s)) { + hash_len++; + s++; + } + if (*s++ != '.' || hash_len != 56) { +not_a_proper_smimea_domainname: + return moan(rr->file_name, rr->line, "not a proper domain name for an SMIMEA record"); + } + len = strlen(s); + if (len < 11) goto not_a_proper_smimea_domainname; + if (memcmp(s, "_smimecert.", 11) != 0) goto not_a_proper_smimea_domainname; + } + return NULL; +} + +struct rr_methods tlsa_methods = { tlsa_smimea_parse, tlsa_smimea_human, tlsa_smimea_wirerdata, tlsa_validate_set, NULL }; +struct rr_methods smimea_methods = { tlsa_smimea_parse, tlsa_smimea_human, tlsa_smimea_wirerdata, smimea_validate_set, NULL }; diff -pruN 0.8+git20160720-3.2/txt.c 0.8+git20170804-0ubuntu3/txt.c --- 0.8+git20160720-3.2/txt.c 2016-02-04 14:14:15.000000000 +0000 +++ 0.8+git20170804-0ubuntu3/txt.c 2017-08-04 14:27:44.000000000 +0000 @@ -22,72 +22,72 @@ static struct rr *txt_parse(char *name, long ttl, int type, char *s) { - struct rr_txt *rr; - struct binary_data txt; - struct rr_txt_segment *first = NULL; - struct rr_txt_segment *last = NULL; - struct rr_txt_segment *cur = NULL; - int i; - - i = 0; - while (*s) { - freeall_temp(); - txt = extract_text(&s, "text segment"); - if (txt.length < 0) - return NULL; - if (txt.length > 255) - return bitch("TXT segment too long"); - i++; - cur = getmem(sizeof(*cur)); - cur->txt = txt; - cur->next = NULL; - if (!first) - first = cur; - if (last) - last->next = cur; - last = cur; - } - if (i == 0) - return bitch("empty text record"); - - rr = getmem(sizeof(*rr)); - rr->count = i; - rr->txt = first; + struct rr_txt *rr; + struct binary_data txt; + struct rr_txt_segment *first = NULL; + struct rr_txt_segment *last = NULL; + struct rr_txt_segment *cur = NULL; + int i; + + i = 0; + while (*s) { + freeall_temp(); + txt = extract_text(&s, "text segment"); + if (txt.length < 0) + return NULL; + if (txt.length > 255) + return bitch("TXT segment too long"); + i++; + cur = getmem(sizeof(*cur)); + cur->txt = txt; + cur->next = NULL; + if (!first) + first = cur; + if (last) + last->next = cur; + last = cur; + } + if (i == 0) + return bitch("empty text record"); + + rr = getmem(sizeof(*rr)); + rr->count = i; + rr->txt = first; - return store_record(type, name, ttl, rr); + return store_record(type, name, ttl, rr); } static char* txt_human(struct rr *rrv) { - RRCAST(txt); + RRCAST(txt); char ss[1024]; - char *s = ss; - int l; - struct rr_txt_segment *seg = rr->txt; - - while (seg) { - /* XXX would be nice to escape " with \ in strings */ - l = snprintf(s, 1024-(s-ss), "\"%s\" ", seg->txt.data); - s += l; - seg = seg->next; - } + char *s = ss; + int l; + struct rr_txt_segment *seg = rr->txt; + + while (seg) { + /* XXX would be nice to escape " with \ in strings */ + l = snprintf(s, 1024-(s-ss), "\"%s\" ", seg->txt.data); + s += l; + seg = seg->next; + } return quickstrdup_temp(ss); } static struct binary_data txt_wirerdata(struct rr *rrv) { - RRCAST(txt); - struct binary_data r, t; - struct rr_txt_segment *seg = rr->txt; - - r = bad_binary_data(); - t.length = 0; - t.data = NULL; - while (seg) { - r = compose_binary_data("db", 1, t, seg->txt); - t = r; - seg = seg->next; - } + RRCAST(txt); + struct binary_data r, t; + struct rr_txt_segment *seg = rr->txt; + + r = bad_binary_data(); + t.length = 0; + t.data = NULL; + while (seg) { + r = compose_binary_data("db", 1, t, seg->txt); + t = r; + seg = seg->next; + } return r; } diff -pruN 0.8+git20160720-3.2/usage.mdwn 0.8+git20170804-0ubuntu3/usage.mdwn --- 0.8+git20160720-3.2/usage.mdwn 2016-02-04 14:14:15.000000000 +0000 +++ 0.8+git20170804-0ubuntu3/usage.mdwn 2017-08-04 14:27:44.000000000 +0000 @@ -49,6 +49,7 @@ Coming soon. - rp-txt-exists - tlsa-host - ksk-exists + - smimea-host - all -n *N* @@ -60,7 +61,8 @@ Coming soon. : quiet - do not produce any output -s -: print validation summary/stats +: Print validation summary/stats. + If specified twice, also print record counts by type. -v : be extra verbose @@ -135,6 +137,7 @@ Other basic checks include: a corresponding TXT record if it is within the zone - domain name of a TLSA record must be a proper prefixed DNS name - a KSK key must exist in a signed zone +- domain name must have the form which is proper for an SMIMEA record # BUGS diff -pruN 0.8+git20160720-3.2/validns.1 0.8+git20170804-0ubuntu3/validns.1 --- 0.8+git20160720-3.2/validns.1 2016-02-04 14:14:15.000000000 +0000 +++ 0.8+git20170804-0ubuntu3/validns.1 2017-08-04 14:27:44.000000000 +0000 @@ -55,6 +55,8 @@ tlsa\-host .IP \[bu] 2 ksk\-exists .IP \[bu] 2 +smimea\-host +.IP \[bu] 2 all .RE .TP @@ -71,7 +73,8 @@ quiet \- do not produce any output .RE .TP .B \-s -print validation summary/stats +Print validation summary/stats. +If specified twice, also print record counts by type. .RS .RE .TP @@ -187,6 +190,8 @@ record if it is within the zone domain name of a TLSA record must be a proper prefixed DNS name .IP \[bu] 2 a KSK key must exist in a signed zone +.IP \[bu] 2 +domain name must have the form which is proper for an SMIMEA record .SH BUGS .IP \[bu] 2 textual segments in \f[I]TXT\f[] and \f[I]HINFO\f[] must be enclosed in diff -pruN 0.8+git20160720-3.2/x25.c 0.8+git20170804-0ubuntu3/x25.c --- 0.8+git20160720-3.2/x25.c 2016-02-04 14:14:15.000000000 +0000 +++ 0.8+git20170804-0ubuntu3/x25.c 2017-08-04 14:27:44.000000000 +0000 @@ -23,40 +23,40 @@ static struct rr *x25_parse(char *name, long ttl, int type, char *s) { - struct rr_x25 *rr = getmem(sizeof(*rr)); - int i; + struct rr_x25 *rr = getmem(sizeof(*rr)); + int i; - rr->psdn_address = extract_text(&s, "PSDN-address"); - if (rr->psdn_address.length < 0) - return NULL; - if (rr->psdn_address.length > 255) - return bitch("PSDN-address too long"); - if (rr->psdn_address.length < 4) - return bitch("PSDN-address too short"); - for (i = 0; i < rr->psdn_address.length; i++) { - if (!isdigit(rr->psdn_address.data[i])) - return bitch("PSDN-address contains non-digits"); - } - - if (*s) { - return bitch("garbage after valid X25 data"); - } + rr->psdn_address = extract_text(&s, "PSDN-address"); + if (rr->psdn_address.length < 0) + return NULL; + if (rr->psdn_address.length > 255) + return bitch("PSDN-address too long"); + if (rr->psdn_address.length < 4) + return bitch("PSDN-address too short"); + for (i = 0; i < rr->psdn_address.length; i++) { + if (!isdigit(rr->psdn_address.data[i])) + return bitch("PSDN-address contains non-digits"); + } + + if (*s) { + return bitch("garbage after valid X25 data"); + } - return store_record(type, name, ttl, rr); + return store_record(type, name, ttl, rr); } static char* x25_human(struct rr *rrv) { - RRCAST(x25); + RRCAST(x25); return rr->psdn_address.data; } static struct binary_data x25_wirerdata(struct rr *rrv) { - RRCAST(x25); + RRCAST(x25); - return compose_binary_data("b", 1, rr->psdn_address); + return compose_binary_data("b", 1, rr->psdn_address); } struct rr_methods x25_methods = { x25_parse, x25_human, x25_wirerdata, NULL, NULL };