NSEC3 and multiple key signing support.

Cargo.toml

@@ -74,7 +74,7 @@ zonefile    = ["bytes", "serde", "std"]
 # Unstable features
 unstable-client-transport = ["moka", "net", "tracing"]
 unstable-server-transport = ["arc-swap", "chrono/clock", "libc", "net", "siphasher", "tracing"]
-unstable-sign = ["std", "dep:secrecy", "unstable-validate", "time/formatting"]
+unstable-sign = ["std", "dep:secrecy", "unstable-validate", "time/formatting", "tracing"]
 unstable-stelline = ["tokio/test-util", "tracing", "tracing-subscriber", "tsig", "unstable-client-transport", "unstable-server-transport", "zonefile"]
 unstable-validate = ["bytes", "std", "ring"]
 unstable-validator = ["unstable-validate", "zonefile", "unstable-client-transport"]

Changelog.md

@@ -57,8 +57,6 @@ Other changes
 [#396]: https://github.com/NLnetLabs/domain/pull/396
 [#417]: https://github.com/NLnetLabs/domain/pull/417
 [#421]: https://github.com/NLnetLabs/domain/pull/421
-[#424]: https://github.com/NLnetLabs/domain/pull/424
-[#425]: https://github.com/NLnetLabs/domain/pull/425
 [#427]: https://github.com/NLnetLabs/domain/pull/427
 [#440]: https://github.com/NLnetLabs/domain/pull/440
 [#441]: https://github.com/NLnetLabs/domain/pull/441

examples/client-transports.rs

@@ -1,20 +1,25 @@
-//! Using the `domain::net::client` module for sending a query.
-use domain::base::{MessageBuilder, Name, Rtype};
-use domain::net::client::protocol::{TcpConnect, TlsConnect, UdpConnect};
-use domain::net::client::request::{
-    RequestMessage, RequestMessageMulti, SendRequest,
-};
-use domain::net::client::{
-    cache, dgram, dgram_stream, load_balancer, multi_stream, redundant,
-    stream,
-};
+/// Using the `domain::net::client` module for sending a query.
 use std::net::{IpAddr, SocketAddr};
 use std::str::FromStr;
 #[cfg(feature = "unstable-validator")]
 use std::sync::Arc;
 use std::time::Duration;
 use std::vec::Vec;
 
+use domain::base::MessageBuilder;
+use domain::base::Name;
+use domain::base::Rtype;
+use domain::net::client::cache;
+use domain::net::client::dgram;
+use domain::net::client::dgram_stream;
+use domain::net::client::multi_stream;
+use domain::net::client::protocol::{TcpConnect, TlsConnect, UdpConnect};
+use domain::net::client::redundant;
+use domain::net::client::request::{
+    RequestMessage, RequestMessageMulti, SendRequest,
+};
+use domain::net::client::stream;
+
 #[cfg(feature = "tsig")]
 use domain::net::client::request::SendRequestMulti;
 #[cfg(feature = "tsig")]
@@ -201,9 +206,9 @@ async fn main() {
     });
 
     // Add the previously created transports.
-    redun.add(Box::new(udptcp_conn.clone())).await.unwrap();
-    redun.add(Box::new(tcp_conn.clone())).await.unwrap();
-    redun.add(Box::new(tls_conn.clone())).await.unwrap();
+    redun.add(Box::new(udptcp_conn)).await.unwrap();
+    redun.add(Box::new(tcp_conn)).await.unwrap();
+    redun.add(Box::new(tls_conn)).await.unwrap();
 
     // Start a few queries.
     for i in 1..10 {
@@ -216,37 +221,6 @@ async fn main() {
 
     drop(redun);
 
-    // Create a transport connection for load balanced connections.
-    let (lb, transp) = load_balancer::Connection::new();
-
-    // Start the run function on a separate task.
-    let run_fut = transp.run();
-    tokio::spawn(async move {
-        run_fut.await;
-        println!("load_balancer run terminated");
-    });
-
-    // Add the previously created transports.
-    let mut conn_conf = load_balancer::ConnConfig::new();
-    conn_conf.set_max_burst(Some(10));
-    conn_conf.set_burst_interval(Duration::from_secs(10));
-    lb.add("UDP+TCP", &conn_conf, Box::new(udptcp_conn))
-        .await
-        .unwrap();
-    lb.add("TCP", &conn_conf, Box::new(tcp_conn)).await.unwrap();
-    lb.add("TLS", &conn_conf, Box::new(tls_conn)).await.unwrap();
-
-    // Start a few queries.
-    for i in 1..10 {
-        let mut request = lb.send_request(req.clone());
-        let reply = request.get_response().await;
-        if i == 2 {
-            println!("load_balancer connection reply: {reply:?}");
-        }
-    }
-
-    drop(lb);
-
     // Create a new datagram transport connection. Pass the destination address
     // and port as parameter. This transport does not retry over TCP if the
     // reply is truncated. This transport does not have a separate run

examples/keyset.rs

@@ -1,6 +1,6 @@
 //! Demonstrate the use of key sets.
 use domain::base::Name;
-use domain::sign::keyset::{
+use domain::sign::keys::keyset::{
     Action, Error, KeySet, KeyType, RollType, UnixTime,
 };
 use itertools::{Either, Itertools};

src/base/iana/mod.rs

@@ -35,6 +35,7 @@ pub use self::rcode::{OptRcode, Rcode, TsigRcode};
 pub use self::rtype::Rtype;
 pub use self::secalg::SecAlg;
 pub use self::svcb::SvcParamKey;
+pub use self::zonemd::{ZonemdAlg, ZonemdScheme};
 
 #[macro_use]
 mod macros;
@@ -49,3 +50,4 @@ pub mod rcode;
 pub mod rtype;
 pub mod secalg;
 pub mod svcb;
+pub mod zonemd;

src/base/iana/rtype.rs

@@ -440,4 +440,21 @@ impl Rtype {
     pub fn is_glue(&self) -> bool {
         matches!(*self, Rtype::A | Rtype::AAAA)
     }
+
+    /// Returns true if this record type represents a pseudo-RR.
+    ///
+    /// The term "pseudo-RR" appears in [RFC
+    /// 9499](https://datatracker.ietf.org/doc/rfc9499/) Section 5 "Resource
+    /// Records" as an alias for "meta-RR" and is referenced by [RFC
+    /// 4034](https://datatracker.ietf.org/doc/rfc4034)/) in the context of
+    /// NSEC to denote types that "do not appear in zone data", with [RFC
+    /// 5155](https://datatracker.ietf.org/doc/rfc5155/) having text with
+    /// presumably the same goal but defined in terms of "META-TYPE" and
+    /// "QTYPE", the latter collectively being defined by [RFC
+    /// 2929](https://datatracker.ietf.org/doc/rfc2929/) and later as having
+    /// the decimal range 128 - 255 but with section 3.1 explicitly noting OPT
+    /// (TYPE 41) as an exception.
+    pub fn is_pseudo(&self) -> bool {
+        self.0 == 41 || (self.0 >= 128 && self.0 <= 255)
+    }
 }

src/base/iana/zonemd.rs

@@ -0,0 +1,50 @@
+//! ZONEMD IANA parameters.
+
+//------------ ZonemdScheme --------------------------------------------------
+
+int_enum! {
+    /// ZONEMD schemes.
+    ///
+    /// This type selects the method by which data is collated and presented
+    /// as input to the hashing function for use with [ZONEMD].
+    ///
+    /// For the currently registered values see the [IANA registration]. This
+    /// type is complete as of 2024-11-29.
+    ///
+    /// [ZONEMD]: ../../../rdata/zonemd/index.html
+    /// [IANA registration]: https://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml#zonemd-schemes
+    =>
+    ZonemdScheme, u8;
+
+    /// Specifies that the SIMPLE scheme is used.
+    (SIMPLE => 1, "SIMPLE")
+}
+
+int_enum_str_decimal!(ZonemdScheme, u8);
+int_enum_zonefile_fmt_decimal!(ZonemdScheme, "scheme");
+
+//------------ ZonemdAlg -----------------------------------------------------
+
+int_enum! {
+    /// ZONEMD algorithms.
+    ///
+    /// This type selects the algorithm used to hash domain names for use with
+    /// the [ZONEMD].
+    ///
+    /// For the currently registered values see the [IANA registration]. This
+    /// type is complete as of 2024-11-29.
+    ///
+    /// [ZONEMD]: ../../../rdata/zonemd/index.html
+    /// [IANA registration]: https://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml#zonemd-hash-algorithms
+    =>
+    ZonemdAlg, u8;
+
+    /// Specifies that the SHA-384 algorithm is used.
+    (SHA384 => 1, "SHA384")
+
+    /// Specifies that the SHA-512 algorithm is used.
+    (SHA512 => 2, "SHA512")
+}
+
+int_enum_str_decimal!(ZonemdAlg, u8);
+int_enum_zonefile_fmt_decimal!(ZonemdAlg, "hash algorithm");

src/net/client/mod.rs

@@ -21,10 +21,6 @@
 //!   transport connections. The [redundant] transport favors the connection
 //!   with the lowest response time. Any of the other transports can be added
 //!   as upstream transports.
-//! * [load_balancer] This transport distributes requests over a collecton of
-//!   transport connections. The [load_balancer] transport favors connections
-//!   with the shortest outstanding request queue. Any of the other transports
-//!   can be added as upstream transports.
 //! * [cache] This is a simple message cache provided as a pass through
 //!   transport. The cache works with any of the other transports.
 #![cfg_attr(feature = "tsig", doc = "* [tsig]:")]
@@ -226,7 +222,6 @@
 pub mod cache;
 pub mod dgram;
 pub mod dgram_stream;
-pub mod load_balancer;
 pub mod multi_stream;
 pub mod protocol;
 pub mod redundant;