Lines Matching defs:rr
1730 static int dns_transaction_is_primary_response(DnsTransaction *t, DnsResourceRecord *rr) {
1734 assert(rr);
1740 r = dns_resource_key_match_rr(t->key, rr, NULL);
1744 return dns_resource_key_match_cname_or_dname(t->key, rr->key, NULL);
1786 DnsResourceRecord *rr;
1813 DNS_ANSWER_FOREACH(rr, t->answer) {
1815 if (dns_type_is_pseudo(rr->key->type))
1819 r = dns_transaction_negative_trust_anchor_lookup(t, DNS_RESOURCE_KEY_NAME(rr->key));
1825 switch (rr->key->type) {
1835 if (rr->rrsig.type_covered == DNS_TYPE_DNSKEY) {
1836 r = dns_name_equal(rr->rrsig.signer, DNS_RESOURCE_KEY_NAME(rr->key));
1854 r = dns_name_endswith(DNS_RESOURCE_KEY_NAME(t->key), rr->rrsig.signer);
1860 dnskey = dns_resource_key_new(rr->key->class, DNS_TYPE_DNSKEY, rr->rrsig.signer);
1864 log_debug("Requesting DNSKEY to validate transaction %" PRIu16" (%s, RRSIG with key tag: %" PRIu16 ").", t->id, DNS_RESOURCE_KEY_NAME(rr->key), rr->rrsig.key_tag);
1882 r = dns_name_endswith(DNS_RESOURCE_KEY_NAME(t->key), DNS_RESOURCE_KEY_NAME(rr->key));
1888 ds = dns_resource_key_new(rr->key->class, DNS_TYPE_DS, DNS_RESOURCE_KEY_NAME(rr->key));
1892 log_debug("Requesting DS to validate transaction %" PRIu16" (%s, DNSKEY with key tag: %" PRIu16 ").", t->id, DNS_RESOURCE_KEY_NAME(rr->key), dnssec_keytag(rr, false));
1911 r = dns_resource_key_match_rr(t->key, rr, NULL);
1917 r = dnssec_has_rrsig(t->answer, rr->key);
1923 ds = dns_resource_key_new(rr->key->class, DNS_TYPE_DS, DNS_RESOURCE_KEY_NAME(rr->key));
1927 log_debug("Requesting DS to validate transaction %" PRIu16 " (%s, unsigned SOA/NS RRset).", t->id, DNS_RESOURCE_KEY_NAME(rr->key));
1951 r = dns_transaction_is_primary_response(t, rr);
1957 r = dnssec_has_rrsig(t->answer, rr->key);
1963 r = dns_answer_has_dname_for_cname(t->answer, rr);
1969 name = DNS_RESOURCE_KEY_NAME(rr->key);
1976 soa = dns_resource_key_new(rr->key->class, DNS_TYPE_SOA, name);
1980 log_debug("Requesting parent SOA to validate transaction %" PRIu16 " (%s, unsigned CNAME/DNAME/DS RRset).", t->id, DNS_RESOURCE_KEY_NAME(rr->key));
1998 r = dns_transaction_is_primary_response(t, rr);
2004 r = dnssec_has_rrsig(t->answer, rr->key);
2010 soa = dns_resource_key_new(rr->key->class, DNS_TYPE_SOA, DNS_RESOURCE_KEY_NAME(rr->key));
2014 log_debug("Requesting SOA to validate transaction %" PRIu16 " (%s, unsigned non-SOA/NS RRset <%s>).", t->id, DNS_RESOURCE_KEY_NAME(rr->key), dns_resource_record_to_string(rr));
2080 DnsResourceRecord *rr;
2089 DNS_ANSWER_FOREACH_IFINDEX(rr, ifindex, t->answer) {
2091 r = dnssec_verify_dnskey_by_ds_search(rr, t->validated_keys);
2098 r = dns_answer_add_extend(&t->validated_keys, rr, ifindex, DNS_ANSWER_AUTHENTICATED);
2106 static int dns_transaction_requires_rrsig(DnsTransaction *t, DnsResourceRecord *rr) {
2110 assert(rr);
2118 if (dns_type_is_pseudo(rr->key->type))
2121 r = dns_transaction_negative_trust_anchor_lookup(t, DNS_RESOURCE_KEY_NAME(rr->key));
2127 switch (rr->key->type) {
2142 if (dt->key->class != rr->key->class)
2147 r = dns_name_equal(DNS_RESOURCE_KEY_NAME(dt->key), DNS_RESOURCE_KEY_NAME(rr->key));
2184 if (dt->key->class != rr->key->class)
2190 parent = DNS_RESOURCE_KEY_NAME(rr->key);
2195 if (rr->key->type == DNS_TYPE_DS)
2224 if (dt->key->class != rr->key->class)
2229 r = dns_name_equal(DNS_RESOURCE_KEY_NAME(dt->key), DNS_RESOURCE_KEY_NAME(rr->key));
2384 static int dns_transaction_dnskey_authenticated(DnsTransaction *t, DnsResourceRecord *rr) {
2393 r = dns_transaction_negative_trust_anchor_lookup(t, DNS_RESOURCE_KEY_NAME(rr->key));
2403 r = dnssec_key_match_rrsig(rr->key, rrsig);
2411 if (dt->key->class != rr->key->class)
2455 static int dns_transaction_known_signed(DnsTransaction *t, DnsResourceRecord *rr) {
2457 assert(rr);
2462 return rr->key->class == DNS_CLASS_IN &&
2463 dns_name_is_root(DNS_RESOURCE_KEY_NAME(rr->key));
2467 DnsResourceRecord *rr;
2477 DNS_ANSWER_FOREACH(rr, t->answer) {
2478 r = dns_trust_anchor_check_revoked(&t->scope->manager->trust_anchor, rr, t->answer);
2496 DnsResourceRecord *rr;
2500 DNS_ANSWER_FOREACH(rr, t->validated_keys) {
2501 r = dns_trust_anchor_is_revoked(&t->scope->manager->trust_anchor, rr);
2505 r = dns_answer_remove_by_rr(&t->validated_keys, rr);
2551 DnsResourceRecord *rr;
2617 DNS_ANSWER_FOREACH(rr, t->answer) {
2621 switch (rr->key->type) {
2650 r = dnssec_verify_rrset_search(t->answer, rr->key, t->validated_keys, USEC_INFINITY, &result, &rrsig);
2654 log_debug("Looking at %s: %s", strna(dns_resource_record_to_string(rr)), dnssec_result_to_string(result));
2658 if (rr->key->type == DNS_TYPE_DNSKEY) {
2665 r = dns_answer_copy_by_key(&t->validated_keys, t->answer, rr->key, DNS_ANSWER_AUTHENTICATED);
2683 r = dns_answer_move_by_key(&validated, &t->answer, rr->key, DNS_ANSWER_AUTHENTICATED|DNS_ANSWER_CACHEABLE);
2687 manager_dnssec_verdict(t->scope->manager, DNSSEC_SECURE, rr->key);
2714 DNS_RESOURCE_KEY_NAME(rr->key),
2723 r = dns_answer_move_by_key(&validated, &t->answer, rr->key, authenticated ? (DNS_ANSWER_AUTHENTICATED|DNS_ANSWER_CACHEABLE) : 0);
2727 manager_dnssec_verdict(t->scope->manager, authenticated ? DNSSEC_SECURE : DNSSEC_INSECURE, rr->key);
2736 r = dns_transaction_requires_rrsig(t, rr);
2742 r = dns_answer_move_by_key(&validated, &t->answer, rr->key, 0);
2746 manager_dnssec_verdict(t->scope->manager, DNSSEC_INSECURE, rr->key);
2751 r = dns_transaction_known_signed(t, rr);
2764 r = dns_answer_move_by_key(&validated, &t->answer, rr->key, 0);
2768 manager_dnssec_verdict(t->scope->manager, DNSSEC_INSECURE, rr->key);
2778 r = dns_transaction_in_private_tld(t, rr->key);
2787 (void) dns_resource_key_to_string(rr->key, &s);
2790 r = dns_answer_move_by_key(&validated, &t->answer, rr->key, 0);
2794 manager_dnssec_verdict(t->scope->manager, DNSSEC_INSECURE, rr->key);
2805 r = dns_transaction_dnskey_authenticated(t, rr);
2812 r = dns_answer_move_by_key(&validated, &t->answer, rr->key, 0);
2816 manager_dnssec_verdict(t->scope->manager, DNSSEC_INSECURE, rr->key);
2822 r = dns_transaction_is_primary_response(t, rr);
2828 r = dns_answer_has_dname_for_cname(t->answer, rr);
2833 r = dns_answer_has_dname_for_cname(validated, rr);
2843 manager_dnssec_verdict(t->scope->manager, DNSSEC_BOGUS, rr->key);
2845 manager_dnssec_verdict(t->scope->manager, DNSSEC_INDETERMINATE, rr->key);
2858 r = dns_answer_remove_by_key(&t->answer, rr->key);
3014 [DNS_TRANSACTION_RR_TYPE_UNSUPPORTED] = "rr-type-unsupported",