nameser.h revision 1.3
1/* 2 * Copyright (c) 1983, 1989, 1993 3 * The Regents of the University of California. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 3. Neither the name of the University nor the names of its contributors 14 * may be used to endorse or promote products derived from this software 15 * without specific prior written permission. 16 * 17 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 20 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 27 * SUCH DAMAGE. 28 */ 29 30/* 31 * Copyright (c) 2004 by Internet Systems Consortium, Inc. ("ISC") 32 * Copyright (c) 1996-2003 by Internet Software Consortium 33 * 34 * Permission to use, copy, modify, and distribute this software for any 35 * purpose with or without fee is hereby granted, provided that the above 36 * copyright notice and this permission notice appear in all copies. 37 * 38 * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES 39 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 40 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR 41 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 42 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 43 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT 44 * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 45 * 46 * Internet Systems Consortium, Inc. 47 * 950 Charter Street 48 * Redwood City, CA 94063 49 * <info@isc.org> 50 * http://www.isc.org/ 51 */ 52 53/* 54 * $Id: nameser.h,v 1.3 2005/08/11 17:13:26 drochner Exp $ 55 */ 56 57#ifndef _ARPA_NAMESER_H_ 58#define _ARPA_NAMESER_H_ 59 60/* 61 * Revision information. This is the release date in YYYYMMDD format. 62 * It can change every day so the right thing to do with it is use it 63 * in preprocessor commands such as "#if (__NAMESER > 19931104)". Do not 64 * compare for equality; rather, use it to determine whether your libbind.a 65 * contains a new enough lib/nameser/ to support the feature you need. 66 */ 67 68#define __NAMESER 19991006 /* New interface version stamp. */ 69 70/* 71 * Define constants based on RFC 883, RFC 1034, RFC 1035 72 */ 73#define NS_PACKETSZ 512 /* maximum packet size */ 74#define NS_MAXDNAME 1025 /* maximum domain name */ 75#define NS_MAXCDNAME 255 /* maximum compressed domain name */ 76#define NS_MAXLABEL 63 /* maximum length of domain label */ 77#define NS_HFIXEDSZ 12 /* #/bytes of fixed data in header */ 78#define NS_QFIXEDSZ 4 /* #/bytes of fixed data in query */ 79#define NS_RRFIXEDSZ 10 /* #/bytes of fixed data in r record */ 80#define NS_INT32SZ 4 /* #/bytes of data in a u_int32_t */ 81#define NS_INT16SZ 2 /* #/bytes of data in a u_int16_t */ 82#define NS_INT8SZ 1 /* #/bytes of data in a u_int8_t */ 83#define NS_INADDRSZ 4 /* IPv4 T_A */ 84#define NS_IN6ADDRSZ 16 /* IPv6 T_AAAA */ 85#define NS_CMPRSFLGS 0xc0 /* Flag bits indicating name compression. */ 86#define NS_DEFAULTPORT 53 /* For both TCP and UDP. */ 87 88/* 89 * These can be expanded with synonyms, just keep ns_parse.c:ns_parserecord() 90 * in synch with it. 91 */ 92typedef enum __ns_sect { 93 ns_s_qd = 0, /* Query: Question. */ 94 ns_s_zn = 0, /* Update: Zone. */ 95 ns_s_an = 1, /* Query: Answer. */ 96 ns_s_pr = 1, /* Update: Prerequisites. */ 97 ns_s_ns = 2, /* Query: Name servers. */ 98 ns_s_ud = 2, /* Update: Update. */ 99 ns_s_ar = 3, /* Query|Update: Additional records. */ 100 ns_s_max = 4 101} ns_sect; 102 103/* 104 * This is a message handle. It is caller allocated and has no dynamic data. 105 * This structure is intended to be opaque to all but ns_parse.c, thus the 106 * leading _'s on the member names. Use the accessor functions, not the _'s. 107 */ 108typedef struct __ns_msg { 109 const u_int8_t *_msg, *_eom; 110 u_int16_t _id, _flags, _counts[ns_s_max]; 111 const u_int8_t *_sections[ns_s_max]; 112 ns_sect _sect; 113 int _rrnum; 114 const u_int8_t *_ptr; 115} ns_msg; 116 117/* Private data structure - do not use from outside library. */ 118struct _ns_flagdata { int mask, shift; }; 119extern struct _ns_flagdata _ns_flagdata[]; 120 121/* Accessor macros - this is part of the public interface. */ 122#define ns_msg_getflag(handle, flag) ( \ 123 ((handle)._flags & _ns_flagdata[flag].mask) \ 124 >> _ns_flagdata[flag].shift \ 125 ) 126#define ns_msg_id(handle) ((handle)._id + 0) 127#define ns_msg_base(handle) ((handle)._msg + 0) 128#define ns_msg_end(handle) ((handle)._eom + 0) 129#define ns_msg_size(handle) ((handle)._eom - (handle)._msg) 130#define ns_msg_count(handle, section) ((handle)._counts[section] + 0) 131 132/* 133 * This is a parsed record. It is caller allocated and has no dynamic data. 134 */ 135typedef struct __ns_rr { 136 char name[NS_MAXDNAME]; 137 u_int16_t type; 138 u_int16_t rr_class; 139 u_int32_t ttl; 140 u_int16_t rdlength; 141 const u_int8_t *rdata; 142} ns_rr; 143 144/* Accessor macros - this is part of the public interface. */ 145#define ns_rr_name(rr) (((rr).name[0] != '\0') ? (rr).name : ".") 146#define ns_rr_type(rr) ((ns_type)((rr).type + 0)) 147#define ns_rr_class(rr) ((ns_class)((rr).rr_class + 0)) 148#define ns_rr_ttl(rr) ((rr).ttl + 0) 149#define ns_rr_rdlen(rr) ((rr).rdlength + 0) 150#define ns_rr_rdata(rr) ((rr).rdata + 0) 151 152/* 153 * These don't have to be in the same order as in the packet flags word, 154 * and they can even overlap in some cases, but they will need to be kept 155 * in synch with ns_parse.c:ns_flagdata[]. 156 */ 157typedef enum __ns_flag { 158 ns_f_qr, /* Question/Response. */ 159 ns_f_opcode, /* Operation code. */ 160 ns_f_aa, /* Authoritative Answer. */ 161 ns_f_tc, /* Truncation occurred. */ 162 ns_f_rd, /* Recursion Desired. */ 163 ns_f_ra, /* Recursion Available. */ 164 ns_f_z, /* MBZ. */ 165 ns_f_ad, /* Authentic Data (DNSSEC). */ 166 ns_f_cd, /* Checking Disabled (DNSSEC). */ 167 ns_f_rcode, /* Response code. */ 168 ns_f_max 169} ns_flag; 170 171/* 172 * Currently defined opcodes. 173 */ 174typedef enum __ns_opcode { 175 ns_o_query = 0, /* Standard query. */ 176 ns_o_iquery = 1, /* Inverse query (deprecated/unsupported). */ 177 ns_o_status = 2, /* Name server status query (unsupported). */ 178 /* Opcode 3 is undefined/reserved. */ 179 ns_o_notify = 4, /* Zone change notification. */ 180 ns_o_update = 5, /* Zone update message. */ 181 ns_o_max = 6 182} ns_opcode; 183 184/* 185 * Currently defined response codes. 186 */ 187typedef enum __ns_rcode { 188 ns_r_noerror = 0, /* No error occurred. */ 189 ns_r_formerr = 1, /* Format error. */ 190 ns_r_servfail = 2, /* Server failure. */ 191 ns_r_nxdomain = 3, /* Name error. */ 192 ns_r_notimpl = 4, /* Unimplemented. */ 193 ns_r_refused = 5, /* Operation refused. */ 194 /* these are for BIND_UPDATE */ 195 ns_r_yxdomain = 6, /* Name exists */ 196 ns_r_yxrrset = 7, /* RRset exists */ 197 ns_r_nxrrset = 8, /* RRset does not exist */ 198 ns_r_notauth = 9, /* Not authoritative for zone */ 199 ns_r_notzone = 10, /* Zone of record different from zone section */ 200 ns_r_max = 11, 201 /* The following are TSIG extended errors */ 202 ns_r_badsig = 16, 203 ns_r_badkey = 17, 204 ns_r_badtime = 18 205} ns_rcode; 206 207/* BIND_UPDATE */ 208typedef enum __ns_update_operation { 209 ns_uop_delete = 0, 210 ns_uop_add = 1, 211 ns_uop_max = 2 212} ns_update_operation; 213 214/* 215 * This structure is used for TSIG authenticated messages 216 */ 217struct ns_tsig_key { 218 char name[NS_MAXDNAME], alg[NS_MAXDNAME]; 219 unsigned char *data; 220 unsigned len; 221}; 222typedef struct ns_tsig_key ns_tsig_key; 223 224/* 225 * This structure is used for TSIG authenticated TCP messages 226 */ 227struct ns_tcp_tsig_state { 228 int counter; 229 struct dst_key *key; 230 void *ctx; 231 unsigned char sig[NS_PACKETSZ]; 232 unsigned siglen; 233}; 234typedef struct ns_tcp_tsig_state ns_tcp_tsig_state; 235 236#define NS_TSIG_FUDGE 300 237#define NS_TSIG_TCP_COUNT 100 238#define NS_TSIG_ALG_HMAC_MD5 "HMAC-MD5.SIG-ALG.REG.INT" 239 240#define NS_TSIG_ERROR_NO_TSIG -10 241#define NS_TSIG_ERROR_NO_SPACE -11 242#define NS_TSIG_ERROR_FORMERR -12 243 244/* 245 * Currently defined type values for resources and queries. 246 */ 247typedef enum __ns_type { 248 ns_t_invalid = 0, /* Cookie. */ 249 ns_t_a = 1, /* Host address. */ 250 ns_t_ns = 2, /* Authoritative server. */ 251 ns_t_md = 3, /* Mail destination. */ 252 ns_t_mf = 4, /* Mail forwarder. */ 253 ns_t_cname = 5, /* Canonical name. */ 254 ns_t_soa = 6, /* Start of authority zone. */ 255 ns_t_mb = 7, /* Mailbox domain name. */ 256 ns_t_mg = 8, /* Mail group member. */ 257 ns_t_mr = 9, /* Mail rename name. */ 258 ns_t_null = 10, /* Null resource record. */ 259 ns_t_wks = 11, /* Well known service. */ 260 ns_t_ptr = 12, /* Domain name pointer. */ 261 ns_t_hinfo = 13, /* Host information. */ 262 ns_t_minfo = 14, /* Mailbox information. */ 263 ns_t_mx = 15, /* Mail routing information. */ 264 ns_t_txt = 16, /* Text strings. */ 265 ns_t_rp = 17, /* Responsible person. */ 266 ns_t_afsdb = 18, /* AFS cell database. */ 267 ns_t_x25 = 19, /* X_25 calling address. */ 268 ns_t_isdn = 20, /* ISDN calling address. */ 269 ns_t_rt = 21, /* Router. */ 270 ns_t_nsap = 22, /* NSAP address. */ 271 ns_t_nsap_ptr = 23, /* Reverse NSAP lookup (deprecated). */ 272 ns_t_sig = 24, /* Security signature. */ 273 ns_t_key = 25, /* Security key. */ 274 ns_t_px = 26, /* X.400 mail mapping. */ 275 ns_t_gpos = 27, /* Geographical position (withdrawn). */ 276 ns_t_aaaa = 28, /* Ip6 Address. */ 277 ns_t_loc = 29, /* Location Information. */ 278 ns_t_nxt = 30, /* Next domain (security). */ 279 ns_t_eid = 31, /* Endpoint identifier. */ 280 ns_t_nimloc = 32, /* Nimrod Locator. */ 281 ns_t_srv = 33, /* Server Selection. */ 282 ns_t_atma = 34, /* ATM Address */ 283 ns_t_naptr = 35, /* Naming Authority PoinTeR */ 284 ns_t_kx = 36, /* Key Exchange */ 285 ns_t_cert = 37, /* Certification record */ 286 ns_t_a6 = 38, /* IPv6 address (deprecates AAAA) */ 287 ns_t_dname = 39, /* Non-terminal DNAME (for IPv6) */ 288 ns_t_sink = 40, /* Kitchen sink (experimentatl) */ 289 ns_t_opt = 41, /* EDNS0 option (meta-RR) */ 290 ns_t_tsig = 250, /* Transaction signature. */ 291 ns_t_ixfr = 251, /* Incremental zone transfer. */ 292 ns_t_axfr = 252, /* Transfer zone of authority. */ 293 ns_t_mailb = 253, /* Transfer mailbox records. */ 294 ns_t_maila = 254, /* Transfer mail agent records. */ 295 ns_t_any = 255, /* Wildcard match. */ 296 ns_t_zxfr = 256, /* BIND-specific, nonstandard. */ 297 ns_t_max = 65536 298} ns_type; 299 300/* Exclusively a QTYPE? (not also an RTYPE) */ 301#define ns_t_qt_p(t) (ns_t_xfr_p(t) || (t) == ns_t_any || \ 302 (t) == ns_t_mailb || (t) == ns_t_maila) 303/* Some kind of meta-RR? (not a QTYPE, but also not an RTYPE) */ 304#define ns_t_mrr_p(t) ((t) == ns_t_tsig || (t) == ns_t_opt) 305/* Exclusively an RTYPE? (not also a QTYPE or a meta-RR) */ 306#define ns_t_rr_p(t) (!ns_t_qt_p(t) && !ns_t_mrr_p(t)) 307#define ns_t_udp_p(t) ((t) != ns_t_axfr && (t) != ns_t_zxfr) 308#define ns_t_xfr_p(t) ((t) == ns_t_axfr || (t) == ns_t_ixfr || \ 309 (t) == ns_t_zxfr) 310 311/* 312 * Values for class field 313 */ 314typedef enum __ns_class { 315 ns_c_invalid = 0, /* Cookie. */ 316 ns_c_in = 1, /* Internet. */ 317 ns_c_2 = 2, /* unallocated/unsupported. */ 318 ns_c_chaos = 3, /* MIT Chaos-net. */ 319 ns_c_hs = 4, /* MIT Hesiod. */ 320 /* Query class values which do not appear in resource records */ 321 ns_c_none = 254, /* for prereq. sections in update requests */ 322 ns_c_any = 255, /* Wildcard match. */ 323 ns_c_max = 65536 324} ns_class; 325 326/* DNSSEC constants. */ 327 328typedef enum __ns_key_types { 329 ns_kt_rsa = 1, /* key type RSA/MD5 */ 330 ns_kt_dh = 2, /* Diffie Hellman */ 331 ns_kt_dsa = 3, /* Digital Signature Standard (MANDATORY) */ 332 ns_kt_private = 254 /* Private key type starts with OID */ 333} ns_key_types; 334 335typedef enum __ns_cert_types { 336 cert_t_pkix = 1, /* PKIX (X.509v3) */ 337 cert_t_spki = 2, /* SPKI */ 338 cert_t_pgp = 3, /* PGP */ 339 cert_t_url = 253, /* URL private type */ 340 cert_t_oid = 254 /* OID private type */ 341} ns_cert_types; 342 343/* Flags field of the KEY RR rdata. */ 344#define NS_KEY_TYPEMASK 0xC000 /* Mask for "type" bits */ 345#define NS_KEY_TYPE_AUTH_CONF 0x0000 /* Key usable for both */ 346#define NS_KEY_TYPE_CONF_ONLY 0x8000 /* Key usable for confidentiality */ 347#define NS_KEY_TYPE_AUTH_ONLY 0x4000 /* Key usable for authentication */ 348#define NS_KEY_TYPE_NO_KEY 0xC000 /* No key usable for either; no key */ 349/* The type bits can also be interpreted independently, as single bits: */ 350#define NS_KEY_NO_AUTH 0x8000 /* Key unusable for authentication */ 351#define NS_KEY_NO_CONF 0x4000 /* Key unusable for confidentiality */ 352#define NS_KEY_RESERVED2 0x2000 /* Security is *mandatory* if bit=0 */ 353#define NS_KEY_EXTENDED_FLAGS 0x1000 /* reserved - must be zero */ 354#define NS_KEY_RESERVED4 0x0800 /* reserved - must be zero */ 355#define NS_KEY_RESERVED5 0x0400 /* reserved - must be zero */ 356#define NS_KEY_NAME_TYPE 0x0300 /* these bits determine the type */ 357#define NS_KEY_NAME_USER 0x0000 /* key is assoc. with user */ 358#define NS_KEY_NAME_ENTITY 0x0200 /* key is assoc. with entity eg host */ 359#define NS_KEY_NAME_ZONE 0x0100 /* key is zone key */ 360#define NS_KEY_NAME_RESERVED 0x0300 /* reserved meaning */ 361#define NS_KEY_RESERVED8 0x0080 /* reserved - must be zero */ 362#define NS_KEY_RESERVED9 0x0040 /* reserved - must be zero */ 363#define NS_KEY_RESERVED10 0x0020 /* reserved - must be zero */ 364#define NS_KEY_RESERVED11 0x0010 /* reserved - must be zero */ 365#define NS_KEY_SIGNATORYMASK 0x000F /* key can sign RR's of same name */ 366#define NS_KEY_RESERVED_BITMASK ( NS_KEY_RESERVED2 | \ 367 NS_KEY_RESERVED4 | \ 368 NS_KEY_RESERVED5 | \ 369 NS_KEY_RESERVED8 | \ 370 NS_KEY_RESERVED9 | \ 371 NS_KEY_RESERVED10 | \ 372 NS_KEY_RESERVED11 ) 373#define NS_KEY_RESERVED_BITMASK2 0xFFFF /* no bits defined here */ 374 375/* The Algorithm field of the KEY and SIG RR's is an integer, {1..254} */ 376#define NS_ALG_MD5RSA 1 /* MD5 with RSA */ 377#define NS_ALG_DH 2 /* Diffie Hellman KEY */ 378#define NS_ALG_DSA 3 /* DSA KEY */ 379#define NS_ALG_DSS NS_ALG_DSA 380#define NS_ALG_EXPIRE_ONLY 253 /* No alg, no security */ 381#define NS_ALG_PRIVATE_OID 254 /* Key begins with OID giving alg */ 382 383/* Protocol values */ 384/* value 0 is reserved */ 385#define NS_KEY_PROT_TLS 1 386#define NS_KEY_PROT_EMAIL 2 387#define NS_KEY_PROT_DNSSEC 3 388#define NS_KEY_PROT_IPSEC 4 389#define NS_KEY_PROT_ANY 255 390 391/* Signatures */ 392#define NS_MD5RSA_MIN_BITS 512 /* Size of a mod or exp in bits */ 393#define NS_MD5RSA_MAX_BITS 2552 394 /* Total of binary mod and exp */ 395#define NS_MD5RSA_MAX_BYTES ((NS_MD5RSA_MAX_BITS+7/8)*2+3) 396 /* Max length of text sig block */ 397#define NS_MD5RSA_MAX_BASE64 (((NS_MD5RSA_MAX_BYTES+2)/3)*4) 398#define NS_MD5RSA_MIN_SIZE ((NS_MD5RSA_MIN_BITS+7)/8) 399#define NS_MD5RSA_MAX_SIZE ((NS_MD5RSA_MAX_BITS+7)/8) 400 401#define NS_DSA_SIG_SIZE 41 402#define NS_DSA_MIN_SIZE 213 403#define NS_DSA_MAX_BYTES 405 404 405/* Offsets into SIG record rdata to find various values */ 406#define NS_SIG_TYPE 0 /* Type flags */ 407#define NS_SIG_ALG 2 /* Algorithm */ 408#define NS_SIG_LABELS 3 /* How many labels in name */ 409#define NS_SIG_OTTL 4 /* Original TTL */ 410#define NS_SIG_EXPIR 8 /* Expiration time */ 411#define NS_SIG_SIGNED 12 /* Signature time */ 412#define NS_SIG_FOOT 16 /* Key footprint */ 413#define NS_SIG_SIGNER 18 /* Domain name of who signed it */ 414 415/* How RR types are represented as bit-flags in NXT records */ 416#define NS_NXT_BITS 8 417#define NS_NXT_BIT_SET( n,p) (p[(n)/NS_NXT_BITS] |= (0x80>>((n)%NS_NXT_BITS))) 418#define NS_NXT_BIT_CLEAR(n,p) (p[(n)/NS_NXT_BITS] &= ~(0x80>>((n)%NS_NXT_BITS))) 419#define NS_NXT_BIT_ISSET(n,p) (p[(n)/NS_NXT_BITS] & (0x80>>((n)%NS_NXT_BITS))) 420#define NS_NXT_MAX 127 421 422/* 423 * Inline versions of get/put short/long. Pointer is advanced. 424 */ 425#define NS_GET16(s, cp) do { \ 426 register u_int8_t *t_cp = (u_int8_t *)(cp); \ 427 (s) = ((u_int16_t)t_cp[0] << 8) \ 428 | ((u_int16_t)t_cp[1]) \ 429 ; \ 430 (cp) += NS_INT16SZ; \ 431} while (0) 432 433#define NS_GET32(l, cp) do { \ 434 register u_int8_t *t_cp = (u_int8_t *)(cp); \ 435 (l) = ((u_int32_t)t_cp[0] << 24) \ 436 | ((u_int32_t)t_cp[1] << 16) \ 437 | ((u_int32_t)t_cp[2] << 8) \ 438 | ((u_int32_t)t_cp[3]) \ 439 ; \ 440 (cp) += NS_INT32SZ; \ 441} while (0) 442 443#define NS_PUT16(s, cp) do { \ 444 register u_int16_t t_s = (u_int16_t)(s); \ 445 register u_int8_t *t_cp = (u_int8_t *)(cp); \ 446 *t_cp++ = t_s >> 8; \ 447 *t_cp = t_s; \ 448 (cp) += NS_INT16SZ; \ 449} while (0) 450 451#define NS_PUT32(l, cp) do { \ 452 register u_int32_t t_l = (u_int32_t)(l); \ 453 register u_int8_t *t_cp = (u_int8_t *)(cp); \ 454 *t_cp++ = t_l >> 24; \ 455 *t_cp++ = t_l >> 16; \ 456 *t_cp++ = t_l >> 8; \ 457 *t_cp = t_l; \ 458 (cp) += NS_INT32SZ; \ 459} while (0) 460 461#include <arpa/nameser_compat.h> 462 463#endif /* !_ARPA_NAMESER_H_ */ 464