Don't sign data we are not authoritative for. This adds an AuthWalk
which skips names we should not authoritative for. Adds a few tests to
check this is the case. Generates zones have been compared to
dnssec-signzone.
A number of changes have been made:
* don't add DS records to the apex
* NSEC TTL is the SOA's minttl value (copying bind9)
* Various cleanups
* signer struct was cleaned up: doesn't need ttl, nor expiration or
inception.
* plugin/sign: remove apex stuff from names()
This is never used because we will always have other types in the
apex, because we *ADD* them ourselves, before we sign (DNSKEY, CDS and
CDNSKEY).
Signed-off-by: Miek Gieben <miek@miek.nl>
Co-Authored-By: Chris O'Haver <cohaver@infoblox.com>
* plugin/file: Rename do to walk, cleanup and document
* This renames Do to Walk to be more inline with Go standards. Also make
it return an error instead of a bool.
Also give give walk access to rrs. Alternatively e.m could be
exported, but just access the map of rrs should work as well. Another
alternative would be adding a whole bunch of helper functions, but
those need grab and return the data. Just having access to the rrs
should be easiest for most Walks.
* It adds Type and TypeForWildcard to show the different functions
* *Removes* the identical RR check when inserting; this was only done
for A, AAAA and MX and not finished; removed under the mantra garbage
in garbage out.
* Reuses Types to return all the types in an *tree.Elem
Signed-off-by: Miek Gieben <miek@miek.nl>
* better comments
Signed-off-by: Miek Gieben <miek@miek.nl>
