mDNSMacOSX/dnssec_v2/dnssec_v2_embedded.h

   1 //
   2 //  dnssec_v2_embedded.h
   3 //  mDNSResponder
   4 //
   5 //  Copyright (c) 2020 Apple Inc. All rights reserved.
   6 //
   7
   8 #ifndef DNSSEC_v2_EMBEDDED_H
   9 #define DNSSEC_v2_EMBEDDED_H
  10
  11 // These embedded structure is used in mDNSEmbedded.h, which is a base header file.
  12 #pragma mark - structures
  13
  14 typedef struct dnssec_status dnssec_status_t;
  15 struct dnssec_status {
  16         uint8_t enable_dnssec;                          // indicate if mDNSResponder should do DNSSEC validation for the current question
  17         uint8_t tried_dnssec_but_unsigned;      // if a question does not enable DNSSEC but this boolean is set, it means the question that enables DNSSEC validation is restarted
  18         void *  context;                                        // dnssec_context_t
  19 };
  20
  21 typedef enum dnssec_result {
  22         dnssec_indeterminate = 0,       // make dnssec_indeterminate as default so the uninitialized dnssec_result_t that usually has no data in it will yeild dnssec_indeterminate
  23         dnssec_secure,                          // The answer returned to the user call back function is secure and validated through DNSSEC, and can be trusted.
  24         dnssec_insecure,                        // The answer provided by the authority server is not signed by the zone, thus we are unable to validate, when it happens the unsigned answer will be returned with dnssec_insecure.
  25         dnssec_bogus                            // The answer provided by the authority server has records to do the DNSSEC validation, but the validation fails for some reason, which may indicate an attack from network.
  26 } dnssec_result_t;
  27
  28 #endif /* DNSSEC_v2_EMBEDDED_H */