Add middleware/dnssec (#133)

This adds an online dnssec middleware. The middleware will sign responses on the fly. Negative responses are signed with NSEC black lies.
2025-12-09 03:45:11 -05:00 · 2016-04-26 17:57:11 +01:00
parent 8e6c690484
commit 1aa1a92198
39 changed files with 1206 additions and 144 deletions
--- a/middleware/dnssec/cache.go
+++ b/middleware/dnssec/cache.go
@@ -0,0 +1,23 @@
+package dnssec
+
+import (
+	"hash/fnv"
+	"strconv"
+
+	"github.com/miekg/dns"
+)
+
+// Key serializes the RRset and return a signature cache key.
+func key(rrs []dns.RR) string {
+	h := fnv.New64()
+	buf := make([]byte, 256)
+	for _, r := range rrs {
+		off, err := dns.PackRR(r, buf, 0, nil, false)
+		if err == nil {
+			h.Write(buf[:off])
+		}
+	}
+
+	i := h.Sum64()
+	return strconv.FormatUint(i, 10)
+}