.ad l
.TH ldns 3 "30 May 2006"
.SH NAME
ldns_dnssec_zone_sign, ldns_dnssec_zone_sign_nsec3, ldns_dnssec_zone_mark_glue, ldns_dnssec_name_node_next_nonglue, ldns_dnssec_zone_create_nsecs, ldns_dnssec_remove_signatures, ldns_dnssec_zone_create_rrsigs \- sign ldns_dnssec_zone

.SH SYNOPSIS
#include <stdint.h>
.br
#include <stdbool.h>
.br
.PP
#include <ldns/ldns.h>
.PP
ldns_status ldns_dnssec_zone_sign(ldns_dnssec_zone *zone, ldns_rr_list *new_rrs, ldns_key_list *key_list, int (*func)(ldns_rr *, void *), void *arg);
.PP
ldns_status ldns_dnssec_zone_sign_nsec3(ldns_dnssec_zone *zone, ldns_rr_list *new_rrs, ldns_key_list *key_list, int (*func)(ldns_rr *, void *), void *arg, uint8_t algorithm, uint8_t flags, uint16_t iterations, uint8_t salt_length, uint8_t *salt);
.PP
 ldns_dnssec_zone_mark_glue();
.PP
ldns_rbnode_t* ldns_dnssec_name_node_next_nonglue(ldns_rbnode_t *node);
.PP
ldns_status ldns_dnssec_zone_create_nsecs(ldns_dnssec_zone *zone, ldns_rr_list *new_rrs);
.PP
ldns_dnssec_rrs* ldns_dnssec_remove_signatures(ldns_dnssec_rrs *signatures, ldns_key_list *key_list, int (*func)(ldns_rr *, void *), void *arg);
.PP
ldns_status ldns_dnssec_zone_create_rrsigs(ldns_dnssec_zone *zone, ldns_rr_list *new_rrs, ldns_key_list *key_list, int (*func)(ldns_rr *, void*), void *arg);
.PP

.SH DESCRIPTION
.HP
\fIldns_dnssec_zone_sign\fR()
signs the given zone with the given keys

\.br
\fBzone\fR: the zone to sign
\.br
\fBkey_list\fR: the list of keys to sign the zone with
\.br
\fBnew_rrs\fR: newly created resource records are added to this list, to free them later
\.br
\fBfunc\fR: callback function that decides what to do with old signatures
This function takes an ldns_rr* and an optional void *arg argument, and returns one of four values:
\%LDNS_SIGNATURE_LEAVE_ADD_NEW:
leave the signature and add a new one for the corresponding key
\%LDNS_SIGNATURE_REMOVE_ADD_NEW:
remove the signature and replace is with a new one from the same key
\%LDNS_SIGNATURE_LEAVE_NO_ADD:
leave the signature and do not add a new one with the corresponding key
\%LDNS_SIGNATURE_REMOVE_NO_ADD:
remove the signature and do not replace 

\.br
\fBarg\fR: optional argument for the callback function
\.br
Returns \%LDNS_STATUS_OK on success, an error code otherwise
.PP
.HP
\fIldns_dnssec_zone_sign_nsec3\fR()
signs the given zone with the given new zone, with NSEC3

\.br
\fBzone\fR: the zone to sign
\.br
\fBkey_list\fR: the list of keys to sign the zone with
\.br
\fBnew_rrs\fR: newly created resource records are added to this list, to free them later
\.br
\fBfunc\fR: callback function that decides what to do with old signatures
\.br
\fBarg\fR: optional argument for the callback function
\.br
\fBalgorithm\fR: the NSEC3 hashing algorithm to use
\.br
\fBflags\fR: NSEC3 flags
\.br
\fBiterations\fR: the number of NSEC3 hash iterations to use
\.br
\fBsalt_length\fR: the length (in octets) of the NSEC3 salt
\.br
\fBsalt\fR: the NSEC3 salt data
\.br
Returns \%LDNS_STATUS_OK on success, an error code otherwise
.PP
.HP
\fIldns_dnssec_zone_mark_glue\fR()
.PP
.HP
\fIldns_dnssec_name_node_next_nonglue\fR()
Finds the first dnssec_name node in the rbtree that is not occluded.
It *does* return names that are partially occluded.

\.br
\fBnode\fR: the first node to check
\.br
Returns the first node that has not been marked as glue, or \%NULL
if not found (\%TODO: make that \%LDNS_RBTREE_NULL?)
.PP
.HP
\fIldns_dnssec_zone_create_nsecs\fR()
Adds \%NSEC records to the given dnssec_zone

\.br
\fBzone\fR: the zone to add the records to
\.br
\fBnew_rrs\fR: ldns_rr's created by this function are
added to this rr list, so the caller can free them later
\.br
Returns \%LDNS_STATUS_OK on success, an error code otherwise
.PP
.HP
\fIldns_dnssec_remove_signatures\fR()
remove signatures if callback function tells to

\.br
\fBsignatures\fR: list of signatures to check, and
possibly remove, depending on the value of the
callback
\.br
\fBkey_list\fR: these are marked to be used or not,
on the return value of the callback
\.br
\fBfunc\fR: this function is called to specify what to
do with each signature (and corresponding key)
\.br
\fBarg\fR: Optional argument for the callback function
\.br
Returns s pointer to the new signatures rrs (the original
passed to this function may have been removed)
.PP
.HP
\fIldns_dnssec_zone_create_rrsigs\fR()
Adds signatures to the zone

\.br
\fBzone\fR: the zone to add \%RRSIG Resource Records to
\.br
\fBnew_rrs\fR: the \%RRSIG RRs that are created are also
added to this list, so the caller can free them
later
\.br
\fBkey_list\fR: list of keys to sign with.
\.br
\fBfunc\fR: Callback function to decide what keys to
use and what to do with old signatures
\.br
\fBarg\fR: Optional argument for the callback function
\.br
Returns \%LDNS_STATUS_OK on success, error otherwise
.PP
.SH AUTHOR
The ldns team at NLnet Labs.

.SH REPORTING BUGS
Please report bugs to ldns-team@nlnetlabs.nl or in 
our bugzilla at
http://www.nlnetlabs.nl/bugs/index.html

.SH COPYRIGHT
Copyright (c) 2004 - 2006 NLnet Labs.
.PP
Licensed under the BSD License. There is NO warranty; not even for
MERCHANTABILITY or
FITNESS FOR A PARTICULAR PURPOSE.

.SH SEE ALSO
\fIldns_dnssec_zone\fR.
And \fBperldoc Net::DNS\fR, \fBRFC1034\fR,
\fBRFC1035\fR, \fBRFC4033\fR, \fBRFC4034\fR  and \fBRFC4035\fR.
.SH REMARKS
This manpage was automatically generated from the ldns source code.