diff options
Diffstat (limited to 'plugin/dnssec/dnskey.go')
| -rw-r--r-- | plugin/dnssec/dnskey.go | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/plugin/dnssec/dnskey.go b/plugin/dnssec/dnskey.go index ed99fe6c2..4576306ef 100644 --- a/plugin/dnssec/dnskey.go +++ b/plugin/dnssec/dnskey.go @@ -28,6 +28,7 @@ func ParseKeyFile(pubFile, privFile string) (*DNSKEY, error) { if e != nil { return nil, e } + defer f.Close() k, e := dns.ReadRR(f, pubFile) if e != nil { return nil, e @@ -37,6 +38,7 @@ func ParseKeyFile(pubFile, privFile string) (*DNSKEY, error) { if e != nil { return nil, e } + defer f.Close() dk, ok := k.(*dns.DNSKEY) if !ok { @@ -76,3 +78,13 @@ func (d Dnssec) getDNSKEY(state request.Request, zone string, do bool, server st } return m } + +// Return true iff this is a zone key with the SEP bit unset. This implies a ZSK (rfc4034 2.1.1). +func (k DNSKEY) isZSK() bool { + return k.K.Flags & (1<<8) == (1<<8) && k.K.Flags & 1 == 0 +} + +// Return true iff this is a zone key with the SEP bit set. This implies a KSK (rfc4034 2.1.1). +func (k DNSKEY) isKSK() bool { + return k.K.Flags & (1<<8) == (1<<8) && k.K.Flags & 1 == 1 +} |