From e7ff0e0b391341bdc4d9c08dff1c477e1df6a682 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Mon, 21 Dec 2015 19:57:34 +0100
Subject: resolved: properly implement RRSIG validation of wildcarded RRsets

Note that this is still not complete, one additional step is still
missing: when we verified that a wildcard RRset is properly signed, we
still need to do an NSEC/NSEC3 proof that no more specific RRset exists.
---
 src/shared/dns-domain.h | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'src/shared/dns-domain.h')

diff --git a/src/shared/dns-domain.h b/src/shared/dns-domain.h
index 02b51832b6..7b509729fb 100644
--- a/src/shared/dns-domain.h
+++ b/src/shared/dns-domain.h
@@ -42,6 +42,9 @@
 /* Maximum length of a full hostname, on the wire, including the final NUL byte */
 #define DNS_WIRE_FOMAT_HOSTNAME_MAX 255
 
+/* Maximum number of labels per valid hostname */
+#define DNS_N_LABELS_MAX 127
+
 int dns_label_unescape(const char **name, char *dest, size_t sz);
 int dns_label_unescape_suffix(const char *name, const char **label_end, char *dest, size_t sz);
 int dns_label_escape(const char *p, size_t l, char *dest, size_t sz);
@@ -96,3 +99,6 @@ bool dns_service_name_is_valid(const char *name);
 
 int dns_service_join(const char *name, const char *type, const char *domain, char **ret);
 int dns_service_split(const char *joined, char **name, char **type, char **domain);
+
+int dns_name_suffix(const char *name, unsigned n_labels, const char **ret);
+int dns_name_count_labels(const char *name);
-- 
cgit v1.2.3-54-g00ecf