NLnetLabs · ximon18 · Oct 9, 2024 · Oct 9, 2024 · Oct 9, 2024 · Oct 9, 2024
diff --git a/src/rdata/dnssec.rs b/src/rdata/dnssec.rs
@@ -2168,6 +2168,11 @@ impl<Octs: AsRef<[u8]>> RtypeBitmap<Octs> {
     ) -> Result<(), Target::AppendError> {
         target.append_slice(self.0.as_ref())
     }
+
+    #[must_use]
+    pub fn is_empty(&self) -> bool {
+        self.iter().next().is_none()
+    }
 }
 
 //--- AsRef

diff --git a/src/rdata/nsec3.rs b/src/rdata/nsec3.rs
@@ -102,6 +102,10 @@ impl<Octs> Nsec3<Octs> {
         &self.next_owner
     }
 
+    pub fn set_next_owner(&mut self, next_owner: OwnerHash<Octs>) {
+        self.next_owner = next_owner;
+    }
+
     pub fn types(&self) -> &RtypeBitmap<Octs> {
         &self.types
     }
@@ -354,7 +358,10 @@ impl<Octs: AsRef<[u8]>> fmt::Display for Nsec3<Octs> {
             self.hash_algorithm, self.flags, self.iterations, self.salt
         )?;
         base32::display_hex(&self.next_owner, f)?;
-        write!(f, " {}", self.types)
+        if !self.types.is_empty() {
+            write!(f, " {}", self.types)?;
+        }
+        Ok(())
     }
 }
 
@@ -453,6 +460,10 @@ impl<Octs> Nsec3param<Octs> {
         &self.salt
     }
 
+    pub fn into_salt(self) -> Nsec3Salt<Octs> {
+        self.salt
+    }
+
     pub(super) fn convert_octets<Target>(
         self,
     ) -> Result<Nsec3param<Target>, Target::Error>
@@ -496,6 +507,35 @@ impl<Octs> Nsec3param<Octs> {
     }
 }
 
+//--- Default
+
+impl<Octs> Default for Nsec3param<Octs>
+where
+    Octs: From<&'static [u8]>,
+{
+    /// Best practice default values for NSEC3 hashing.
+    ///
+    /// Per [RFC 9276] section 3.1:
+    ///
+    /// - _SHA-1, no extra iterations, empty salt._
+    ///
+    /// Per [RFC 5155] section 4.1.2:
+    ///
+    /// - _The Opt-Out flag is not used and is set to zero._
+    /// - _All other flags are reserved for future use, and must be zero._
+    ///
+    /// [RFC 5155]: https://www.rfc-editor.org/rfc/rfc5155.html
+    /// [RFC 9276]: https://www.rfc-editor.org/rfc/rfc9276.html
+    fn default() -> Self {
+        Self {
+            hash_algorithm: Nsec3HashAlg::SHA1,
+            flags: 0,
+            iterations: 0,
+            salt: Nsec3Salt::empty(),
+        }
+    }
+}
+
 //--- OctetsFrom
 
 impl<Octs, SrcOcts> OctetsFrom<Nsec3param<SrcOcts>> for Nsec3param<Octs>

diff --git a/src/sign/mod.rs b/src/sign/mod.rs
@@ -126,6 +126,7 @@ pub use self::bytes::{RsaSecretKeyBytes, SecretKeyBytes};
 
 pub mod common;
 pub mod openssl;
+pub mod records;
 pub mod ring;
 
 //----------- SigningKey -----------------------------------------------------