~nickbp/originz

ref: bench-baseline originz/fbs/dns_message.fbs -rw-r--r-- 27.8 KiB
d94f181cNick Parker Backport current benchmark to older code 1 year, 9 months ago
                                                                                
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
// Flatbuffer renderings of DNS requests and responses as they would be sent/received over the wire.

// Some minimal preprocessing is performed:
// - Resource count and string length fields are omitted here since flatbuffer gives them to us anyway.
// - Compressed names are decompressed/dereferenced as any byte pointers wouldn't be relevant anyway.

// To avoid issues with unset/unknown values, this does NOT directly use the enums defined in dns_enums.fbs.
// This instead uses plain ints for the following reasons:
// - We want to avoid flatbuffer automatically flattening the value if it's not listed in the corresponding enum.
// - We especially do not want to inherit flatbuffer defaulting unknown vals to 0.
//   This especially creates problems with e.g. ResponseCode.NO_ERROR = 0 potentially masking errors.

/// A DNS message, either a request or a response.
table Message {
  header:Header;

  /// Moved to the root Message to simplify handling.
  /// The wire format meanwhile serializes this as an Additional Resource.
  opt:OPT;

  question:[Question];
  answer:[Resource];
  authority:[Resource];
  additional:[Resource];
}

// From RFC2535 section 6.1 or RFC2929 section 2
// (two bits added following RFC1035)
//
//                                 1  1  1  1  1  1
//   0  1  2  3  4  5  6  7  8  9  0  1  2  3  4  5
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// |                      ID                       |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// |QR|   Opcode  |AA|TC|RD|RA| Z|AD|CD|   RCODE   |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// |                    QDCOUNT                    |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// |                    ANCOUNT                    |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// |                    NSCOUNT                    |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// |                    ARCOUNT                    |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
table Header {
  /// Random request ID, 16 bits
  id:uint16;

  /// Whether this is a request (false) or a response (true)
  is_response:bool;

  /// Raw Opcode value, 4 bits
  op_code:uint8 = 0; // 4 bits, default: QUERY

  /// ref: https://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml#dns-parameters-12

  /// RFC1035: AA/Authoritative Answer (response-only)
  authoritative:bool;

  /// RFC1035: TC/Truncated Response (response-only)
  truncated:bool;

  /// RFC1035: RD/Recursion Desired
  recursion_desired:bool;

  /// RFC1035: RA/Recursion Available (response-only)
  recursion_available:bool;

  /// bit 9: Reserved
  reserved_9:bool;

  /// RFC4035/RFC6840/RFC Errata 4924: AD/Authentic Data
  authentic_data:bool;

  /// RFC4035/RFC6840/RFC Errata 4927: CD/Checking Disabled
  checking_disabled:bool;

  /// Raw response_code value, 4 bits
  response_code:uint8 = 0; // 4 bits, default: NOERROR
}

/// OPT rdata, serialized as an Additional Resource but represented here as root-level header data to simplify processing.
table OPT {
  /// EDNS(0) header values from [RFC6891]:

  /// 16 bit value from CLASS field
  /// The requestor's UDP payload size (encoded in the RR CLASS field) is
  /// the number of octets of the largest UDP payload that can be
  /// reassembled and delivered in the requestor's network stack.
  udp_size:uint16;

  /// first 8 bits from TTL field
  /// Forms the upper 8 bits of extended 12-bit RCODE, together with the
  /// 4 bits defined in [RFC1035].
  response_code:uint8;

  /// second 8 bits from TTL field
  /// Indicates the implementation level of the setter, currently '0'
  version:uint8;

  /// bit 16 from TTL field
  /// DNSSEC OK bit as defined by [RFC3225].
  dnssec_ok:bool;

  option:[OPTOption];
}

/// An Option entry from OPT rdata.
table OPTOption {
  /// Assigned by the Expert Review process as defined by the DNSEXT
  /// working group and the IESG.
  code:uint16;

  data:[uint8];
}

// From RFC1035 section 4.1.2
//
//                                 1  1  1  1  1  1
//   0  1  2  3  4  5  6  7  8  9  0  1  2  3  4  5
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// |                                               |
// /                     QNAME                     /
// /                                               /
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// |                     QTYPE                     |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// |                     QCLASS                    |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
table Question {
  /// DNS name that this question is referring to, variable length
  name:string;

  /// Resource type value, 16 bits
  resource_type:uint16 = 1; // default: A

  /// Resource class value, 16 bits
  resource_class:uint16 = 1; // default: INTERNET
}

// From RFC1035 section 4.1.3
//
//                                 1  1  1  1  1  1
//   0  1  2  3  4  5  6  7  8  9  0  1  2  3  4  5
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// |                                               |
// /                                               /
// /                      NAME                     /
// |                                               |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// |                      TYPE                     |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// |                     CLASS                     |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// |                      TTL                      |
// |                                               |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// |                   RDLENGTH                    |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--|
// /                     RDATA                     /
// /                                               /
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
table Resource {
  /// DNS name that this resource is referring to, variable length
  name:string;

  /// Resource type value, 16 bits
  resource_type:uint16 = 1; // default: A

  /// Resource class value, 16 bits.
  resource_class:uint16 = 1; // default: INTERNET

  /// Time to live in seconds, 32 bits.
  ttl:uint32;

  /// Resource-specific data, variable length
  rdata:ResourceData;
}

/// Parsed (or raw) content from the Resource RDATA field.
/// If the Resource type is supported, the data is parsed into a message.
/// Otherwise it is provided in its original byte form via raw_data.
table ResourceData {
  /// If the resource type is unsupported, it's passed through in raw form.
  raw_data:[ubyte];

  // Supported resource types, covering items from: https://en.wikipedia.org/wiki/List_of_DNS_record_types
  // For descriptions of each type, see the more exhaustive list in dns_enums.fbs
  // Note that OPT data is not located here, instead it's at the root Message.

  a:rdata.A;                   // RFC1035
  ns:rdata.NS;                 // RFC1035
  cname:rdata.CNAME;           // RFC1035
  soa:rdata.SOA;               // RFC1035, RFC2308
  ptr:rdata.PTR;               // RFC1035
  hinfo:rdata.HINFO;           // RFC1035
  mx:rdata.MX;                 // RFC1035, RFC7505
  txt:rdata.TXT;               // RFC1035
  rp:rdata.RP;                 // RFC1183
  afsdb:rdata.AFSDB;           // RFC1183
  sig:rdata.SIG;               // RFC2535
  key:rdata.KEY;               // RFC2535, RFC2930
  aaaa:rdata.AAAA;             // RFC3596
  loc:rdata.LOC;               // RFC1876
  srv:rdata.SRV;               // RFC2782
  naptr:rdata.NAPTR;           // RFC3403
  kx:rdata.KX;                 // RFC2230
  cert:rdata.CERT;             // RFC4398
  dname:rdata.DNAME;           // RFC6672
  apl:rdata.APL;               // RFC3123
  ds:rdata.DS;                 // RFC4034. also: CDS/59, TS/32768, DLV/32769
  sshfp:rdata.SSHFP;           // RFC4255
  ipseckey:rdata.IPSECKEY;     // RFC4025
  rrsig:rdata.RRSIG;           // RFC4034
  nsec:rdata.NSEC;             // RFC4034
  dnskey:rdata.DNSKEY;         // RFC4034, also: CDNSKEY/60
  dhcid:rdata.DHCID;           // RFC4701
  nsec3:rdata.NSEC3;           // RFC5155
  nsec3param:rdata.NSEC3PARAM; // RFC5155
  tlsa:rdata.TLSA;             // RFC6698
  smimea:rdata.SMIMEA;         // RFC8162
  hip:rdata.HIP;               // RFC8005
  openpgpkey:rdata.OPENPGPKEY; // RFC7929
  csync:rdata.CSYNC;           // RFC7477
  tkey:rdata.TKEY;             // RFC2930
  tsig:rdata.TSIG;             // RFC2845
  uri:rdata.URI;               // RFC7553
  caa:rdata.CAA;               // RFC6844
}

namespace rdata;

table A {
  /// The first segment of an IPv4 address
  address1:uint8;
  /// The second segment of an IPv4 address
  address2:uint8;
  /// The third segment of an IPv4 address
  address3:uint8;
  /// The fourth segment of an IPv4 address
  address4:uint8;
}

table NS {
  /// A <domain-name> which specifies a host which should be
  /// authoritative for the specified class and domain.
  nsdname:string;
}

table CNAME {
  /// A <domain-name> which specifies the canonical or primary
  /// name for the owner.  The owner name is an alias.
  cname:string;
}

table SOA {
  /// The <domain-name> of the name server that was the
  /// original or primary source of data for this zone.
  mname:string;

  /// A <domain-name> which specifies the mailbox of the
  /// person responsible for this zone.
  rname:string;

  /// The unsigned 32 bit version number of the original copy
  /// of the zone.  Zone transfers preserve this value.  This
  /// value wraps and should be compared using sequence space
  /// arithmetic.
  serial:uint32;

  /// A 32 bit time interval before the zone should be
  /// refreshed.
  refresh:uint32;

  /// A 32 bit time interval that should elapse before a
  /// failed refresh should be retried.
  retry:uint32;

  /// A 32 bit time value that specifies the upper limit on
  /// the time interval that can elapse before the zone is no
  /// longer authoritative.
  expire:uint32;

  /// The unsigned 32 bit minimum TTL field that should be
  /// exported with any RR from this zone.
  minimum:uint32;
}

table PTR {
  /// A <domain-name> which points to some location in the
  /// domain name space.
  ptrdname:string;
}

table HINFO {
  /// A <character-string> which specifies the CPU type.
  cpu:[uint8];

  /// A <character-string> which specifies the operating
  /// system type.
  os:[uint8];
}

table MX {
  /// A 16 bit integer which specifies the preference given to
  /// this RR among others at the same owner.  Lower values
  /// are preferred.
  preference:uint16;

  /// A <domain-name> which specifies a host willing to act as
  /// a mail exchange for the owner name.
  exchange:string;
}

table TXT {
  /// One or more <character-string>s.
  entries:[TXTEntry];
}

table TXTEntry {
  /// A <character-string>.
  data:[uint8];
}

table RP {
  /// The first field, <mbox-dname>, is a domain name that specifies the
  /// mailbox for the responsible person.  Its format in master files uses
  /// the DNS convention for mailbox encoding, identical to that used for
  /// the RNAME mailbox field in the SOA RR.  The root domain name (just
  /// ".") may be specified for <mbox-dname> to indicate that no mailbox is
  /// available.
  mbox_dname:string;

  /// The second field, <txt-dname>, is a domain name for which TXT RR's
  /// exist.  A subsequent query can be performed to retrieve the
  /// associated TXT resource records at <txt-dname>.  This provides a
  /// level of indirection so that the entity can be referred to from
  /// multiple places in the DNS.  The root domain name (just ".") may be
  /// specified for <txt-dname> to indicate that the TXT_DNAME is absent,
  /// and no associated TXT RR exists.
  txt_dname:string;
}

table AFSDB {
  ///  The <subtype> field is a 16 bit integer.
  subtype:uint16;

  /// The <hostname> field is a domain name of a host that has
  /// a server for the cell named by the owner name of the RR.
  hostname:string;
}

table SIG {
  /// The type of the other RRs covered by this SIG.
  type_covered:uint16;

  /// The key algorithm parallel to the same field for the SIG resource.
  algorithm:uint8;

  /// An unsigned count of how many labels there are in the original SIG
  /// RR owner name not counting the null label for root and not
  /// counting any initial * for a wildcard.
  labels:uint8;

  /// This original TTL is protected by the signature while the current
  /// TTL field is not.
  original_ttl:uint32;

  /// The SIG is valid from the signature inception time until the
  /// signature expiration time.  Both are unsigned numbers of seconds
  /// since the start of 1 January 1970, GMT, ignoring leap seconds.
  signature_expiration:uint32;
  signature_inception:uint32;

  /// Used to efficiently select the applicable key among multiple.
  key_tag:uint16;

  /// The domain name of the signer generating the SIG RR.
  signers_name:string;

  /// Binds the other RDATA fields to the RRset of the type covered RRs
  /// with that owner name and class.  This covered RRset is thereby
  /// authenticated.
  signature:[uint8];
}

table KEY {
  /// Flags for key type and what key should be used for.
  flags:uint16; // 12 bit

  /// Protocol to use the key with: TLS, email, dnssec, ipsec, etc.
  protocol:uint8;

  /// The key algorithm parallel to the same field for the SIG resource.
  algorithm:uint8;

  /// The key data.
  public_key:[uint8];
}

table AAAA {
  /// The first segment of an IPv6 address
  address1:uint16;
  /// The second segment of an IPv6 address
  address2:uint16;
  /// The third segment of an IPv6 address
  address3:uint16;
  /// The fourth segment of an IPv6 address
  address4:uint16;
  /// The fifth segment of an IPv6 address
  address5:uint16;
  /// The sixth segment of an IPv6 address
  address6:uint16;
  /// The seventh segment of an IPv6 address
  address7:uint16;
  /// The eighth segment of an IPv6 address
  address8:uint16;
}

table LOC {
  /// Version number of the representation.  This must be zero.
  version:uint8;

  /// The diameter of a sphere enclosing the described entity, in
  /// centimeters, expressed as a pair of four-bit unsigned
  /// integers, each ranging from zero to nine, with the most
  /// significant four bits representing the base and the second
  /// number representing the power of ten by which to multiply
  /// the base. Range: 0e0 to 9e9 (90000 km)
  size:uint8;

  /// The horizontal precision of the data, in centimeters,
  /// expressed using the same representation as SIZE.
  horiz_pre:uint8;

  /// The vertical precision of the data, in centimeters,
  /// expressed using the sane representation as for SIZE.
  vert_pre:uint8;

  /// The latitude of the center of the sphere described by the
  /// SIZE field, in thousandths of a second of arc. 2^31 represents
  /// the equator; numbers above that are north latitude.
  latitude:int32;

  /// The longitude of the center of the sphere described by the
  /// SIZE field, in thousandths of a second of arc, rounded away from
  /// the prime meridian. 2^31 represents the prime meridian; numbers
  /// above that are east longitude.
  longitude:int32;

  /// The altitude of the center of the sphere described by the SIZE
  /// field, in centimeters, from a base of 100,000m below the
  /// [WGS 84] reference spheroid used by GPS (semimajor axis
  /// a=6378137.0, reciprocal flattening rf=298.257223563).
  altitude:int32;
}

table SRV {
  /// The priority of this target host.  A client MUST attempt to
  /// contact the target host with the lowest-numbered priority it can
  /// reach; target hosts with the same priority SHOULD be tried in an
  /// order defined by the weight field.
  priority:uint16;

  /// A server selection mechanism.  The weight field specifies a
  /// relative weight for entries with the same priority. Larger
  /// weights SHOULD be given a proportionately higher probability of
  /// being selected.
  weight:uint16;

  /// The port on this target host of this service.
  port:uint16;

  /// The domain name of the target host.  There MUST be one or more
  /// address records for this name, the name MUST NOT be an alias (in
  /// the sense of RFC 1034 or RFC 2181).
  target:string;
}

table NAPTR {
  /// A 16-bit unsigned integer specifying the order in which the NAPTR
  /// records MUST be processed in order to accurately represent the
  /// ordered list of Rules.
  order:uint16;

  /// A 16-bit unsigned integer that specifies the order in which NAPTR
  /// records with equal Order values SHOULD be processed, low numbers
  /// being processed before high numbers.
  preference:uint16;

  /// A <character-string> containing flags to control aspects of the
  /// rewriting and interpretation of the fields in the record.
  flags:[uint8];

  /// A <character-string> that specifies the Service Parameters
  /// applicable to this this delegation path.
  services:[uint8];

  /// A <character-string> containing a substitution expression that is
  /// applied to the original string held by the client in order to
  /// construct the next domain name to lookup.
  regexp:[uint8];

  /// A <domain-name> which is the next domain-name to query for
  /// depending on the potential values found in the flags field.
  replacement:string;
}

table KX {
  /// Specifies the preference given to this RR among other KX records
  /// at the same owner.  Lower values are preferred.
  preference:uint16;

  /// A <domain-name> which specifies a host willing to act as a mail
  /// exchange for the owner name. (MUST NOT be compressed)
  exchanger:string;
}

table CERT {
  /// The type field is the certificate type as defined in RFC4398 2.1
  type:uint16;

  /// The key tag field is the 16-bit value computed for the key embedded
  /// in the certificate, using the RRSIG Key Tag algorithm.
  key_tag:uint16;

  /// The algorithm field has the same meaning as the algorithm field in
  /// DNSKEY and RRSIG RRs, except 0 => unknown.
  algorithm:uint8;

  certificate:[uint8];
}

table DNAME {
  /// Alias for a name and all its subnames, similar to CNAME which is
  /// exact match only.
  /// The DNAME RDATA target name MUST NOT be sent out in compressed form
  /// and MUST be downcased for DNS Security Extensions (DNSSEC)
  /// validation.
  dname:string;
}

table APL {
  /// May have zero or more items
  item:[APLItem];
}

table APLItem {
  /// 1 for IPv4, 2 for IPv6
  address_family:uint16;

  /// Coded prefix length, IPv4: 0-32, IPv6: 0-128
  prefix:uint8;

  /// Negation flag, indicates the presence of the
  /// ! character in the textual format.
  negation:bool;

  /// Address family dependent part. IPv4: 0-4 bytes, IPv6: 0-16 bytes
  afd_part:[uint8];
}

table DS {
  /// The Key Tag field lists the key tag of the DNSKEY RR referred to by
  /// the DS record, in network byte order.
  key_tag:uint16;

  /// The Algorithm field lists the algorithm number of the DNSKEY RR
  /// referred to by the DS record.
  algorithm:uint8;

  /// The DS RR refers to a DNSKEY RR by including a digest of that DNSKEY
  /// RR.  The Digest Type field identifies the algorithm used to construct
  /// the digest.
  digest_type:uint8;

  /// The DS record refers to a DNSKEY RR by including a digest of that
  /// DNSKEY RR.
  digest:[uint8];
}

table SSHFP {
  /// The algorithm of the public key, 0=reserved, 1=rsa, 2=dss
  algorithm:uint8;

  /// The digest algorithm for the key fingerprint. 0=reserved, 1=sha1
  fp_type:uint8;

  /// The message-digest algorithm is presumed to produce an opaque octet
  /// string output, which is placed as-is in the RDATA fingerprint field.
  fingerprint:[uint8];
}

table IPSECKEY {
  /// Gateways listed in IPSECKEY records with lower precedence are to be
  /// attempted first.  Where there is a tie in precedence, the order
  /// should be non-deterministic.
  precedence:uint8;

  /// The gateway type field indicates the format of the information that
  /// is stored in the gateway field. 0=none, 1=ipv4, 2=ipv6, 3=domain
  gateway_type:uint8;

  /// The public key's cryptographic algorithm and determines the format
  /// of the public key field. 0=none, 1=dsa, 2=rsa
  algorithm:uint8;

  /// The gateway field indicates a gateway to which an IPsec tunnel may be
  /// created in order to reach the entity named by this resource record.
  gateway:[uint8];

  /// The public key with format defined by the 'algorithm'.
  public_key:[uint8];
}

table RRSIG {
  /// The Type Covered field identifies the type of the RRset that is
  /// covered by this RRSIG record.
  type_covered:uint16;

  /// The Algorithm Number field identifies the cryptographic algorithm
  /// used to create the signature.
  algorithm:uint8;

  /// The Labels field specifies the number of labels in the original RRSIG
  /// RR owner name.
  labels:uint8;

  /// The Original TTL field specifies the TTL of the covered RRset as it
  /// appears in the authoritative zone.
  original_ttl:uint32;

  /// The Signature Expiration and Inception fields specify a validity
  /// period for the signature.
  signature_expiration:uint32;
  signature_inception:uint32;

  /// The Key Tag field contains the key tag value of the DNSKEY RR that
  /// validates this signature, in network byte order.
  key_tag:uint16;

  /// The Signer's Name field value identifies the owner name of the DNSKEY
  /// RR that a validator is supposed to use to validate this signature.
  signers_name:string;

  /// The Signature field contains the cryptographic signature that covers
  /// the RRSIG RDATA (excluding the Signature field) and the RRset
  /// specified by the RRSIG owner name, RRSIG class, and RRSIG Type
  /// Covered field.
  signature:[uint8];
}

table NSEC {
  /// The Next Domain field contains the next owner name (in the canonical
  /// ordering of the zone) that has authoritative data or contains a
  /// delegation point NS RRset.
  /// A sender MUST NOT use DNS name compression on the Next Domain Name
  /// field when transmitting an NSEC RR.
  next_domain_name:string;

  /// The Type Bit Maps field identifies the RRset types that exist at the
  /// NSEC RR's owner name.
  type_bit_maps:[uint8];
}

table DNSKEY {
  /// Bit 7 of the Flags field is the Zone Key flag: 1 = zone, 0 = other
  /// Bit 15 of the Flags field is the Secure Entry Point flag, described
  /// in [RFC3757].
  flags:uint16;

  /// The Protocol Field MUST have value 3
  protocol:uint8;

  /// The Algorithm field identifies the public key's cryptographic
  /// algorithm and determines the format of the Public Key field.
  algorithm:uint8;

  /// The Public Key Field holds the public key material.
  public_key:[uint8];
}

table DHCID {
  /// Opaque DHCP data, to be interpreted by DHCP clients and servers
  dhcp_data:[uint8];
}

table NSEC3 {
  /// The Hash Algorithm field identifies the cryptographic hash algorithm
  /// used to construct the hash-value.
  hash_algorithm:uint8;

  /// The Flags field contains 8 one-bit flags that can be used to indicate
  /// different processing.  All undefined flags must be zero.  The only
  /// flag defined by this specification is the Opt-Out flag.
  flags:uint8;

  /// The Iterations field defines the number of additional times the hash
  /// function has been performed.
  iterations:uint16;

  /// The Salt field is appended to the original owner name before hashing
  /// in order to defend against pre-calculated dictionary attacks.
  salt:[uint8];

  /// The Next Hashed Owner Name field contains the next hashed owner name
  /// in hash order.
  next_hashed_owner_name:[uint8];

  /// The Type Bit Maps field identifies the RRSet types that exist at the
  /// original owner name of the NSEC3 RR.
  type_bit_maps:[uint8];
}

table NSEC3PARAM {
  /// The Hash Algorithm field identifies the cryptographic hash algorithm
  /// used to construct the hash-value.
  hash_algorithm:uint8;

  /// The Flags field contains 8 one-bit flags that can be used to indicate
  /// different processing.  All undefined flags must be zero.  The only
  /// flag defined by this specification is the Opt-Out flag.
  flags:uint8;

  /// The Iterations field defines the number of additional times the hash
  /// function has been performed.
  iterations:uint16;

  /// The Salt field is appended to the original owner name before hashing
  /// in order to defend against pre-calculated dictionary attacks.
  salt:[uint8];
}

table TLSA {
  /// Specifies the provided association that will be used to match the
  /// certificate presented in the TLS handshake.
  certificate_usage:uint8;

  /// Specifies which part of the TLS certificate presented by the server
  /// will be matched against the association data
  selector:uint8;

  /// Specifies how the certificate association is presented.
  matching_type:uint8;

  /// The data to be matched: certificate, SubjectPublicKeyInfo, hash, etc
  certificate_association_data:[uint8];
}

table SMIMEA {
  /// The SMIMEA wire format and presentation format are the same as for
  /// the TLSA record as described in Section 2.1 of [RFC6698].

  /// Specifies the provided association that will be used to match the
  /// certificate presented in the TLS handshake.
  certificate_usage:uint8;

  /// Specifies which part of the TLS certificate presented by the server
  /// will be matched against the association data
  selector:uint8;

  /// Specifies how the certificate association is presented.
  matching_type:uint8;

  /// The data to be matched: certificate, SubjectPublicKeyInfo, hash, etc
  certificate_association_data:[uint8];
}

table HIP {
  /// The PK cryptographic algorithm and the implied Public Key field format.
  public_key_algorithm:uint8;

  /// The HIT is stored as a binary value in network byte order.
  hit:[uint8];

  /// DSA (RFC2536), RSA (RFC3110), or ECDSA (RFC6605)
  public_key:[uint8];

  /// One or more variable length domain-encoded values, which MUST NOT be
  /// compressed. Listed in order of preference.
  rendezvous_servers:[string];
}

table OPENPGPKEY {
  /// The RDATA portion of an OPENPGPKEY resource record contains a single
  /// value consisting of a Transferable Public Key formatted as specified
  /// in [RFC4880].
  public_key:string;
}

table CSYNC {
  /// A copy of the 32-bit SOA serial number from the child zone.
  soa_serial:uint32;

  /// Booleans that define operations affecting CSYNC record processing.
  flags:uint16;

  /// The record types to be processed by the parental agent.
  type_bit_map:[uint8];
}

table TKEY {
  /// The algorithm name is in the form of a domain name with the same
  /// meaning as in [RFC 2845].
  algorithm:string;

  /// The inception time and expiration times are in number of seconds
  /// since the beginning of 1 January 1970 GMT ignoring leap seconds
  /// treated as modulo 2**32 using ring arithmetic [RFC 1982].
  inception:uint32;
  expiration:uint32;

  /// The mode field specifies the general scheme for key agreement or the
  /// purpose of the TKEY DNS message.
  mode:uint16;

  /// The error code field is an extended RCODE.
  error:uint16;

  /// The key exchange data field. Depends on the mode.
  key_data:[uint8];

  /// May be used in future extensions.
  other_data:[uint8];
}

table TSIG {
  /// Name of the algorithm in domain name syntax.
  algorithm_name:string;

  /// Seconds since 1-Jan-70 UTC.
  time_signed:uint64; // 48 bits

  /// Seconds of error permitted in Time Signed.
  fudge:uint16;

  /// Defined by Algorithm Name.
  mac:[uint8];

  /// Empty unless Error == BADTIME
  other_data:[uint8];
}

table URI {
  /// A client MUST attempt to contact the URI with the lowest-numbered
  /// priority it can reach; URIs with the same priority SHOULD be
  /// selected according to probabilities defined by the weight field.
  priority:uint16;

  /// Specifies a relative weight for entries with the same priority.
  /// Larger weights SHOULD be given a proportionately higher probability
  /// of being selected.
  weight:uint16;

  /// The URI of the target, enclosed in double-quotes, using the format
  /// specified in RFC3986
  target:string;
}

table CAA {
  /// Issuer critical flag at bit 0, all others reserved for future use.
  flags:uint8;

  /// The property identifier, a sequence of US-ASCII characters.
  tag:string;

  /// A sequence of octets representing the property value.
  value:[uint8];
}