mimuret
diff --git a/‎name_node.go‎
Lines changed: 1 addition & 1 deletion b/‎name_node.go‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎nsec.go‎
Lines changed: 3 additions & 0 deletions b/‎nsec.go‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎sign.go‎
Lines changed: 38 additions & 4 deletions b/‎sign.go‎
Lines changed: 38 additions & 4 deletions
diff --git a/‎testdata/zonemd/dsset-example.‎
Lines changed: 1 addition & 0 deletions b/‎testdata/zonemd/dsset-example.‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎testdata/zonemd/example.complex.signed-zonemd‎
Lines changed: 54 additions & 0 deletions b/‎testdata/zonemd/example.complex.signed-zonemd‎
Lines changed: 54 additions & 0 deletions
diff --git a/‎testdata/zonemd/example.complex.signed.tmp‎
Lines changed: 77 additions & 0 deletions b/‎testdata/zonemd/example.complex.signed.tmp‎
Lines changed: 77 additions & 0 deletions
@@ -183,7 +183,7 @@ func (n *NameNode) IterateNameNodeWithValue(f func(NameNodeInterface, any) (any,
 	for key := range children {
 		keys = append(keys, key)
 	}
-	keys, _ = SortNames(keys)
+	SortNames(keys)
 	for _, name := range keys {
 		if err := children[name].IterateNameNodeWithValue(f, res); err != nil {
 			return err
 
@@ -25,6 +25,9 @@ func CreateDoE(z ZoneInterface, opt SignOption, generator Generator) error {
 func createNSEC(z ZoneInterface, generator RRSetGenerator) error {
 	var nodes = map[string]NameNodeInterface{}
 	var names []string
+	if generator == nil {
+		generator = &DefaultGenerator{}
+	}
 	soa, err := GetSOA(z)
 	if err != nil {
 		return ErrBadZone
 
@@ -31,6 +31,8 @@ type SignOption struct {
 	DoEMethod    DenialOfExistenceMethod
 	NSEC3Salt    string
 	NSEC3Iterate uint16
+
+	ZONEMDEnabled bool
 }
 
 func (o *SignOption) GetBeforSign() time.Duration {
@@ -112,6 +114,32 @@ func (d *DNSKEY) IsZSK() bool {
 	return d.rr.Flags == 256
 }
 
+func Sign(z ZoneInterface, opt SignOption, dnskeys []*DNSKEY, generator Generator) error {
+	if err := AddDNSKEY(z, dnskeys, uint32(0), generator); err != nil {
+		return fmt.Errorf("failed to add DNSKEY: %w", err)
+	}
+	if opt.ZONEMDEnabled {
+		if err := AddZONEMDPlaceholder(z, nil, generator); err != nil {
+			return fmt.Errorf("failed to add ZONEMD: %w", err)
+		}
+	}
+	if err := CreateDoE(z, opt, generator); err != nil {
+		return fmt.Errorf("failed to add NSEC or NSEC3: %w", err)
+	}
+	if err := SignZone(z, opt, dnskeys, generator); err != nil {
+		return fmt.Errorf("failed to sign zone: %w", err)
+	}
+	if opt.ZONEMDEnabled {
+		if err := UpdateZONEMDDigest(z, generator); err != nil {
+			return fmt.Errorf("failed to update ZONEMD digest: %w", err)
+		}
+		if err := SignNode(z.GetRootNode(), opt, dnskeys, generator, true, true); err != nil {
+			return fmt.Errorf("failed to sign zone apex: %w", err)
+		}
+	}
+	return nil
+}
+
 func AddDNSKEY(z ZoneInterface, dnskeys []*DNSKEY, ttl uint32, generator Generator) error {
 	if len(dnskeys) == 0 {
 		return fmt.Errorf("empty DNSKEYs")
@@ -145,25 +173,31 @@ func SignZone(z ZoneInterface, opt SignOption, dnskeys []*DNSKEY, generator Gene
 		auth := a.(bool)
 		if z.GetName() != nni.GetName() {
 			if nsRRset := nni.GetRRSet(dns.TypeNS); nsRRset != nil {
-				return false, signNode(nni, opt, dnskeys, generator, nni == z.GetRootNode(), true)
+				return false, SignNode(nni, opt, dnskeys, generator, nni == z.GetRootNode(), true)
 			}
 		}
-		return auth, signNode(nni, opt, dnskeys, generator, nni == z.GetRootNode(), auth)
+		return auth, SignNode(nni, opt, dnskeys, generator, nni == z.GetRootNode(), auth)
 	}, true)
 }
 
-func signNode(nni NameNodeInterface, opt SignOption, dnskeys []*DNSKEY, generator Generator, apex, auth bool) error {
+func SignNode(nni NameNodeInterface, opt SignOption, dnskeys []*DNSKEY, generator Generator, apex, auth bool) error {
+	if generator == nil {
+		generator = &DefaultGenerator{}
+	}
 	if !auth {
 		return nil
 	}
-	rrsig, err := GetRRSetOrCreate(nni, dns.TypeRRSIG, 0, generator)
+	rrsig, err := generator.NewRRSet(nni.GetName(), 0, nni.GetClass(), dns.TypeRRSIG)
 	if err != nil {
 		return err
 	}
 	err = nni.IterateNameRRSet(func(ri RRSetInterface) error {
 		if ri.GetRRtype() == dns.TypeNS && !apex {
 			return nil
 		}
+		if ri.GetRRtype() == dns.TypeRRSIG {
+			return nil
+		}
 		rrsigRRs, err := SignRRSet(ri, opt, dnskeys)
 		if err != nil {
 			return err
 
@@ -0,0 +1 @@
+example.		IN DS 49842 15 2 B6CDFFD5BEF3146A7FF0302E2374EA4ED121BE106CF7EB452452B821 E92DC173
@@ -0,0 +1,54 @@
+example. 86400 IN NS ns1.example.
+example. 86400 IN NS ns2.example.
+example. 86400 IN SOA ns1.example. admin.example. 2018031900 1800 900 604800 86400
+example. 86400 IN RRSIG NS 15 1 86400 20300101000000 20240101000000 4770 example. zPTka8nomsQJbTV28TSksOVXTE3HPpTlvfE/WyhWhB2eKS3OWhHtJG/6wfRZA6GwwSoO4locWfFYWmpOLLHZDg==
+example. 86400 IN RRSIG SOA 15 1 86400 20300101000000 20240101000000 4770 example. svOcT0690Zpm13CcA6hNC216Q5zhR2nnCk0R4gdx/JBVDtInbZykWN8/mouFnZ8aC+trgKzGgSJ4huQDYJuBBQ==
+example. 86400 IN RRSIG NSEC 15 1 86400 20300101000000 20240101000000 4770 example. WYDwzq6NEPdqFlfhEUThvDW5X4YHXhbl6LZ4CS3fn1piZhP/li/AYOhOZFKBpgpTL7VGXRftWJoWy5Agvo0gAQ==
+example. 86400 IN RRSIG DNSKEY 15 1 86400 20300101000000 20240101000000 49842 example. wiHw5imE5ftrknItKf+GAn2p/ztobwKBKsNkLNnP14R4mZj/JBxdCFM9rx8n5eu2psvymSYbFE+L+M3PxKjIAQ==
+example. 3600 IN RRSIG DNSKEY 15 1 3600 20300101000000 20240101000000 49842 example. FWU+Qs3bmhpKuUW4lCwdtrpJR06dW3Vh89MaFZw9OFfTudI6Cley495yuJRuqBxbQeY5TJ8w9lyKPRhQn9KBDw==
+example. 86400 IN RRSIG ZONEMD 15 1 86400 20300101000000 20240101000000 4770 example. 9+UeCqpq5SNHcYwM5bS6kKsVz7t/dG37FsStlzO0hfi2GSP7flZKTQkdvHqjm2dzX9sZXom8Sco3vDb3vk1rCQ==
+example. 86400 IN NSEC *.example. NS SOA RRSIG NSEC DNSKEY ZONEMD 
+example. 86400 IN DNSKEY 256 3 15 mOgdbdkEVsD8svnC70BBrmgPFLE/kYGmulOm1T1xJIA=
+example. 86400 IN DNSKEY 257 3 15 herJaM2oMFqzpbCzD3nhFdAqFngglSg5qqDclAA6ZYM=
+example. 86400 IN ZONEMD 2018031900 1 1 d02eb625c8d5bfe331e4b914ae18cfc3be1cd18d3f441561fab8f59ae0bf2195c9229f029726bf1f4369d861620d9c53
+*.example. 777 IN PTR dont-forget-about-wildcards.example.
+*.example. 777 IN RRSIG PTR 15 1 777 20300101000000 20240101000000 4770 example. 49tkJ4Q9Q7SP4p0SGMQ6dtlfxnUoQOh1HZbMVfNpSAK++5Kzy7wPjveKlwtKnNbFE3INr1/NXeMHkUsp+IPjBA==
+*.example. 86400 IN RRSIG NSEC 15 1 86400 20300101000000 20240101000000 4770 example. 7rZFsNYMP0s/EdM2gZYrEsnvbqnhyt2sfi69urXnJlVss8A/H8U6Sh3DkK4E/RPbAce0eEWVcdiTNUAnGIxvBg==
+*.example. 86400 IN NSEC duplicate.example. PTR RRSIG NSEC 
+duplicate.example. 300 IN TXT "I must be digested just once"
+duplicate.example. 300 IN RRSIG TXT 15 2 300 20300101000000 20240101000000 4770 example. Tp/BgGKgWEWPeTt9TGBU5hCymB46otaJZUi5dmTkNpPgwB1XO/ifyXcsKfuk/cZVOSE7FVk4VVkbMY5DA/w5Ag==
+duplicate.example. 86400 IN RRSIG NSEC 15 2 86400 20300101000000 20240101000000 4770 example. Zo8ocFr8x04bdgD2xerMSh6zENZXf4K8psGgC+JBTC3svW/ITEtNtqHOcpO4VJM0hF07egDW8l6ldyiuLD4pBg==
+duplicate.example. 86400 IN NSEC mail.example. TXT RRSIG NSEC 
+mail.example. 3600 IN MX 10 mail2.example.
+mail.example. 3600 IN MX 20 mail1.example.
+mail.example. 3600 IN RRSIG MX 15 2 3600 20300101000000 20240101000000 4770 example. ltCZTP1565PjaLQ1minRaLoTeCr2wVTjjnkSoMPZDDVAGle+Nx9ZjifJwlo33N3tltZUuPDId31yiXvxNyMXBQ==
+mail.example. 86400 IN RRSIG NSEC 15 2 86400 20300101000000 20240101000000 4770 example. ToesrgObjOL1wCtlQqZr6xW7h73xnFCtLNWhUIcpbHYcbmqF2ubGPwEvReuc8ZnyhKAAfrrzGDNasat8CcJDCw==
+mail.example. 86400 IN NSEC non-apex.example. MX RRSIG NSEC 
+non-apex.example. 86400 IN RRSIG NSEC 15 2 86400 20300101000000 20240101000000 4770 example. EWzXDr0QDUozh5s0qOgR5UdBCEtJbWTy2DdTfBvqNbVHqSIwxOIXkiWKzgLiX1i6tTzajpkaDc63Q5fUOMFACA==
+non-apex.example. 900 IN RRSIG ZONEMD 15 2 900 20300101000000 20240101000000 4770 example. 25uC/CEHR39+44rBWkLOYat+wjsXMQdHoJcDS5t/5/T08VGYdcvG4WfVfkDmWHv833eaqu8kBamM/Dc+aKOgDw==
+non-apex.example. 86400 IN NSEC ns1.example. RRSIG NSEC ZONEMD 
+non-apex.example. 900 IN ZONEMD 2018031900 1 1 616c6c6f776564206275742069676e6f7265642e20616c6c6f776564206275742069676e6f7265642e20616c6c6f7765
+ns1.example. 3600 IN A 203.0.113.63
+ns1.example. 3600 IN RRSIG A 15 2 3600 20300101000000 20240101000000 4770 example. pkLaJGOE2gInA0B81mGTU0WD3GKMV3f0vensII+AO0rUBzYwwhX4PdEbrKg2Fy2U0XU1t1Ej93/WrkkcYlHLAg==
+ns1.example. 86400 IN RRSIG NSEC 15 2 86400 20300101000000 20240101000000 4770 example. 2+UVtROxdUs4MyLz8OjmuYu/QiB9rng8Wqo7Lwp5A1UOEb8ROscQrkJ4tDjZ/LPaX85YL8RbIwXvgf28FcSxCg==
+ns1.example. 86400 IN NSEC NS2.example. A RRSIG NSEC 
+ns2.example. 3600 IN AAAA 2001:db8::63
+ns2.example. 3600 IN RRSIG AAAA 15 2 3600 20300101000000 20240101000000 4770 example. bNjm/kEfEf8TLXw3iJ2Y1zYzcrp7WDlUvCbexCdfFQ0tbhHEcY26BYW8y8noJOhX4iXoopOgkPh5lXF3cbP0AQ==
+ns2.example. 86400 IN RRSIG NSEC 15 2 86400 20300101000000 20240101000000 4770 example. Pg15bpP0plpg273TqsXgV+dcnv0LzdzhEZ+5DUKPEgJri/kWXpxT2uY+mn5WusAC9ncIn1WwNCt7x8aOkzQfBw==
+ns2.example. 86400 IN NSEC sortme.example. AAAA RRSIG NSEC 
+sortme.example. 3600 IN AAAA 2001:db8::1:65
+sortme.example. 3600 IN AAAA 2001:db8::2:64
+sortme.example. 3600 IN AAAA 2001:db8::3:62
+sortme.example. 3600 IN AAAA 2001:db8::4:63
+sortme.example. 3600 IN AAAA 2001:db8::5:61
+sortme.example. 3600 IN RRSIG AAAA 15 2 3600 20300101000000 20240101000000 4770 example. PUCqYSxrjiF7e3kFghjTb3FSmcEzo/rkun9LZUBbnm2toRIpOhnz24V1ICXo0LT/W/fiJ+WlLTfJAxqhNFO9Cg==
+sortme.example. 86400 IN RRSIG NSEC 15 2 86400 20300101000000 20240101000000 4770 example. fk7spWgAPgn3hq8gU29NmXUmwn6fvLLigvq73KR6+QDlURS5StDAcE8eKcnReQLI+2PNiSwG60WJ1iF0lu5WDw==
+sortme.example. 86400 IN NSEC sub.example. AAAA RRSIG NSEC 
+sub.example. 7200 IN NS ns1.example.
+sub.example. 86400 IN RRSIG NSEC 15 2 86400 20300101000000 20240101000000 4770 example. wtugWOeQ4OMv4bDfiJmTAlTAbiQlHrGPAOkLD2B9gWdhN5otC317rPQrq4LzfXcYwJsfgIV5N9lUy3qNGYfTDQ==
+sub.example. 86400 IN NSEC UPPERCASE.example. NS RRSIG NSEC 
+occluded.sub.example. 7200 IN TXT "I'm occluded but must be digested"
+uppercase.example. 3600 IN TXT "canonicalize uppercase owner names"
+uppercase.example. 3600 IN RRSIG TXT 15 2 3600 20300101000000 20240101000000 4770 example. YC7r7E6vuOSgP1XD0PDREbFPvnS+U9XGWMJ8X7jivKP0J87Otq+nc6u297/BIMoEw8e7GjQZ+onDxDekxKkEDQ==
+uppercase.example. 86400 IN RRSIG NSEC 15 2 86400 20300101000000 20240101000000 4770 example. yhddH1aXo0h4aK6T6v3nEo15KsHxdNbTPAc/0p4F/FtWG+vL9Ock6jls7hSGRqxbMPUq3pAhuNLQn7m1UyqeDw==
+uppercase.example. 86400 IN NSEC example. TXT RRSIG NSEC 
@@ -0,0 +1,77 @@
+; File written on Thu Dec 12 22:05:03 2024
+; dnssec_signzone version 9.18.21
+example.				      86400 IN SOA	ns1.example. admin.example. 2018031900 1800 900 604800 86400
+example.				      86400 IN RRSIG	SOA 15 1 86400 20300101000000 20240101000000 4770 example. svOcT0690Zpm13CcA6hNC216Q5zhR2nnCk0R4gdx/JBVDtInbZykWN8/ mouFnZ8aC+trgKzGgSJ4huQDYJuBBQ==
+; resign=20300101000000
+example.				      86400 IN NS	ns1.example.
+example.				      86400 IN NS	ns2.example.
+example.				      86400 IN RRSIG	NS 15 1 86400 20300101000000 20240101000000 4770 example. zPTka8nomsQJbTV28TSksOVXTE3HPpTlvfE/WyhWhB2eKS3OWhHtJG/6 wfRZA6GwwSoO4locWfFYWmpOLLHZDg==
+; resign=20300101000000
+example.				      86400 IN NSEC	*.example. NS SOA RRSIG NSEC DNSKEY ZONEMD
+example.				      86400 IN RRSIG	NSEC 15 1 86400 20300101000000 20240101000000 4770 example. WYDwzq6NEPdqFlfhEUThvDW5X4YHXhbl6LZ4CS3fn1piZhP/li/AYOhO ZFKBpgpTL7VGXRftWJoWy5Agvo0gAQ==
+; resign=20300101000000
+example.				      86400 IN DNSKEY	256 3 15 mOgdbdkEVsD8svnC70BBrmgPFLE/kYGmulOm1T1xJIA=
+example.				      86400 IN DNSKEY	257 3 15 herJaM2oMFqzpbCzD3nhFdAqFngglSg5qqDclAA6ZYM=
+example.				      86400 IN RRSIG	DNSKEY 15 1 86400 20300101000000 20240101000000 49842 example. wiHw5imE5ftrknItKf+GAn2p/ztobwKBKsNkLNnP14R4mZj/JBxdCFM9 rx8n5eu2psvymSYbFE+L+M3PxKjIAQ==
+; resign=20300101000000
+example.				      86400 IN ZONEMD	2018031900 1 1 A3B69BAD980A3504E1CFFCB0FD6397F93848071C93151F552AE2F6B1 711D4BD2D8B39808226D7B9DB71E34B72077F8FE
+example.				      86400 IN RRSIG	ZONEMD 15 1 86400 20300101000000 20240101000000 4770 example. 9+UeCqpq5SNHcYwM5bS6kKsVz7t/dG37FsStlzO0hfi2GSP7flZKTQkd vHqjm2dzX9sZXom8Sco3vDb3vk1rCQ==
+; resign=20300101000000
+occluded.sub.example.			      7200 IN TXT	"I'm occluded but must be digested"
+*.example.				      777 IN PTR	dont-forget-about-wildcards.example.
+*.example.				      777 IN RRSIG	PTR 15 1 777 20300101000000 20240101000000 4770 example. 49tkJ4Q9Q7SP4p0SGMQ6dtlfxnUoQOh1HZbMVfNpSAK++5Kzy7wPjveK lwtKnNbFE3INr1/NXeMHkUsp+IPjBA==
+; resign=20300101000000
+*.example.				      86400 IN NSEC	duplicate.example. PTR RRSIG NSEC
+*.example.				      86400 IN RRSIG	NSEC 15 1 86400 20300101000000 20240101000000 4770 example. 7rZFsNYMP0s/EdM2gZYrEsnvbqnhyt2sfi69urXnJlVss8A/H8U6Sh3D kK4E/RPbAce0eEWVcdiTNUAnGIxvBg==
+; resign=20300101000000
+non-apex.example.			      86400 IN NSEC	ns1.example. RRSIG NSEC ZONEMD
+non-apex.example.			      86400 IN RRSIG	NSEC 15 2 86400 20300101000000 20240101000000 4770 example. EWzXDr0QDUozh5s0qOgR5UdBCEtJbWTy2DdTfBvqNbVHqSIwxOIXkiWK zgLiX1i6tTzajpkaDc63Q5fUOMFACA==
+; resign=20300101000000
+non-apex.example.			      900 IN ZONEMD	2018031900 1 1 616C6C6F776564206275742069676E6F7265642E20616C6C6F776564 206275742069676E6F7265642E20616C6C6F7765
+non-apex.example.			      900 IN RRSIG	ZONEMD 15 2 900 20300101000000 20240101000000 4770 example. 25uC/CEHR39+44rBWkLOYat+wjsXMQdHoJcDS5t/5/T08VGYdcvG4WfV fkDmWHv833eaqu8kBamM/Dc+aKOgDw==
+; resign=20300101000000
+duplicate.example.			      300 IN TXT	"I must be digested just once"
+duplicate.example.			      300 IN RRSIG	TXT 15 2 300 20300101000000 20240101000000 4770 example. Tp/BgGKgWEWPeTt9TGBU5hCymB46otaJZUi5dmTkNpPgwB1XO/ifyXcs Kfuk/cZVOSE7FVk4VVkbMY5DA/w5Ag==
+; resign=20300101000000
+duplicate.example.			      86400 IN NSEC	mail.example. TXT RRSIG NSEC
+duplicate.example.			      86400 IN RRSIG	NSEC 15 2 86400 20300101000000 20240101000000 4770 example. Zo8ocFr8x04bdgD2xerMSh6zENZXf4K8psGgC+JBTC3svW/ITEtNtqHO cpO4VJM0hF07egDW8l6ldyiuLD4pBg==
+; resign=20300101000000
+NS2.example.				      3600 IN AAAA	2001:db8::63
+NS2.example.				      3600 IN RRSIG	AAAA 15 2 3600 20300101000000 20240101000000 4770 example. bNjm/kEfEf8TLXw3iJ2Y1zYzcrp7WDlUvCbexCdfFQ0tbhHEcY26BYW8 y8noJOhX4iXoopOgkPh5lXF3cbP0AQ==
+; resign=20300101000000
+NS2.example.				      86400 IN NSEC	sortme.example. AAAA RRSIG NSEC
+NS2.example.				      86400 IN RRSIG	NSEC 15 2 86400 20300101000000 20240101000000 4770 example. Pg15bpP0plpg273TqsXgV+dcnv0LzdzhEZ+5DUKPEgJri/kWXpxT2uY+ mn5WusAC9ncIn1WwNCt7x8aOkzQfBw==
+; resign=20300101000000
+ns1.example.				      3600 IN A		203.0.113.63
+ns1.example.				      3600 IN RRSIG	A 15 2 3600 20300101000000 20240101000000 4770 example. pkLaJGOE2gInA0B81mGTU0WD3GKMV3f0vensII+AO0rUBzYwwhX4PdEb rKg2Fy2U0XU1t1Ej93/WrkkcYlHLAg==
+; resign=20300101000000
+ns1.example.				      86400 IN NSEC	NS2.example. A RRSIG NSEC
+ns1.example.				      86400 IN RRSIG	NSEC 15 2 86400 20300101000000 20240101000000 4770 example. 2+UVtROxdUs4MyLz8OjmuYu/QiB9rng8Wqo7Lwp5A1UOEb8ROscQrkJ4 tDjZ/LPaX85YL8RbIwXvgf28FcSxCg==
+; resign=20300101000000
+mail.example.				      3600 IN MX	10 Mail2.Example.
+mail.example.				      3600 IN MX	20 MAIL1.example.
+mail.example.				      3600 IN RRSIG	MX 15 2 3600 20300101000000 20240101000000 4770 example. ltCZTP1565PjaLQ1minRaLoTeCr2wVTjjnkSoMPZDDVAGle+Nx9ZjifJ wlo33N3tltZUuPDId31yiXvxNyMXBQ==
+; resign=20300101000000
+mail.example.				      86400 IN NSEC	non-apex.example. MX RRSIG NSEC
+mail.example.				      86400 IN RRSIG	NSEC 15 2 86400 20300101000000 20240101000000 4770 example. ToesrgObjOL1wCtlQqZr6xW7h73xnFCtLNWhUIcpbHYcbmqF2ubGPwEv Reuc8ZnyhKAAfrrzGDNasat8CcJDCw==
+; resign=20300101000000
+sub.example.				      7200 IN NS	ns1.example.
+sub.example.				      86400 IN NSEC	UPPERCASE.example. NS RRSIG NSEC
+sub.example.				      86400 IN RRSIG	NSEC 15 2 86400 20300101000000 20240101000000 4770 example. wtugWOeQ4OMv4bDfiJmTAlTAbiQlHrGPAOkLD2B9gWdhN5otC317rPQr q4LzfXcYwJsfgIV5N9lUy3qNGYfTDQ==
+; resign=20300101000000
+sortme.example.				      3600 IN AAAA	2001:db8::1:65
+sortme.example.				      3600 IN AAAA	2001:db8::2:64
+sortme.example.				      3600 IN AAAA	2001:db8::3:62
+sortme.example.				      3600 IN AAAA	2001:db8::4:63
+sortme.example.				      3600 IN AAAA	2001:db8::5:61
+sortme.example.				      3600 IN RRSIG	AAAA 15 2 3600 20300101000000 20240101000000 4770 example. PUCqYSxrjiF7e3kFghjTb3FSmcEzo/rkun9LZUBbnm2toRIpOhnz24V1 ICXo0LT/W/fiJ+WlLTfJAxqhNFO9Cg==
+; resign=20300101000000
+sortme.example.				      86400 IN NSEC	sub.example. AAAA RRSIG NSEC
+sortme.example.				      86400 IN RRSIG	NSEC 15 2 86400 20300101000000 20240101000000 4770 example. fk7spWgAPgn3hq8gU29NmXUmwn6fvLLigvq73KR6+QDlURS5StDAcE8e KcnReQLI+2PNiSwG60WJ1iF0lu5WDw==
+; resign=20300101000000
+UPPERCASE.example.			      3600 IN TXT	"canonicalize uppercase owner names"
+UPPERCASE.example.			      3600 IN RRSIG	TXT 15 2 3600 20300101000000 20240101000000 4770 example. YC7r7E6vuOSgP1XD0PDREbFPvnS+U9XGWMJ8X7jivKP0J87Otq+nc6u2 97/BIMoEw8e7GjQZ+onDxDekxKkEDQ==
+; resign=20300101000000
+UPPERCASE.example.			      86400 IN NSEC	example. TXT RRSIG NSEC
+UPPERCASE.example.			      86400 IN RRSIG	NSEC 15 2 86400 20300101000000 20240101000000 4770 example. yhddH1aXo0h4aK6T6v3nEo15KsHxdNbTPAc/0p4F/FtWG+vL9Ock6jls 7hSGRqxbMPUq3pAhuNLQn7m1UyqeDw==
+; resign=20300101000000
Original file line number	Diff line number	Diff line change
`@@ -183,7 +183,7 @@ func (n *NameNode) IterateNameNodeWithValue(f func(NameNodeInterface, any) (any,`
`183`	`183`	`for key := range children {`
`184`	`184`	`keys = append(keys, key)`
`185`	`185`	`}`
`186`		`- keys, _ = SortNames(keys)`
	`186`	`+ SortNames(keys)`
`187`	`187`	`for _, name := range keys {`
`188`	`188`	`if err := children[name].IterateNameNodeWithValue(f, res); err != nil {`
`189`	`189`	`return err`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+example. IN DS 49842 15 2 B6CDFFD5BEF3146A7FF0302E2374EA4ED121BE106CF7EB452452B821 E92DC173`