/* special case were there was a wildcard expansion match, the exact match must be disproven */
ldns_status
ldns_verify_denial_wildcard(ldns_pkt *pkt, ldns_rdf *name, ldns_rr_type type, ldns_rr_list **nsec_rrs, ldns_rr_list **nsec_rr_sigs)
{
ldns_rdf *nsec3_ce = NULL;
ldns_rr *nsec3_ex = NULL;
ldns_rdf *wildcard_name = NULL;
ldns_rdf *nsec3_wc_ce = NULL;
ldns_rr *nsec3_wc_ex = NULL;
ldns_rdf *chopped_dname = NULL;
ldns_rr_list *nsecs;
ldns_status result = LDNS_STATUS_ERR;
nsecs = ldns_pkt_rr_list_by_type(pkt, LDNS_RR_TYPE_NSEC3, LDNS_SECTION_ANY_NOQUESTION);
if (nsecs) {
wildcard_name = ldns_dname_new_frm_str("*");
chopped_dname = ldns_dname_left_chop(name);
result = ldns_dname_cat(wildcard_name, chopped_dname);
ldns_rdf_deep_free(chopped_dname);
nsec3_ex = ldns_nsec3_exact_match(name, type, nsecs);
nsec3_ce = ldns_nsec3_closest_encloser(name, type, nsecs);
nsec3_wc_ce = ldns_nsec3_closest_encloser(wildcard_name, type, nsecs);
nsec3_wc_ex = ldns_nsec3_exact_match(wildcard_name, type, nsecs);
if (nsec3_ex) {
if (verbosity >= 3) {
printf(";; Error, exact match for for name found, but should not exist (draft -07 section 8.8)\n");
}
result = LDNS_STATUS_NSEC3_ERR;
} else if (!nsec3_ce) {
if (verbosity >= 3) {
printf(";; Error, closest encloser for exact match missing in wildcard response (draft -07 section 8.8)\n");
}
result = LDNS_STATUS_NSEC3_ERR;
/*
} else if (!nsec3_wc_ex) {
printf(";; Error, no wildcard nsec3 match: ");
ldns_rdf_print(stdout, wildcard_name);
printf(" (draft -07 section 8.8)\n");
result = LDNS_STATUS_NSEC3_ERR;
*/
/* } else if (!nsec */
} else {
if (verbosity >= 3) {
printf(";; wilcard expansion proven\n");
}
result = LDNS_STATUS_OK;
}
} else {
if (verbosity >= 3) {
printf(";; Error: no NSEC or NSEC3 records in answer\n");
}
result = LDNS_STATUS_CRYPTO_NO_RRSIG;
}
if (nsecs && nsec_rrs && nsec_rr_sigs) {
(void) get_dnssec_rr(pkt, ldns_rr_owner(ldns_rr_list_rr(nsecs, 0)), LDNS_RR_TYPE_NSEC3, nsec_rrs, nsec_rr_sigs);
}
return result;
}
ldns_rr_list* loadKeyfile(const char *filename) {
FILE *key_file;
ldns_status status;
ldns_rr_list *trusted_keys;
ldns_zone *trusted_zone;
// Try open trusted key file
key_file = fopen(filename, "r");
if (!key_file) {
if (mp_verbose >= 1)
fprintf(stderr,"Error opening trusted-key file %s: %s\n", filename,
strerror(errno));
return NULL;
}
ldns_rdf *origin = ldns_dname_new_frm_str(".");
// Read key file
status = ldns_zone_new_frm_fp(&trusted_zone, key_file, origin, 900, LDNS_RR_CLASS_IN);
ldns_rdf_deep_free(origin);
fclose(key_file);
if (status == LDNS_STATUS_OK) {
trusted_keys = ldns_rr_list_clone(ldns_zone_rrs(trusted_zone));
ldns_zone_deep_free(trusted_zone);
} else {
if (mp_verbose >= 1)
fprintf(stderr,"loading keyfile failed.");
return NULL;
}
return trusted_keys;
}
char*
skip_comments_and_query(FILE* in, ldns_rdf ** qname)
{
static char buf[10240];
/* read comment lines */
while(1) {
if(!fgets(buf, sizeof(buf), in))
return 0; /* EOF */
printf("%s", buf); /* echo */
if(strcmp(buf, "") == 0 || strcmp(buf, "\n") == 0)
continue;
if(buf[0] != ';')
break;
if(strncmp(buf, ";; QUESTION SECTION:", 20) == 0)
{
char *q_rr = buf;
/* read question on next line, ;;s before */
if(!fgets(buf, sizeof(buf), in)) return 0;
while(*q_rr == ';' || *q_rr == ' ' || *q_rr == '\t')
++q_rr;
printf("Question: %s", q_rr);
*strchr(q_rr, '\t') = 0;
*qname = ldns_dname_new_frm_str(q_rr);
}
}
return buf;
}
ldns_rr_list* mrb_getrr_list(mrb_state *mrb, ldns_resolver *resolver, char *name, uint32_t rrtype,uint32_t rrclass, uint32_t opt, uint32_t rrsection)
{
ldns_pkt *pkt = NULL;
ldns_rr_list *records= NULL;
ldns_rdf *domain = NULL;
domain = ldns_dname_new_frm_str(name);
if(!domain)
{
return NULL;
}
pkt = ldns_resolver_query(resolver,
domain,
rrtype,
rrclass,
opt);
ldns_rdf_deep_free(domain);
if(!pkt)
{
return NULL;
}
records =ldns_pkt_rr_list_by_type(pkt, rrtype, rrsection);
ldns_pkt_free(pkt);
if(!records)
{
return NULL;
}
return records;
}
/** setup qinfo and edns */
static int
setup_qinfo_edns(struct libworker* w, struct ctx_query* q,
struct query_info* qinfo, struct edns_data* edns)
{
ldns_rdf* rdf;
qinfo->qtype = (uint16_t)q->res->qtype;
qinfo->qclass = (uint16_t)q->res->qclass;
rdf = ldns_dname_new_frm_str(q->res->qname);
if(!rdf) {
return 0;
}
#ifdef UNBOUND_ALLOC_LITE
qinfo->qname = memdup(ldns_rdf_data(rdf), ldns_rdf_size(rdf));
qinfo->qname_len = ldns_rdf_size(rdf);
ldns_rdf_deep_free(rdf);
rdf = 0;
#else
qinfo->qname = ldns_rdf_data(rdf);
qinfo->qname_len = ldns_rdf_size(rdf);
#endif
edns->edns_present = 1;
edns->ext_rcode = 0;
edns->edns_version = 0;
edns->bits = EDNS_DO;
if(ldns_buffer_capacity(w->back->udp_buff) < 65535)
edns->udp_size = (uint16_t)ldns_buffer_capacity(
w->back->udp_buff);
else edns->udp_size = 65535;
ldns_rdf_free(rdf);
return 1;
}
ldns_rr_list *mrb_getaddress_rr_list(mrb_state *mrb, ldns_resolver *resolver, char *name)
{
ldns_pkt *pkt = NULL;
ldns_rr_list *records= NULL;
ldns_rdf *domain = NULL;
domain = ldns_dname_new_frm_str(name);
if(!domain)
{
return NULL;
}
pkt = ldns_resolver_query(resolver,
domain,
LDNS_RR_TYPE_A,
LDNS_RR_CLASS_IN,
LDNS_RD);
ldns_rdf_deep_free(domain);
if(!pkt)
{
return NULL;
}
records =ldns_pkt_rr_list_by_type(pkt, LDNS_RR_TYPE_A, LDNS_SECTION_ANSWER);
ldns_pkt_free(pkt);
if(!records)
{
return NULL;
}
return records;
}
void
covertests(ldns_rr_list *list, ldns_rdf *qname)
{
size_t i;
ldns_rdf *smaller = qname;
ldns_rdf *wcard = ldns_dname_new_frm_str("*");
for(i=0; i<ldns_dname_label_count(qname)+1; ++i)
{
check_cover(list, smaller);
ldns_rdf* wcardchild = ldns_dname_cat_clone(wcard, smaller);
check_cover(list, wcardchild);
smaller = ldns_dname_left_chop(smaller);
}
/* check covers by weird names */
if(0) {
check_cover(list, ldns_dname_new_frm_str("x.bar.example."));
check_cover(list, ldns_dname_new_frm_str("bar.example."));
}
}
/**
* Insert insecure anchor
* @param anchors: anchor storage.
* @param str: the domain name.
* @return NULL on error, Else last trust anchor point
*/
static struct trust_anchor*
anchor_insert_insecure(struct val_anchors* anchors, const char* str)
{
struct trust_anchor* ta;
ldns_rdf* nm = ldns_dname_new_frm_str(str);
if(!nm) {
log_err("parse error in domain name '%s'", str);
return NULL;
}
ta = anchor_store_new_key(anchors, ldns_rdf_data(nm), LDNS_RR_TYPE_DS,
LDNS_RR_CLASS_IN, NULL, 0);
ldns_rdf_deep_free(nm);
return ta;
}
ldns_rr_list *mrb_getname_rr_list(mrb_state *mrb, ldns_resolver *resolver,char *addr)
{
char *rev = NULL,
*query = NULL;
const char *arpa = "in-addr.arpa";
ldns_rdf *domain = NULL ;
ldns_pkt *pkt = NULL;
ldns_rr_list *records = NULL;
rev = reverse_addr(addr);
if(!rev)
{
return NULL;
}
query = (char *)malloc( strlen(rev) + strlen(arpa) + sizeof(char) * 4);
strcpy(query, rev);
strcat(query,".");
strcat(query,arpa);
domain = ldns_dname_new_frm_str(query);
free(query);
if(!domain)
{
return NULL;
}
pkt = ldns_resolver_query(resolver,
domain,
LDNS_RR_TYPE_PTR,
LDNS_RR_CLASS_IN,
LDNS_RD);
ldns_rdf_deep_free(domain);
if(!pkt)
{
return NULL;
}
records = ldns_pkt_rr_list_by_type(pkt, LDNS_RR_TYPE_PTR, LDNS_RR_CLASS_IN);
ldns_pkt_free(pkt);
if(!records)
{
return NULL;
}
return records;
}
/** add hint to delegation hints */
static int
ah(struct delegpt* dp, const char* sv, const char* ip)
{
struct sockaddr_storage addr;
socklen_t addrlen;
ldns_rdf* rdf = ldns_dname_new_frm_str(sv);
if(!rdf) {
log_err("could not parse %s", sv);
return 0;
}
if(!delegpt_add_ns_mlc(dp, ldns_rdf_data(rdf), 0) ||
!extstrtoaddr(ip, &addr, &addrlen) ||
!delegpt_add_target_mlc(dp, ldns_rdf_data(rdf), ldns_rdf_size(rdf),
&addr, addrlen, 0, 0)) {
ldns_rdf_deep_free(rdf);
return 0;
}
ldns_rdf_deep_free(rdf);
return 1;
}
/** make NULL entries for stubs */
static int
make_stub_holes(struct iter_forwards* fwd, struct config_file* cfg)
{
struct config_stub* s;
for(s = cfg->stubs; s; s = s->next) {
ldns_rdf* rdf = ldns_dname_new_frm_str(s->name);
if(!rdf) {
log_err("cannot parse stub name '%s'", s->name);
return 0;
}
if(!fwd_add_stub_hole(fwd, LDNS_RR_CLASS_IN,
ldns_rdf_data(rdf))) {
ldns_rdf_deep_free(rdf);
log_err("out of memory");
return 0;
}
ldns_rdf_deep_free(rdf);
}
return 1;
}
/** parse commandline argument domain name */
static int
parse_arg_name(SSL* ssl, char* str, uint8_t** res, size_t* len, int* labs)
{
ldns_rdf* rdf;
*res = NULL;
*len = 0;
*labs = 0;
rdf = ldns_dname_new_frm_str(str);
if(!rdf) {
ssl_printf(ssl, "error cannot parse name %s\n", str);
return 0;
}
*res = memdup(ldns_rdf_data(rdf), ldns_rdf_size(rdf));
ldns_rdf_deep_free(rdf);
if(!*res) {
ssl_printf(ssl, "error out of memory\n");
return 0;
}
*labs = dname_count_size_labels(*res, len);
return 1;
}
/** set stub host names */
static int
read_stubs_host(struct config_stub* s, struct delegpt* dp)
{
struct config_strlist* p;
ldns_rdf* rdf;
for(p = s->hosts; p; p = p->next) {
log_assert(p->str);
rdf = ldns_dname_new_frm_str(p->str);
if(!rdf) {
log_err("cannot parse stub %s nameserver name: '%s'",
s->name, p->str);
return 0;
}
if(!delegpt_add_ns_mlc(dp, ldns_rdf_data(rdf), 0)) {
ldns_rdf_deep_free(rdf);
log_err("out of memory");
return 0;
}
ldns_rdf_deep_free(rdf);
}
return 1;
}
/** set stub name */
static struct delegpt*
read_stubs_name(struct config_stub* s)
{
struct delegpt* dp;
ldns_rdf* rdf;
if(!s->name) {
log_err("stub zone without a name");
return NULL;
}
rdf = ldns_dname_new_frm_str(s->name);
if(!rdf) {
log_err("cannot parse stub zone name %s", s->name);
return NULL;
}
if(!(dp=delegpt_create_mlc(ldns_rdf_data(rdf)))) {
ldns_rdf_deep_free(rdf);
log_err("out of memory");
return NULL;
}
ldns_rdf_deep_free(rdf);
return dp;
}
int
main(int argc, char *argv[])
{
ldns_resolver *res;
ldns_rdf *name;
ldns_rdf *version, *id;
ldns_pkt *p;
ldns_rr_list *addr;
ldns_rr_list *info;
ldns_status s;
ldns_rdf *pop;
size_t i;
if (argc != 2) {
usage(stdout, argv[0]);
exit(EXIT_FAILURE);
} else {
/* create a rdf from the command line arg */
name = ldns_dname_new_frm_str(argv[1]);
if (!name) {
usage(stdout, argv[0]);
exit(EXIT_FAILURE);
}
}
/* create rdf for what we are going to ask */
version = ldns_dname_new_frm_str("version.bind");
id = ldns_dname_new_frm_str("hostname.bind");
/* create a new resolver from /etc/resolv.conf */
s = ldns_resolver_new_frm_file(&res, NULL);
if (s != LDNS_STATUS_OK) {
ldns_rdf_deep_free(name);
exit(EXIT_FAILURE);
}
ldns_resolver_set_retry(res, 1); /* don't want to wait too long */
/* use the resolver to send it a query for the a/aaaa of name */
addr = ldns_get_rr_list_addr_by_name(res, name, LDNS_RR_CLASS_IN, LDNS_RD);
if (!addr) {
fprintf(stderr, " *** could not get an address for %s\n", argv[1]);
ldns_rdf_deep_free(name);
ldns_resolver_deep_free(res);
exit(EXIT_FAILURE);
}
/* remove current list of nameservers from resolver */
while((pop = ldns_resolver_pop_nameserver(res))) { ldns_rdf_deep_free(pop); }
/* can be multihomed */
for(i = 0; i < ldns_rr_list_rr_count(addr); i++) {
if (i > 0) {
fprintf(stdout, "\n");
}
if (ldns_resolver_push_nameserver_rr(res,
ldns_rr_list_rr(addr, i)) != LDNS_STATUS_OK) {
printf("Error adding nameserver to resolver\n");
}
ldns_rr_print(stdout, ldns_rr_list_rr(addr, i));
fprintf(stdout, "\n");
p = ldns_resolver_query(res, version, LDNS_RR_TYPE_TXT,
LDNS_RR_CLASS_CH, LDNS_RD);
if (p) {
ldns_pkt_print(stdout, p);
info = ldns_pkt_rr_list_by_type(p,
LDNS_RR_TYPE_TXT, LDNS_SECTION_ANSWER);
if (info) {
ldns_rr_list_print(stdout, info);
ldns_rr_list_deep_free(info);
} else {
printf(" *** version retrieval failed\n");
}
ldns_pkt_free(p);
} else {
printf(" *** query failed\n");
}
p = ldns_resolver_query(res, id, LDNS_RR_TYPE_TXT,
LDNS_RR_CLASS_CH, LDNS_RD);
if (p) {
info = ldns_pkt_rr_list_by_type(p,
LDNS_RR_TYPE_TXT, LDNS_SECTION_ANSWER);
if (info) {
ldns_rr_list_print(stdout, info);
ldns_rr_list_deep_free(info);
} else {
printf(" *** id retrieval failed\n");
}
ldns_pkt_free(p);
} else {
printf(" *** query failed for\n");
}
ldns_rdf_deep_free(ldns_resolver_pop_nameserver(res));
}
ldns_rdf_deep_free(name);
ldns_resolver_deep_free(res);
exit(EXIT_SUCCESS);
}
/*
Simple interface to provide DNS MX record resolution.
@param Pointer to the c string hostname you would like resolved to an MX record.
@param Pointer to the struct you would like the results written out to.
@return Return is of type int and is just the mx family type in the variable ohana. Ohana is hawaiian for family.
*/
int resolve_server(char * hostname, struct sockaddr_storage * result)
{
pthread_mutex_lock(&dns_lock);
res_init();
int error = 0;
int ohana = 0;
ns_msg msg;
ns_rr rr;
struct addrinfo * addr_res;
int res_length = 0;
unsigned char dns_answer[4096] = {0};
char display_buffer[4096] = {0};
//ldns variables
ldns_resolver *ldns_resolv;
ldns_rdf *ldns_domain;
ldns_pkt *ldns_packet;
ldns_rr_list *ldns_mx_records;
ldns_status s;
//Setup ldns to query for the mx record
s = ldns_resolver_new_frm_file(&ldns_resolv, NULL);
ldns_domain = ldns_dname_new_frm_str(hostname);
//Use ldns to query
ldns_packet = ldns_resolver_query(ldns_resolv, ldns_domain, LDNS_RR_TYPE_MX, LDNS_RR_CLASS_IN, LDNS_RD);
//parse ldns query results
ldns_mx_records = ldns_pkt_rr_list_by_type(ldns_packet, LDNS_RR_TYPE_MX, LDNS_SECTION_ANSWER);
//Sort and print mx records
ldns_rr_list_sort(ldns_mx_records);
ldns_rr_list_print(stdout, ldns_mx_records);
for (int i = 0; i < ldns_mx_records->_rr_count; i++)
{
printf("^_^ i= %d\n", i);
printf(">_> %s",ldns_rr2str(ldns_rr_list_rr(ldns_mx_records, i)));
printf(">.> %s\n", last_str_split(ldns_rr2str(ldns_rr_list_rr(ldns_mx_records, i)), " "));
}
/////////////////Old code below/////////////////////
res_length = res_query(hostname, C_IN, T_MX, dns_answer, sizeof(dns_answer));
if (ns_initparse(dns_answer, res_length, &msg)<0)
{
printf("hostname = %s\n", hostname);
printf("res_length = %d\n", res_length);
perror("DNS has gone wrong!");
print_to_log("DNS resource query has failed", LOG_ERR);
}
else
{
res_length = ns_msg_count(msg, ns_s_an);
for (int i = 0; i < res_length; i++)
{
//printf("DNS loop level = %d\n", i);
ns_parserr(&msg, ns_s_an, i, &rr);
ns_sprintrr(&msg, &rr, NULL, NULL, display_buffer, sizeof(display_buffer));
if (ns_rr_type(rr) == ns_t_mx)
{
//String parsing solution for rr. Requires creation of display_buffer above
error = getaddrinfo(last_str_split(display_buffer, " "), NULL, NULL, &addr_res);
if (error != 0)
{
printf("error = %d\n", error);
printf("display_buffer = %s\n", display_buffer);
printf("last_str_split = %s\n", last_str_split(display_buffer, " "));
perror("getaddrinfo");
}
if (addr_res->ai_family==AF_INET)
{
//printf("IPv4 mode is go\n");
struct sockaddr_in* temp_addr = (struct sockaddr_in*)addr_res->ai_addr;
memcpy(result, temp_addr, sizeof(*temp_addr));
//printf("ai_addr hostname -> %s\n", inet_ntoa(temp_addr->sin_addr));
ohana = addr_res->ai_family;
}
else if (addr_res->ai_family==AF_INET6)
{
//printf("v6 mode engaged\n");
struct sockaddr_in6 * temp_addr = (struct sockaddr_in6 *) addr_res->ai_addr;
memcpy(result, temp_addr, sizeof(*temp_addr));
ohana = addr_res->ai_family;
}
}
freeaddrinfo(addr_res);
}
}
pthread_mutex_unlock(&dns_lock);
return ohana;
}
/**
* Main function of drill
* parse the arguments and prepare a query
*/
int
main(int argc, char *argv[])
{
ldns_resolver *res = NULL;
ldns_resolver *cmdline_res = NULL; /* only used to resolv @name names */
ldns_rr_list *cmdline_rr_list = NULL;
ldns_rdf *cmdline_dname = NULL;
ldns_rdf *qname, *qname_tmp;
ldns_pkt *pkt;
ldns_pkt *qpkt;
char *serv;
const char *name;
char *name2;
char *progname;
char *query_file = NULL;
char *answer_file = NULL;
ldns_buffer *query_buffer = NULL;
ldns_rdf *serv_rdf;
ldns_rr_type type;
ldns_rr_class clas;
#if 0
ldns_pkt_opcode opcode = LDNS_PACKET_QUERY;
#endif
int i, c;
int int_type;
int int_clas;
int PURPOSE;
char *tsig_name = NULL;
char *tsig_data = NULL;
char *tsig_algorithm = NULL;
size_t tsig_separator;
size_t tsig_separator2;
ldns_rr *axfr_rr;
ldns_status status;
char *type_str;
/* list of keys used in dnssec operations */
ldns_rr_list *key_list = ldns_rr_list_new();
/* what key verify the current answer */
ldns_rr_list *key_verified;
/* resolver options */
uint16_t qflags;
uint16_t qbuf;
uint16_t qport;
uint8_t qfamily;
bool qdnssec;
bool qfallback;
bool qds;
bool qusevc;
bool qrandom;
char *resolv_conf_file = NULL;
ldns_rdf *trace_start_name = NULL;
int result = 0;
#ifdef USE_WINSOCK
int r;
WSADATA wsa_data;
#endif
int_type = -1; serv = NULL; type = 0;
int_clas = -1; name = NULL; clas = 0;
qname = NULL;
progname = strdup(argv[0]);
#ifdef USE_WINSOCK
r = WSAStartup(MAKEWORD(2,2), &wsa_data);
if(r != 0) {
printf("Failed WSAStartup: %d\n", r);
result = EXIT_FAILURE;
goto exit;
}
#endif /* USE_WINSOCK */
PURPOSE = DRILL_QUERY;
qflags = LDNS_RD;
qport = LDNS_PORT;
verbosity = 2;
qdnssec = false;
qfamily = LDNS_RESOLV_INETANY;
qfallback = false;
qds = false;
qbuf = 0;
qusevc = false;
qrandom = true;
key_verified = NULL;
ldns_init_random(NULL, 0);
if (argc == 0) {
usage(stdout, progname);
result = EXIT_FAILURE;
goto exit;
}
/* string from orig drill: "i:w:I46Sk:TNp:b:DsvhVcuaq:f:xr" */
/* global first, query opt next, option with parm's last
* and sorted */ /* "46DITSVQf:i:w:q:achuvxzy:so:p:b:k:" */
while ((c = getopt(argc, argv, "46ab:c:d:Df:hi:Ik:o:p:q:Qr:sStTuvV:w:xy:z")) != -1) {
switch(c) {
/* global options */
case '4':
qfamily = LDNS_RESOLV_INET;
break;
case '6':
qfamily = LDNS_RESOLV_INET6;
break;
case 'D':
qdnssec = true;
break;
case 'I':
/* reserved for backward compatibility */
break;
case 'T':
if (PURPOSE == DRILL_CHASE) {
fprintf(stderr, "-T and -S cannot be used at the same time.\n");
exit(EXIT_FAILURE);
}
PURPOSE = DRILL_TRACE;
break;
#ifdef HAVE_SSL
case 'S':
if (PURPOSE == DRILL_TRACE) {
fprintf(stderr, "-T and -S cannot be used at the same time.\n");
exit(EXIT_FAILURE);
}
PURPOSE = DRILL_CHASE;
break;
#endif /* HAVE_SSL */
case 'V':
if (strtok(optarg, "0123456789") != NULL) {
fprintf(stderr, "-V expects an number as an argument.\n");
exit(EXIT_FAILURE);
}
verbosity = atoi(optarg);
break;
case 'Q':
verbosity = -1;
break;
case 'f':
query_file = optarg;
break;
case 'i':
answer_file = optarg;
PURPOSE = DRILL_AFROMFILE;
break;
case 'w':
answer_file = optarg;
break;
case 'q':
query_file = optarg;
PURPOSE = DRILL_QTOFILE;
break;
case 'r':
if (global_dns_root) {
fprintf(stderr, "There was already a series of root servers set\n");
exit(EXIT_FAILURE);
}
global_dns_root = read_root_hints(optarg);
if (!global_dns_root) {
fprintf(stderr, "Unable to read root hints file %s, aborting\n", optarg);
exit(EXIT_FAILURE);
}
break;
/* query options */
case 'a':
qfallback = true;
break;
case 'b':
qbuf = (uint16_t)atoi(optarg);
if (qbuf == 0) {
error("%s", "<bufsize> could not be converted");
}
break;
case 'c':
resolv_conf_file = optarg;
break;
case 't':
qusevc = true;
break;
case 'k':
status = read_key_file(optarg,
key_list, false);
if (status != LDNS_STATUS_OK) {
error("Could not parse the key file %s: %s", optarg, ldns_get_errorstr_by_id(status));
}
qdnssec = true; /* enable that too */
break;
case 'o':
/* only looks at the first hit: capital=ON, lowercase=OFF*/
if (strstr(optarg, "QR")) {
DRILL_ON(qflags, LDNS_QR);
}
if (strstr(optarg, "qr")) {
DRILL_OFF(qflags, LDNS_QR);
}
if (strstr(optarg, "AA")) {
DRILL_ON(qflags, LDNS_AA);
}
if (strstr(optarg, "aa")) {
DRILL_OFF(qflags, LDNS_AA);
}
if (strstr(optarg, "TC")) {
DRILL_ON(qflags, LDNS_TC);
}
if (strstr(optarg, "tc")) {
DRILL_OFF(qflags, LDNS_TC);
}
if (strstr(optarg, "RD")) {
DRILL_ON(qflags, LDNS_RD);
}
if (strstr(optarg, "rd")) {
DRILL_OFF(qflags, LDNS_RD);
}
if (strstr(optarg, "CD")) {
DRILL_ON(qflags, LDNS_CD);
}
if (strstr(optarg, "cd")) {
DRILL_OFF(qflags, LDNS_CD);
}
if (strstr(optarg, "RA")) {
DRILL_ON(qflags, LDNS_RA);
}
if (strstr(optarg, "ra")) {
DRILL_OFF(qflags, LDNS_RA);
}
if (strstr(optarg, "AD")) {
DRILL_ON(qflags, LDNS_AD);
}
if (strstr(optarg, "ad")) {
DRILL_OFF(qflags, LDNS_AD);
}
break;
case 'p':
qport = (uint16_t)atoi(optarg);
if (qport == 0) {
error("%s", "<port> could not be converted");
}
break;
case 's':
qds = true;
break;
case 'u':
qusevc = false;
break;
case 'v':
version(stdout, progname);
result = EXIT_SUCCESS;
goto exit;
case 'x':
PURPOSE = DRILL_REVERSE;
break;
case 'y':
#ifdef HAVE_SSL
if (strchr(optarg, ':')) {
tsig_separator = (size_t) (strchr(optarg, ':') - optarg);
if (strchr(optarg + tsig_separator + 1, ':')) {
tsig_separator2 = (size_t) (strchr(optarg + tsig_separator + 1, ':') - optarg);
tsig_algorithm = xmalloc(strlen(optarg) - tsig_separator2);
strncpy(tsig_algorithm, optarg + tsig_separator2 + 1, strlen(optarg) - tsig_separator2);
tsig_algorithm[strlen(optarg) - tsig_separator2 - 1] = '\0';
} else {
tsig_separator2 = strlen(optarg);
tsig_algorithm = xmalloc(26);
strncpy(tsig_algorithm, "hmac-md5.sig-alg.reg.int.", 25);
tsig_algorithm[25] = '\0';
}
tsig_name = xmalloc(tsig_separator + 1);
tsig_data = xmalloc(tsig_separator2 - tsig_separator);
strncpy(tsig_name, optarg, tsig_separator);
strncpy(tsig_data, optarg + tsig_separator + 1, tsig_separator2 - tsig_separator - 1);
/* strncpy does not append \0 if source is longer than n */
tsig_name[tsig_separator] = '\0';
tsig_data[ tsig_separator2 - tsig_separator - 1] = '\0';
}
#else
fprintf(stderr, "TSIG requested, but SSL is not supported\n");
result = EXIT_FAILURE;
goto exit;
#endif /* HAVE_SSL */
break;
case 'z':
qrandom = false;
break;
case 'd':
trace_start_name = ldns_dname_new_frm_str(optarg);
if (!trace_start_name) {
fprintf(stderr, "Unable to parse argument for -%c\n", c);
result = EXIT_FAILURE;
goto exit;
}
break;
case 'h':
version(stdout, progname);
usage(stdout, progname);
result = EXIT_SUCCESS;
goto exit;
break;
default:
fprintf(stderr, "Unknown argument: -%c, use -h to see usage\n", c);
result = EXIT_FAILURE;
goto exit;
}
}
argc -= optind;
argv += optind;
if ((PURPOSE == DRILL_CHASE || (PURPOSE == DRILL_TRACE && qdnssec)) &&
ldns_rr_list_rr_count(key_list) == 0) {
(void) read_key_file(LDNS_TRUST_ANCHOR_FILE, key_list, true);
}
if (ldns_rr_list_rr_count(key_list) > 0) {
printf(";; Number of trusted keys: %d\n",
(int) ldns_rr_list_rr_count(key_list));
}
/* do a secure trace when requested */
if (PURPOSE == DRILL_TRACE && qdnssec) {
#ifdef HAVE_SSL
if (ldns_rr_list_rr_count(key_list) == 0) {
warning("%s", "No trusted keys were given. Will not be able to verify authenticity!");
}
PURPOSE = DRILL_SECTRACE;
#else
fprintf(stderr, "ldns has not been compiled with OpenSSL support. Secure trace not available\n");
exit(1);
#endif /* HAVE_SSL */
}
/* parse the arguments, with multiple arguments, the last argument
* found is used */
for(i = 0; i < argc; i++) {
/* if ^@ then it's a server */
if (argv[i][0] == '@') {
if (strlen(argv[i]) == 1) {
warning("%s", "No nameserver given");
exit(EXIT_FAILURE);
}
serv = argv[i] + 1;
continue;
}
/* if has a dot, it's a name */
if (strchr(argv[i], '.')) {
name = argv[i];
continue;
}
/* if it matches a type, it's a type */
if (int_type == -1) {
type = ldns_get_rr_type_by_name(argv[i]);
if (type != 0) {
int_type = 0;
continue;
}
}
/* if it matches a class, it's a class */
if (int_clas == -1) {
clas = ldns_get_rr_class_by_name(argv[i]);
if (clas != 0) {
int_clas = 0;
continue;
}
}
/* it all fails assume it's a name */
name = argv[i];
}
/* act like dig and use for . NS */
if (!name) {
name = ".";
int_type = 0;
type = LDNS_RR_TYPE_NS;
}
/* defaults if not given */
if (int_clas == -1) {
clas = LDNS_RR_CLASS_IN;
}
if (int_type == -1) {
if (PURPOSE != DRILL_REVERSE) {
type = LDNS_RR_TYPE_A;
} else {
type = LDNS_RR_TYPE_PTR;
}
}
/* set the nameserver to use */
if (!serv) {
/* no server given make a resolver from /etc/resolv.conf */
status = ldns_resolver_new_frm_file(&res, resolv_conf_file);
if (status != LDNS_STATUS_OK) {
warning("Could not create a resolver structure: %s (%s)\n"
"Try drill @localhost if you have a resolver running on your machine.",
ldns_get_errorstr_by_id(status), resolv_conf_file);
result = EXIT_FAILURE;
goto exit;
}
} else {
res = ldns_resolver_new();
if (!res || strlen(serv) <= 0) {
warning("Could not create a resolver structure");
result = EXIT_FAILURE;
goto exit;
}
/* add the nameserver */
serv_rdf = ldns_rdf_new_addr_frm_str(serv);
if (!serv_rdf) {
/* try to resolv the name if possible */
status = ldns_resolver_new_frm_file(&cmdline_res, resolv_conf_file);
if (status != LDNS_STATUS_OK) {
error("%s", "@server ip could not be converted");
}
ldns_resolver_set_dnssec(cmdline_res, qdnssec);
ldns_resolver_set_ip6(cmdline_res, qfamily);
ldns_resolver_set_fallback(cmdline_res, qfallback);
ldns_resolver_set_usevc(cmdline_res, qusevc);
cmdline_dname = ldns_dname_new_frm_str(serv);
cmdline_rr_list = ldns_get_rr_list_addr_by_name(
cmdline_res,
cmdline_dname,
LDNS_RR_CLASS_IN,
qflags);
ldns_rdf_deep_free(cmdline_dname);
if (!cmdline_rr_list) {
/* This error msg is not always accurate */
error("%s `%s\'", "could not find any address for the name:", serv);
} else {
if (ldns_resolver_push_nameserver_rr_list(
res,
cmdline_rr_list
) != LDNS_STATUS_OK) {
error("%s", "pushing nameserver");
}
}
} else {
if (ldns_resolver_push_nameserver(res, serv_rdf) != LDNS_STATUS_OK) {
error("%s", "pushing nameserver");
} else {
ldns_rdf_deep_free(serv_rdf);
}
}
}
/* set the resolver options */
ldns_resolver_set_port(res, qport);
if (verbosity >= 5) {
ldns_resolver_set_debug(res, true);
} else {
ldns_resolver_set_debug(res, false);
}
ldns_resolver_set_dnssec(res, qdnssec);
/* ldns_resolver_set_dnssec_cd(res, qdnssec);*/
ldns_resolver_set_ip6(res, qfamily);
ldns_resolver_set_fallback(res, qfallback);
ldns_resolver_set_usevc(res, qusevc);
ldns_resolver_set_random(res, qrandom);
if (qbuf != 0) {
ldns_resolver_set_edns_udp_size(res, qbuf);
}
if (!name &&
PURPOSE != DRILL_AFROMFILE &&
!query_file
) {
usage(stdout, progname);
result = EXIT_FAILURE;
goto exit;
}
if (tsig_name && tsig_data) {
ldns_resolver_set_tsig_keyname(res, tsig_name);
ldns_resolver_set_tsig_keydata(res, tsig_data);
ldns_resolver_set_tsig_algorithm(res, tsig_algorithm);
}
/* main switching part of drill */
switch(PURPOSE) {
case DRILL_TRACE:
/* do a trace from the root down */
if (!global_dns_root) {
init_root();
}
qname = ldns_dname_new_frm_str(name);
if (!qname) {
error("%s", "parsing query name");
}
/* don't care about return packet */
(void)do_trace(res, qname, type, clas);
clear_root();
break;
case DRILL_SECTRACE:
/* do a secure trace from the root down */
if (!global_dns_root) {
init_root();
}
qname = ldns_dname_new_frm_str(name);
if (!qname) {
error("%s", "making qname");
}
/* don't care about return packet */
#ifdef HAVE_SSL
result = do_secure_trace(res, qname, type, clas, key_list, trace_start_name);
#endif /* HAVE_SSL */
clear_root();
break;
case DRILL_CHASE:
qname = ldns_dname_new_frm_str(name);
if (!qname) {
error("%s", "making qname");
}
ldns_resolver_set_dnssec(res, true);
ldns_resolver_set_dnssec_cd(res, true);
/* set dnssec implies udp_size of 4096 */
ldns_resolver_set_edns_udp_size(res, 4096);
pkt = ldns_resolver_query(res, qname, type, clas, qflags);
if (!pkt) {
error("%s", "error pkt sending");
result = EXIT_FAILURE;
} else {
if (verbosity >= 3) {
ldns_pkt_print(stdout, pkt);
}
if (!ldns_pkt_answer(pkt)) {
mesg("No answer in packet");
} else {
#ifdef HAVE_SSL
ldns_resolver_set_dnssec_anchors(res, ldns_rr_list_clone(key_list));
result = do_chase(res, qname, type,
clas, key_list,
pkt, qflags, NULL,
verbosity);
if (result == LDNS_STATUS_OK) {
if (verbosity != -1) {
mesg("Chase successful");
}
result = 0;
} else {
if (verbosity != -1) {
mesg("Chase failed.");
}
}
#endif /* HAVE_SSL */
}
ldns_pkt_free(pkt);
}
break;
case DRILL_AFROMFILE:
pkt = read_hex_pkt(answer_file);
if (pkt) {
if (verbosity != -1) {
ldns_pkt_print(stdout, pkt);
}
ldns_pkt_free(pkt);
}
break;
case DRILL_QTOFILE:
qname = ldns_dname_new_frm_str(name);
if (!qname) {
error("%s", "making qname");
}
status = ldns_resolver_prepare_query_pkt(&qpkt, res, qname, type, clas, qflags);
if(status != LDNS_STATUS_OK) {
error("%s", "making query: %s",
ldns_get_errorstr_by_id(status));
}
dump_hex(qpkt, query_file);
ldns_pkt_free(qpkt);
break;
case DRILL_NSEC:
break;
case DRILL_REVERSE:
/* ipv4 or ipv6 addr? */
if (strchr(name, ':')) {
if (strchr(name, '.')) {
error("Syntax error: both '.' and ':' seen in address\n");
}
name2 = malloc(IP6_ARPA_MAX_LEN + 20);
c = 0;
for (i=0; i<(int)strlen(name); i++) {
if (i >= IP6_ARPA_MAX_LEN) {
error("%s", "reverse argument to long");
}
if (name[i] == ':') {
if (i < (int) strlen(name) && name[i + 1] == ':') {
error("%s", ":: not supported (yet)");
} else {
if (i + 2 == (int) strlen(name) || name[i + 2] == ':') {
name2[c++] = '0';
name2[c++] = '.';
name2[c++] = '0';
name2[c++] = '.';
name2[c++] = '0';
name2[c++] = '.';
} else if (i + 3 == (int) strlen(name) || name[i + 3] == ':') {
name2[c++] = '0';
name2[c++] = '.';
name2[c++] = '0';
name2[c++] = '.';
} else if (i + 4 == (int) strlen(name) || name[i + 4] == ':') {
name2[c++] = '0';
name2[c++] = '.';
}
}
} else {
name2[c++] = name[i];
name2[c++] = '.';
}
}
name2[c++] = '\0';
qname = ldns_dname_new_frm_str(name2);
qname_tmp = ldns_dname_reverse(qname);
ldns_rdf_deep_free(qname);
qname = qname_tmp;
qname_tmp = ldns_dname_new_frm_str("ip6.arpa.");
status = ldns_dname_cat(qname, qname_tmp);
if (status != LDNS_STATUS_OK) {
error("%s", "could not create reverse address for ip6: %s\n", ldns_get_errorstr_by_id(status));
}
ldns_rdf_deep_free(qname_tmp);
free(name2);
} else {
qname = ldns_dname_new_frm_str(name);
qname_tmp = ldns_dname_reverse(qname);
ldns_rdf_deep_free(qname);
qname = qname_tmp;
qname_tmp = ldns_dname_new_frm_str("in-addr.arpa.");
status = ldns_dname_cat(qname, qname_tmp);
if (status != LDNS_STATUS_OK) {
error("%s", "could not create reverse address for ip4: %s\n", ldns_get_errorstr_by_id(status));
}
ldns_rdf_deep_free(qname_tmp);
}
if (!qname) {
error("%s", "-x implies an ip address");
}
/* create a packet and set the RD flag on it */
pkt = ldns_resolver_query(res, qname, type, clas, qflags);
if (!pkt) {
error("%s", "pkt sending");
result = EXIT_FAILURE;
} else {
if (verbosity != -1) {
ldns_pkt_print(stdout, pkt);
}
ldns_pkt_free(pkt);
}
break;
case DRILL_QUERY:
default:
if (query_file) {
/* this old way, the query packet needed
to be parseable, but we want to be able
to send mangled packets, so we need
to do it directly */
#if 0
qpkt = read_hex_pkt(query_file);
if (qpkt) {
status = ldns_resolver_send_pkt(&pkt, res, qpkt);
if (status != LDNS_STATUS_OK) {
printf("Error: %s\n", ldns_get_errorstr_by_id(status));
exit(1);
}
} else {
/* qpkt was bogus, reset pkt */
pkt = NULL;
}
#endif
query_buffer = read_hex_buffer(query_file);
if (query_buffer) {
status = ldns_send_buffer(&pkt, res, query_buffer, NULL);
ldns_buffer_free(query_buffer);
if (status != LDNS_STATUS_OK) {
printf("Error: %s\n", ldns_get_errorstr_by_id(status));
exit(1);
}
} else {
printf("NO BUFFER\n");
pkt = NULL;
}
} else {
qname = ldns_dname_new_frm_str(name);
if (!qname) {
error("%s", "error in making qname");
}
if (type == LDNS_RR_TYPE_AXFR) {
status = ldns_axfr_start(res, qname, clas);
if(status != LDNS_STATUS_OK) {
error("Error starting axfr: %s",
ldns_get_errorstr_by_id(status));
}
axfr_rr = ldns_axfr_next(res);
if(!axfr_rr) {
fprintf(stderr, "AXFR failed.\n");
ldns_pkt_print(stdout,
ldns_axfr_last_pkt(res));
goto exit;
}
while (axfr_rr) {
if (verbosity != -1) {
ldns_rr_print(stdout, axfr_rr);
}
ldns_rr_free(axfr_rr);
axfr_rr = ldns_axfr_next(res);
}
goto exit;
} else {
/* create a packet and set the RD flag on it */
pkt = ldns_resolver_query(res, qname, type, clas, qflags);
}
}
if (!pkt) {
mesg("No packet received");
result = EXIT_FAILURE;
} else {
if (verbosity != -1) {
ldns_pkt_print(stdout, pkt);
if (ldns_pkt_tc(pkt)) {
fprintf(stdout,
"\n;; WARNING: The answer packet was truncated; you might want to\n");
fprintf(stdout,
";; query again with TCP (-t argument), or EDNS0 (-b for buffer size)\n");
}
}
if (qds) {
if (verbosity != -1) {
print_ds_of_keys(pkt);
printf("\n");
}
}
if (ldns_rr_list_rr_count(key_list) > 0) {
/* -k's were given on the cmd line */
ldns_rr_list *rrset_verified;
uint16_t key_count;
rrset_verified = ldns_pkt_rr_list_by_name_and_type(
pkt, qname, type,
LDNS_SECTION_ANY_NOQUESTION);
if (type == LDNS_RR_TYPE_ANY) {
/* don't verify this */
break;
}
if (verbosity != -1) {
printf("; ");
ldns_rr_list_print(stdout, rrset_verified);
}
/* verify */
#ifdef HAVE_SSL
key_verified = ldns_rr_list_new();
result = ldns_pkt_verify(pkt, type, qname, key_list, NULL, key_verified);
if (result == LDNS_STATUS_ERR) {
/* is the existence denied then? */
result = ldns_verify_denial(pkt, qname, type, NULL, NULL);
if (result == LDNS_STATUS_OK) {
if (verbosity != -1) {
printf("Existence denied for ");
ldns_rdf_print(stdout, qname);
type_str = ldns_rr_type2str(type);
printf("\t%s\n", type_str);
LDNS_FREE(type_str);
}
} else {
if (verbosity != -1) {
printf("Bad data; RR for name and "
"type not found or failed to "
"verify, and denial of "
"existence failed.\n");
}
}
} else if (result == LDNS_STATUS_OK) {
for(key_count = 0; key_count < ldns_rr_list_rr_count(key_verified);
key_count++) {
if (verbosity != -1) {
printf("; VALIDATED by id = %u, owner = ",
(unsigned int)ldns_calc_keytag(
ldns_rr_list_rr(key_verified, key_count)));
ldns_rdf_print(stdout, ldns_rr_owner(
ldns_rr_list_rr(key_list, key_count)));
printf("\n");
}
}
} else {
for(key_count = 0; key_count < ldns_rr_list_rr_count(key_list);
key_count++) {
if (verbosity != -1) {
printf("; %s for id = %u, owner = ",
ldns_get_errorstr_by_id(result),
(unsigned int)ldns_calc_keytag(
ldns_rr_list_rr(key_list, key_count)));
ldns_rdf_print(stdout, ldns_rr_owner(
ldns_rr_list_rr(key_list,
key_count)));
printf("\n");
}
}
}
ldns_rr_list_free(key_verified);
#else
(void) key_count;
#endif /* HAVE_SSL */
}
if (answer_file) {
dump_hex(pkt, answer_file);
}
ldns_pkt_free(pkt);
}
break;
}
exit:
ldns_rdf_deep_free(qname);
ldns_resolver_deep_free(res);
ldns_resolver_deep_free(cmdline_res);
ldns_rr_list_deep_free(key_list);
ldns_rr_list_deep_free(cmdline_rr_list);
ldns_rdf_deep_free(trace_start_name);
xfree(progname);
xfree(tsig_name);
xfree(tsig_data);
xfree(tsig_algorithm);
#ifdef HAVE_SSL
ERR_remove_state(0);
CRYPTO_cleanup_all_ex_data();
ERR_free_strings();
EVP_cleanup();
#endif
#ifdef USE_WINSOCK
WSACleanup();
#endif
return result;
}
int main(int argc, char **argv) {
/* Local Vars */
int i;
int soa_valid = 0;
int ns_valid = 0;
ldns_rdf *rd_domain;
ldns_rdf *rd_trace;
ldns_rdf *rd_cdomain;
ldns_pkt *pkt;
ldns_resolver *res;
ldns_rr *rr;
ldns_rr_list *rrl;
ldns_rr_list *rrl_domain_soa;
ldns_rr_list *rrl_domain_soa_rrsig;
ldns_rr_list *rrl_domain_ns;
ldns_rr_list *rrl_domain_ns_rrsig;
ldns_rr_list *rrl_valid_keys;
ldns_status status;
/* Set signal handling and alarm */
if (signal(SIGALRM, timeout_alarm_handler) == SIG_ERR)
critical("Setup SIGALRM trap failed!");
/* Process check arguments */
if (process_arguments(argc, argv) != OK)
unknown("Parsing arguments failed!");
/* Start plugin timeout */
alarm(mp_timeout);
rd_domain = ldns_dname_new_frm_str(domainname);
if (!rd_domain)
unknown("Illegal domain name");
rd_trace = ldns_dname_new_frm_str(domaintrace);
if (!rd_trace)
unknown("Illegal trace domain name");
/* Check domain is subdomain from trace start */
if (!ldns_dname_is_subdomain(rd_domain, rd_trace)) {
ldns_rr_list_deep_free(trusted_keys);
ldns_rdf_deep_free(rd_domain);
ldns_rdf_deep_free(rd_trace);
unknown("'%s' is not a subdomain of '%s'.", domainname,
domaintrace);
}
/* Add trusted keys for trace domain to rrl_valid_keys. */
rrl_valid_keys = ldns_rr_list_new();
for(i = 0; i < ldns_rr_list_rr_count(trusted_keys); i++) {
rr = ldns_rr_list_rr(trusted_keys, i);
if (ldns_dname_compare(ldns_rr_owner(rr),rd_trace) == 0)
ldns_rr_list_push_rr(rrl_valid_keys, ldns_rr_clone(rr));
}
ldns_rr_list_deep_free(trusted_keys);
if (ldns_rr_list_rr_count(rrl_valid_keys) == 0) {
ldns_rdf_deep_free(rd_domain);
ldns_rdf_deep_free(rd_trace);
ldns_rr_list_deep_free(rrl_valid_keys);
critical("No trusted key for trace start '%s'", domaintrace?domaintrace:".");
}
if (mp_verbose >= 2) {
printf("--[ Trusted keys used ]-------------------------------------\n");
ldns_rr_list_sort(rrl_valid_keys);
ldns_rr_list_print(stdout, rrl_valid_keys);
printf("------------------------------------------------------------\n");
}
/* create a new resolver with dns_server or server from /etc/resolv.conf */
res = createResolver(hostname);
if (!res) {
ldns_rdf_deep_free(rd_domain);
ldns_rdf_deep_free(rd_trace);
ldns_rr_list_deep_free(rrl_valid_keys);
unknown("Creating resolver failed.");
}
resolverEnableDnssec(res);
ldns_resolver_set_dnssec_anchors(res, rrl_valid_keys);
/* check domain exists */
pkt = mp_ldns_resolver_query(res, rd_domain, LDNS_RR_TYPE_SOA,
LDNS_RR_CLASS_IN, LDNS_RD);
if (pkt == NULL || ldns_pkt_get_rcode(pkt) != LDNS_RCODE_NOERROR) {
ldns_rdf_deep_free(rd_domain);
ldns_rdf_deep_free(rd_trace);
ldns_resolver_deep_free(res);
if (pkt && ldns_pkt_get_rcode(pkt) == LDNS_RCODE_NXDOMAIN) {
ldns_pkt_free(pkt);
critical("Domain '%s' don't exist.", domainname);
}
ldns_pkt_free(pkt);
critical("Unable to get SOA for %s.", domainname);
}
rrl_domain_soa = ldns_pkt_rr_list_by_name_and_type(pkt, rd_domain,
LDNS_RR_TYPE_SOA,
LDNS_SECTION_ANSWER);
if (rrl_domain_soa == NULL || ldns_rr_list_rr_count(rrl_domain_soa) == 0) {
ldns_rdf_deep_free(rd_domain);
ldns_rdf_deep_free(rd_trace);
ldns_resolver_deep_free(res);
ldns_pkt_free(pkt);
critical("Domain '%s' not found.", domainname);
}
rrl_domain_soa_rrsig = ldns_dnssec_pkt_get_rrsigs_for_name_and_type(pkt,
rd_domain, LDNS_RR_TYPE_SOA);
if (rrl_domain_soa_rrsig == NULL ||
ldns_rr_list_rr_count(rrl_domain_soa_rrsig) == 0) {
free(domaintrace);
ldns_rdf_deep_free(rd_domain);
ldns_rdf_deep_free(rd_trace);
ldns_resolver_deep_free(res);
ldns_pkt_free(pkt);
ldns_rr_list_deep_free(rrl_domain_soa);
critical("Domain '%s' not signed.", domainname);
}
ldns_pkt_free(pkt);
pkt = ldns_resolver_query(res, rd_domain, LDNS_RR_TYPE_NS,
LDNS_RR_CLASS_IN, LDNS_RD);
rrl_domain_ns = ldns_pkt_rr_list_by_name_and_type(pkt, rd_domain,
LDNS_RR_TYPE_NS,
LDNS_SECTION_ANSWER);
rrl_domain_ns_rrsig = ldns_dnssec_pkt_get_rrsigs_for_name_and_type(pkt,
rd_domain,
LDNS_RR_TYPE_NS);
ldns_pkt_free(pkt);
if (mp_verbose >= 2) {
printf("--[ Checked Domain ]----------------------------------------\n");
ldns_rr_list_print(stdout, rrl_domain_soa);
printf("------------------------------------------------------------\n");
ldns_rr_list_print(stdout, rrl_domain_soa_rrsig);
printf("------------------------------------------------------------\n");
ldns_rr_list_print(stdout, rrl_domain_ns);
printf("------------------------------------------------------------\n");
ldns_rr_list_print(stdout, rrl_domain_ns_rrsig);
printf("------------------------------------------------------------\n");
}
/* create a new resolver with dns_server or server from /etc/resolv.conf */
ldns_resolver_free(res);
res = createResolver(resolver);
if (!res) {
ldns_rdf_deep_free(rd_domain);
ldns_rdf_deep_free(rd_trace);
ldns_rr_list_deep_free(rrl_valid_keys);
unknown("Creating resolver failed.");
}
resolverEnableDnssec(res);
ldns_resolver_set_dnssec_anchors(res, rrl_valid_keys);
/* Fetch valid keys from top down */
i = ldns_dname_label_count(rd_domain) - ldns_dname_label_count(rd_trace);
for (; i>=0; i--) {
rd_cdomain = ldns_dname_clone_from(rd_domain, i);
if (mp_verbose) {
char *str = ldns_rdf2str(rd_cdomain);
printf("Trace: %s\n", str);
free(str);
}
rrl = ldns_fetch_valid_domain_keys(res, rd_cdomain, rrl_valid_keys, &status);
if (mp_verbose >= 2) {
printf("--[ Valid Keys ]----------------------------------------\n");
ldns_rr_list_sort(rrl);
ldns_rr_list_print(stdout, rrl);
printf("------------------------------------------------------------\n");
}
ldns_rr_list_cat(rrl_valid_keys, rrl);
ldns_rr_list_free(rrl);
ldns_rdf_deep_free(rd_cdomain);
}
ldns_rdf_deep_free(rd_trace);
ldns_rdf_deep_free(rd_domain);
/* Validate SOA */
for(i = 0; i < ldns_rr_list_rr_count(rrl_domain_soa_rrsig); i++) {
rr = ldns_rr_list_rr(rrl_domain_soa_rrsig, i);
status = ldns_verify_rrsig_keylist(rrl_domain_soa, rr, rrl_valid_keys, NULL);
if (status == LDNS_STATUS_OK)
soa_valid++;
else if (mp_verbose > 0)
fprintf(stderr, "ldns_verify_rrsig_keylist SOA failed: %s\n",
ldns_get_errorstr_by_id(status));
}
ldns_rr_list_deep_free(rrl_domain_soa);
ldns_rr_list_deep_free(rrl_domain_soa_rrsig);
if (soa_valid == 0) {
critical("No valid Signatur for SOA of '%s'", domainname);
free(domainname);
free(domaintrace);
ldns_resolver_deep_free(res);
ldns_rr_list_deep_free(rrl_domain_ns);
ldns_rr_list_deep_free(rrl_domain_ns_rrsig);
return checkState;
}
/* Validate NS */
for(i = 0; i < ldns_rr_list_rr_count(rrl_domain_ns_rrsig); i++) {
rr = ldns_rr_list_rr(rrl_domain_ns_rrsig, i);
status = ldns_verify_rrsig_keylist(rrl_domain_ns, rr, rrl_valid_keys, NULL);
if (status == LDNS_STATUS_OK)
ns_valid++;
else if (mp_verbose > 0)
fprintf(stderr, "ldns_verify_rrsig_keylist NS failed: %s\n",
ldns_get_errorstr_by_id(status));
}
ldns_rr_list_deep_free(rrl_domain_ns);
ldns_rr_list_deep_free(rrl_domain_ns_rrsig);
ldns_resolver_deep_free(res);
if (ns_valid == 0) {
critical("No valid Signatur for NS of '%s'", domainname);
free(domainname);
free(domaintrace);
return checkState;
}
ok("Trust for '%s' successfull traces from '%s'", domainname,
domaintrace);
free(domainname);
free(domaintrace);
return checkState;
}
/**
* Create a new zone.
*
*/
zone_type*
zone_create(char* name, ldns_rr_class klass)
{
allocator_type* allocator = NULL;
zone_type* zone = NULL;
if (!name || !klass) {
return NULL;
}
allocator = allocator_create(malloc, free);
if (!allocator) {
ods_log_error("[%s] unable to create zone %s: allocator_create() "
"failed", zone_str, name);
return NULL;
}
zone = (zone_type*) allocator_alloc(allocator, sizeof(zone_type));
if (!zone) {
ods_log_error("[%s] unable to create zone %s: allocator_alloc()",
"failed", zone_str, name);
allocator_cleanup(allocator);
return NULL;
}
zone->allocator = allocator;
/* [start] PS 9218653: Drop trailing dot in domain name */
if (strlen(name) > 1 && name[strlen(name)-1] == '.') {
name[strlen(name)-1] = '\0';
}
/* [end] PS 9218653 */
zone->name = allocator_strdup(allocator, name);
if (!zone->name) {
ods_log_error("[%s] unable to create zone %s: allocator_strdup() "
"failed", zone_str, name);
zone_cleanup(zone);
return NULL;
}
zone->klass = klass;
zone->default_ttl = 3600; /* TODO: configure --default-ttl option? */
zone->apex = ldns_dname_new_frm_str(name);
/* check zone->apex? */
zone->notify_command = NULL;
zone->notify_ns = NULL;
zone->notify_args = NULL;
zone->policy_name = NULL;
zone->signconf_filename = NULL;
zone->adinbound = NULL;
zone->adoutbound = NULL;
zone->zl_status = ZONE_ZL_OK;
zone->task = NULL;
zone->xfrd = NULL;
zone->notify = NULL;
zone->db = namedb_create((void*)zone);
if (!zone->db) {
ods_log_error("[%s] unable to create zone %s: namedb_create() "
"failed", zone_str, name);
zone_cleanup(zone);
return NULL;
}
zone->ixfr = ixfr_create((void*)zone);
if (!zone->ixfr) {
ods_log_error("[%s] unable to create zone %s: ixfr_create() "
"failed", zone_str, name);
zone_cleanup(zone);
return NULL;
}
zone->signconf = signconf_create();
if (!zone->signconf) {
ods_log_error("[%s] unable to create zone %s: signconf_create() "
"failed", zone_str, name);
zone_cleanup(zone);
return NULL;
}
zone->stats = stats_create();
lock_basic_init(&zone->zone_lock);
lock_basic_init(&zone->xfr_lock);
return zone;
}
int main (int argc, char **argv) {
/* Local Vars */
char *out = NULL;
ldns_resolver *res;
ldns_rdf *domain;
ldns_rdf *host;
ldns_rdf *example;
ldns_pkt *pkt;
ldns_rr *rr;
ldns_status status;
/* Set signal handling and alarm */
if (signal(SIGALRM, timeout_alarm_handler) == SIG_ERR)
critical("Setup SIGALRM trap failed!");
/* Process check arguments */
if (process_arguments(argc, argv) != OK)
unknown("Parsing arguments failed!");
/* Start plugin timeout */
alarm(mp_timeout);
// Create DNAME from domainname
domain = ldns_dname_new_frm_str(domainname);
if (!domain)
usage("Invalid domainname '%s'", domainname);
// Create rdf from hostaddr
host = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_A, hostname);
#ifdef USE_IPV6
if (!host)
host = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_AAAA, hostname);
#endif
if (!host) {
ldns_rdf_deep_free(domain);
usage("Invalid hostname '%s'", hostname);
}
// Create DNAME from example.com
example = ldns_dname_new_frm_str("exmple.com");
if (!example)
usage("Invalid domainname 'example.com'");
// Create resolver
res = ldns_resolver_new();
if (!res) {
ldns_rdf_deep_free(domain);
ldns_rdf_deep_free(host);
unknown("Create resolver failed.");
}
// Add ns to resolver
status = ldns_resolver_push_nameserver(res, host);
if (status != LDNS_STATUS_OK) {
ldns_rdf_deep_free(domain);
ldns_rdf_deep_free(host);
ldns_resolver_deep_free(res);
unknown("Adding %s as NS fails.", domainname);
}
if (udp) {
// Disable TCP
ldns_resolver_set_usevc(res, 0);
// Fetch SOA
pkt = mp_ldns_resolver_query(res, domain, LDNS_RR_TYPE_SOA,
LDNS_RR_CLASS_IN, 0);
if (pkt == NULL || ldns_pkt_get_rcode(pkt) != LDNS_RCODE_NOERROR) {
mp_strcat_comma(&out, "No UDP Answer");
} else if (ldns_pkt_aa(pkt) == 0) {
mp_strcat_comma(&out, "Non Authoritative UDP Answer");
}
if (mp_verbose > 2) {
printf("[ SOA Answer ]----------\n");
ldns_pkt_print(stdout,pkt);
}
ldns_pkt_free(pkt);
if (recursion) {
// Fetch example.com SOA
ldns_resolver_set_recursive(res, TRUE);
pkt = mp_ldns_resolver_query(res, example, LDNS_RR_TYPE_SOA,
LDNS_RR_CLASS_IN, LDNS_RD);
ldns_resolver_set_recursive(res, FALSE);
if (pkt && (ldns_pkt_get_rcode(pkt) != LDNS_RCODE_REFUSED &&
ldns_pkt_get_rcode(pkt) != LDNS_RCODE_SERVFAIL)) {
mp_strcat_comma(&out, "Recursive UDP Answer");
}
if (mp_verbose > 2) {
printf("[ SOA Answer ]----------\n");
ldns_pkt_print(stdout,pkt);
}
ldns_pkt_free(pkt);
}
}
if (tcp) {
// Enable TCP
ldns_resolver_set_usevc(res, 1);
// Fetch SOA
pkt = mp_ldns_resolver_query(res, domain, LDNS_RR_TYPE_SOA,
LDNS_RR_CLASS_IN, 0);
if (pkt == NULL || ldns_pkt_get_rcode(pkt) != LDNS_RCODE_NOERROR) {
mp_strcat_comma(&out, "No TCP Answer");
} else if (ldns_pkt_aa(pkt) == 0) {
mp_strcat_comma(&out, "Non Authoritative TCP Answer");
}
if (mp_verbose > 2) {
printf("[ SOA Answer ]----------\n");
ldns_pkt_print(stdout,pkt);
}
ldns_pkt_free(pkt);
if (recursion) {
// Fetch example.com SOA
ldns_resolver_set_recursive(res, TRUE);
pkt = mp_ldns_resolver_query(res, example, LDNS_RR_TYPE_SOA,
LDNS_RR_CLASS_IN, LDNS_RD);
ldns_resolver_set_recursive(res, FALSE);
if (pkt && (ldns_pkt_get_rcode(pkt) != LDNS_RCODE_REFUSED &&
ldns_pkt_get_rcode(pkt) != LDNS_RCODE_SERVFAIL)) {
mp_strcat_comma(&out, "Recursive TCP Answer");
}
if (mp_verbose > 2) {
printf("[ SOA Answer ]----------\n");
ldns_pkt_print(stdout,pkt);
}
ldns_pkt_free(pkt);
}
}
if (axfr) {
status = ldns_axfr_start(res, domain, LDNS_RR_CLASS_IN);
if (status == LDNS_STATUS_OK) {
rr = NULL;
rr = ldns_axfr_next(res);
if (rr) {
mp_strcat_comma(&out, "AXFR allowed.");
}
}
}
if (out)
critical("Authoritative DNS for %s: %s", domainname, out);
ok("Authoritative DNS for %s", domainname);
}
int
main(int argc, char **argv)
{
/* arguments */
int port;
int soa;
ldns_rdf *zone_name;
size_t count;
size_t maxcount;
/* network */
int sock;
ssize_t nb;
struct sockaddr addr_me;
struct sockaddr addr_him;
socklen_t hislen = sizeof(addr_him);
const char *my_address;
uint8_t inbuf[INBUF_SIZE];
uint8_t *outbuf;
/* dns */
ldns_status status;
ldns_pkt *query_pkt;
ldns_pkt *answer_pkt;
size_t answer_size;
ldns_rr *query_rr;
ldns_rr *rr;
char rr_string[MAX_LEN + 1];
ldns_rr *soa_rr;
char soa_string[MAX_LEN + 1];
/* use this to listen on specified interfaces later? */
my_address = NULL;
if(argc == 5) {
/* -# num given */
if (argv[1][0] == '-') {
maxcount = atoi(argv[1] + 1);
if (maxcount == 0) {
usage(stdout);
exit(EXIT_FAILURE);
} else {
fprintf(stderr, "quiting after %d qs\n", (int)maxcount);
}
} else {
fprintf(stderr, "Use -Number for max count\n");
exit(EXIT_FAILURE);
}
argc--;
argv++;
} else {
maxcount = 0;
}
if (argc != 4) {
usage(stdout);
exit(EXIT_FAILURE);
} else {
port = atoi(argv[1]);
if (port < 1) {
fprintf(stderr, "Use a number for the port\n");
usage(stdout);
exit(EXIT_FAILURE);
}
zone_name = ldns_dname_new_frm_str(argv[2]);
if (!zone_name) {
fprintf(stderr, "Illegal domain name: %s\n", argv[2]);
usage(stdout);
exit(EXIT_FAILURE);
}
soa = atoi(argv[3]);
if (soa < 1) {
fprintf(stderr, "Illegal soa number\n");
usage(stdout);
exit(EXIT_FAILURE);
}
}
printf("Listening on port %d\n", port);
sock = socket(AF_INET, SOCK_DGRAM, 0);
if (sock < 0) {
fprintf(stderr, "%s: socket(): %s\n", argv[0], strerror(errno));
exit(EXIT_FAILURE);
}
memset(&addr_me, 0, sizeof(addr_me));
/* bind: try all ports in that range */
if (udp_bind(sock, port, my_address)) {
fprintf(stderr, "%s: cannot bind(): %s\n", argv[0], strerror(errno));
}
/* create our ixfr answer */
answer_pkt = ldns_pkt_new();
snprintf(rr_string, MAX_LEN, "%s IN IXFR", argv[2]);
(void)ldns_rr_new_frm_str(&rr, rr_string , 0, NULL, NULL);
(void)ldns_pkt_push_rr(answer_pkt, LDNS_SECTION_QUESTION, rr);
/* next add some rrs, with SOA stuff so that we mimic or ixfr reply */
snprintf(soa_string, MAX_LEN, "%s IN SOA miek.miek.nl elektron.atoom.net %d 1 2 3000 4",
argv[2], soa);
(void)ldns_rr_new_frm_str(&soa_rr, soa_string, 0, NULL, NULL);
snprintf(rr_string, MAX_LEN, "%s IN A 127.0.0.1", argv[2]);
(void)ldns_rr_new_frm_str(&rr, rr_string , 0, NULL, NULL);
/* compose the ixfr pkt */
(void)ldns_pkt_push_rr(answer_pkt, LDNS_SECTION_ANSWER, soa_rr);
(void)ldns_pkt_push_rr(answer_pkt, LDNS_SECTION_ANSWER, rr);
(void)ldns_pkt_push_rr(answer_pkt, LDNS_SECTION_ANSWER, soa_rr);
/* Done. Now receive */
count = 0;
while (1) {
nb = recvfrom(sock, inbuf, INBUF_SIZE, 0, &addr_him, &hislen);
if (nb < 1) {
fprintf(stderr, "%s: recvfrom(): %s\n",
argv[0], strerror(errno));
exit(EXIT_FAILURE);
}
printf("Got query of %d bytes\n", (int)nb);
status = ldns_wire2pkt(&query_pkt, inbuf, nb);
if (status != LDNS_STATUS_OK) {
printf("Got bad packet: %s\n", ldns_get_errorstr_by_id(status));
continue;
}
query_rr = ldns_rr_list_rr(ldns_pkt_question(query_pkt), 0);
printf("%d QUERY RR +%d: \n", (int)++count, ldns_pkt_id(query_pkt));
ldns_rr_print(stdout, query_rr);
ldns_pkt_set_id(answer_pkt, ldns_pkt_id(query_pkt));
status = ldns_pkt2wire(&outbuf, answer_pkt, &answer_size);
printf("Answer packet size: %u bytes.\n", (unsigned int) answer_size);
if (status != LDNS_STATUS_OK) {
printf("Error creating answer: %s\n", ldns_get_errorstr_by_id(status));
} else {
nb = (size_t) sendto(sock, outbuf, answer_size, 0, &addr_him, hislen);
}
if (maxcount > 0 && count >= maxcount) {
fprintf(stderr, "%d queries seen... goodbye\n", (int)count);
exit(EXIT_SUCCESS);
}
}
return 0;
}
/*
* Parses data buffer to a query, finds the correct answer
* and calls the given function for every packet to send.
*/
void
handle_query(uint8_t* inbuf, ssize_t inlen, struct entry* entries, int* count,
enum transport_type transport, void (*sendfunc)(uint8_t*, size_t, void*),
void* userdata, FILE* verbose_out)
{
ldns_status status;
ldns_pkt *query_pkt = NULL;
ldns_pkt *answer_pkt = NULL;
struct reply_packet *p;
ldns_rr *query_rr = NULL;
uint8_t *outbuf = NULL;
size_t answer_size = 0;
struct entry* entry = NULL;
ldns_rdf *stop_command = ldns_dname_new_frm_str("server.stop.");
status = ldns_wire2pkt(&query_pkt, inbuf, (size_t)inlen);
if (status != LDNS_STATUS_OK) {
verbose(1, "Got bad packet: %s\n", ldns_get_errorstr_by_id(status));
ldns_rdf_free(stop_command);
return;
}
query_rr = ldns_rr_list_rr(ldns_pkt_question(query_pkt), 0);
verbose(1, "query %d: id %d: %s %d bytes: ", ++(*count), (int)ldns_pkt_id(query_pkt),
(transport==transport_tcp)?"TCP":"UDP", (int)inlen);
if(verbose_out) ldns_rr_print(verbose_out, query_rr);
if(verbose_out) ldns_pkt_print(verbose_out, query_pkt);
if (ldns_rr_get_type(query_rr) == LDNS_RR_TYPE_TXT &&
ldns_rr_get_class(query_rr) == LDNS_RR_CLASS_CH &&
ldns_dname_compare(ldns_rr_owner(query_rr), stop_command) == 0) {
exit(0);
}
/* fill up answer packet */
entry = find_match(entries, query_pkt, transport);
if(!entry || !entry->reply_list) {
verbose(1, "no answer packet for this query, no reply.\n");
ldns_pkt_free(query_pkt);
ldns_rdf_free(stop_command);
return;
}
for(p = entry->reply_list; p; p = p->next)
{
verbose(3, "Answer pkt:\n");
if (p->reply_from_hex) {
/* try to parse the hex packet, if it can be
* parsed, we can use adjust rules. if not,
* send packet literally */
status = ldns_buffer2pkt_wire(&answer_pkt, p->reply_from_hex);
if (status == LDNS_STATUS_OK) {
adjust_packet(entry, answer_pkt, query_pkt);
if(verbose_out) ldns_pkt_print(verbose_out, answer_pkt);
status = ldns_pkt2wire(&outbuf, answer_pkt, &answer_size);
verbose(2, "Answer packet size: %u bytes.\n", (unsigned int)answer_size);
if (status != LDNS_STATUS_OK) {
verbose(1, "Error creating answer: %s\n", ldns_get_errorstr_by_id(status));
ldns_pkt_free(query_pkt);
ldns_rdf_free(stop_command);
return;
}
ldns_pkt_free(answer_pkt);
answer_pkt = NULL;
} else {
verbose(3, "Could not parse hex data (%s), sending hex data directly.\n", ldns_get_errorstr_by_id(status));
/* still try to adjust ID */
answer_size = ldns_buffer_capacity(p->reply_from_hex);
outbuf = LDNS_XMALLOC(uint8_t, answer_size);
memcpy(outbuf, ldns_buffer_export(p->reply_from_hex), answer_size);
if(entry->copy_id) {
ldns_write_uint16(outbuf,
ldns_pkt_id(query_pkt));
}
}
} else {
answer_pkt = ldns_pkt_clone(p->reply);
adjust_packet(entry, answer_pkt, query_pkt);
if(verbose_out) ldns_pkt_print(verbose_out, answer_pkt);
status = ldns_pkt2wire(&outbuf, answer_pkt, &answer_size);
verbose(1, "Answer packet size: %u bytes.\n", (unsigned int)answer_size);
if (status != LDNS_STATUS_OK) {
verbose(1, "Error creating answer: %s\n", ldns_get_errorstr_by_id(status));
ldns_pkt_free(query_pkt);
ldns_rdf_free(stop_command);
return;
}
ldns_pkt_free(answer_pkt);
answer_pkt = NULL;
}
if(p->packet_sleep) {
verbose(3, "sleeping for next packet %d secs\n",
p->packet_sleep);
#ifdef HAVE_SLEEP
sleep(p->packet_sleep);
#else
Sleep(p->packet_sleep * 1000);
#endif
verbose(3, "wakeup for next packet "
"(slept %d secs)\n", p->packet_sleep);
}
sendfunc(outbuf, answer_size, userdata);
LDNS_FREE(outbuf);
outbuf = NULL;
answer_size = 0;
}
ldns_pkt_free(query_pkt);
ldns_rdf_free(stop_command);
}
int
main(int argc, char **argv)
{
int c;
int i;
/* LDNS types */
ldns_pkt *notify;
ldns_rr *question;
ldns_resolver *res;
ldns_rdf *ldns_zone_name = NULL;
ldns_status status;
const char *zone_name = NULL;
int include_soa = 0;
uint32_t soa_version = 0;
ldns_tsig_credentials tsig_cred = {0,0,0};
int do_hexdump = 1;
uint8_t *wire = NULL;
size_t wiresize = 0;
char *port = "53";
srandom(time(NULL) ^ getpid());
while ((c = getopt(argc, argv, "vhdp:r:s:y:z:")) != -1) {
switch (c) {
case 'd':
verbose++;
break;
case 'p':
port = optarg;
break;
case 'r':
max_num_retry = atoi(optarg);
break;
case 's':
include_soa = 1;
soa_version = (uint32_t)atoi(optarg);
break;
case 'y':
tsig_cred.algorithm = "hmac-md5.sig-alg.reg.int.";
tsig_cred.keyname = optarg;
tsig_cred.keydata = strchr(optarg, ':');
*tsig_cred.keydata = '\0';
tsig_cred.keydata++;
printf("Sign with %s : %s\n", tsig_cred.keyname,
tsig_cred.keydata);
break;
case 'z':
zone_name = optarg;
ldns_zone_name = ldns_dname_new_frm_str(zone_name);
if(!ldns_zone_name) {
printf("cannot parse zone name: %s\n",
zone_name);
exit(1);
}
break;
case 'v':
version();
case 'h':
case '?':
default:
usage();
}
}
argc -= optind;
argv += optind;
if (argc == 0 || zone_name == NULL) {
usage();
}
notify = ldns_pkt_new();
question = ldns_rr_new();
res = ldns_resolver_new();
if (!notify || !question || !res) {
/* bail out */
printf("error: cannot create ldns types\n");
exit(1);
}
/* create the rr for inside the pkt */
ldns_rr_set_class(question, LDNS_RR_CLASS_IN);
ldns_rr_set_owner(question, ldns_zone_name);
ldns_rr_set_type(question, LDNS_RR_TYPE_SOA);
ldns_pkt_set_opcode(notify, LDNS_PACKET_NOTIFY);
ldns_pkt_push_rr(notify, LDNS_SECTION_QUESTION, question);
ldns_pkt_set_aa(notify, true);
ldns_pkt_set_id(notify, random()&0xffff);
if(include_soa) {
char buf[10240];
ldns_rr *soa_rr=NULL;
ldns_rdf *prev=NULL;
snprintf(buf, sizeof(buf), "%s 3600 IN SOA . . %u 0 0 0 0",
zone_name, (unsigned)soa_version);
/*printf("Adding soa %s\n", buf);*/
status = ldns_rr_new_frm_str(&soa_rr, buf, 3600, NULL, &prev);
if(status != LDNS_STATUS_OK) {
printf("Error adding SOA version: %s\n",
ldns_get_errorstr_by_id(status));
}
ldns_pkt_push_rr(notify, LDNS_SECTION_ANSWER, soa_rr);
}
if(tsig_cred.keyname) {
#ifdef HAVE_SSL
status = ldns_pkt_tsig_sign(notify, tsig_cred.keyname,
tsig_cred.keydata, 300, tsig_cred.algorithm,
NULL);
if(status != LDNS_STATUS_OK) {
printf("Error TSIG sign query: %s\n",
ldns_get_errorstr_by_id(status));
}
#else
fprintf(stderr, "Warning: TSIG needs OpenSSL support, which has not been compiled in, TSIG skipped\n");
#endif
}
if(verbose) {
printf("# Sending packet:\n");
ldns_pkt_print(stdout, notify);
}
status = ldns_pkt2wire(&wire, notify, &wiresize);
if(wiresize == 0) {
printf("Error converting notify packet to hex.\n");
exit(1);
}
if(do_hexdump && verbose > 1) {
printf("Hexdump of notify packet:\n");
for(i=0; i<(int)wiresize; i++)
printf("%02x", (unsigned)wire[i]);
printf("\n");
}
for(i=0; i<argc; i++)
{
struct addrinfo hints, *res0, *res;
int error;
int default_family = AF_INET;
if(verbose)
printf("# sending to %s\n", argv[i]);
memset(&hints, 0, sizeof(hints));
hints.ai_family = default_family;
hints.ai_socktype = SOCK_DGRAM;
hints.ai_protocol = IPPROTO_UDP;
error = getaddrinfo(argv[i], port, &hints, &res0);
if (error) {
printf("skipping bad address: %s: %s\n", argv[i],
gai_strerror(error));
continue;
}
for (res = res0; res; res = res->ai_next) {
int s = socket(res->ai_family, res->ai_socktype,
res->ai_protocol);
if(s == -1)
continue;
/* send the notify */
notify_host(s, res, wire, wiresize, argv[i]);
}
freeaddrinfo(res0);
}
ldns_pkt_free(notify);
free(wire);
return 0;
}
int
main(int argc, char *argv[])
{
ldns_resolver *res;
ldns_rdf *domain;
ldns_pkt *p;
ldns_rr_list *mx;
ldns_status s;
p = NULL;
mx = NULL;
domain = NULL;
res = NULL;
if (argc != 2) {
usage(stdout, argv[0]);
exit(EXIT_FAILURE);
} else {
/* create a rdf from the command line arg */
domain = ldns_dname_new_frm_str(argv[1]);
if (!domain) {
usage(stdout, argv[0]);
exit(EXIT_FAILURE);
}
}
/* create a new resolver from /etc/resolv.conf */
s = ldns_resolver_new_frm_file(&res, NULL);
if (s != LDNS_STATUS_OK) {
exit(EXIT_FAILURE);
}
/* use the resolver to send a query for the mx
* records of the domain given on the command line
*/
std::clock_t start;
start = std::clock();
p = ldns_resolver_query(res,
domain,
LDNS_RR_TYPE_MX,
LDNS_RR_CLASS_IN,
LDNS_RD);
if(!p)
std::cout << "no packet is generated" << std::endl;
else{
std::clock_t current;
current = std::clock();
double latency = (current-start)*1000.0/CLOCKS_PER_SEC;
std::cout <<"Qurey sent to " << domain << ", latency is " << latency << " ms." <<std::endl;
}
ldns_rdf_deep_free(domain);
//if (!p) {
// exit(EXIT_FAILURE);
//} else {
// /* retrieve the MX records from the answer section of that
// * packet
// */
// mx = ldns_pkt_rr_list_by_type(p,
// LDNS_RR_TYPE_MX,
// LDNS_SECTION_ANSWER);
// if (!mx) {
// fprintf(stderr,
// " *** invalid answer name %s after MX query for %s\n",
// argv[1], argv[1]);
// ldns_pkt_free(p);
// ldns_resolver_deep_free(res);
// exit(EXIT_FAILURE);
// } else {
// ldns_rr_list_sort(mx);
// ldns_rr_list_print(stdout, mx);
// ldns_rr_list_deep_free(mx);
// }
//}
ldns_pkt_free(p);
ldns_resolver_deep_free(res);
return 0;
}
int
getrrsetbyname(const char *hostname, unsigned int rdclass,
unsigned int rdtype, unsigned int flags,
struct rrsetinfo **res)
{
int result;
unsigned int i, j, index_ans, index_sig;
struct rrsetinfo *rrset = NULL;
struct rdatainfo *rdata;
size_t len;
ldns_resolver *ldns_res;
ldns_rdf *domain = NULL;
ldns_pkt *pkt = NULL;
ldns_rr_list *rrsigs = NULL, *rrdata = NULL;
ldns_status err;
ldns_rr *rr;
/* check for invalid class and type */
if (rdclass > 0xffff || rdtype > 0xffff) {
result = ERRSET_INVAL;
goto fail;
}
/* don't allow queries of class or type ANY */
if (rdclass == 0xff || rdtype == 0xff) {
result = ERRSET_INVAL;
goto fail;
}
/* don't allow flags yet, unimplemented */
if (flags) {
result = ERRSET_INVAL;
goto fail;
}
/* Initialize resolver from resolv.conf */
domain = ldns_dname_new_frm_str(hostname);
if ((err = ldns_resolver_new_frm_file(&ldns_res, NULL)) != \
LDNS_STATUS_OK) {
result = ERRSET_FAIL;
goto fail;
}
#ifdef LDNS_DEBUG
ldns_resolver_set_debug(ldns_res, true);
#endif /* LDNS_DEBUG */
ldns_resolver_set_dnssec(ldns_res, true); /* Use DNSSEC */
/* make query */
pkt = ldns_resolver_query(ldns_res, domain, rdtype, rdclass, LDNS_RD);
/*** TODO: finer errcodes -- see original **/
if (!pkt || ldns_pkt_ancount(pkt) < 1) {
result = ERRSET_FAIL;
goto fail;
}
/* initialize rrset */
rrset = calloc(1, sizeof(struct rrsetinfo));
if (rrset == NULL) {
result = ERRSET_NOMEMORY;
goto fail;
}
rrdata = ldns_pkt_rr_list_by_type(pkt, rdtype, LDNS_SECTION_ANSWER);
rrset->rri_nrdatas = ldns_rr_list_rr_count(rrdata);
if (!rrset->rri_nrdatas) {
result = ERRSET_NODATA;
goto fail;
}
/* copy name from answer section */
len = ldns_rdf_size(ldns_rr_owner(ldns_rr_list_rr(rrdata, 0)));
if ((rrset->rri_name = malloc(len)) == NULL) {
result = ERRSET_NOMEMORY;
goto fail;
}
memcpy(rrset->rri_name,
ldns_rdf_data(ldns_rr_owner(ldns_rr_list_rr(rrdata, 0))), len);
rrset->rri_rdclass = ldns_rr_get_class(ldns_rr_list_rr(rrdata, 0));
rrset->rri_rdtype = ldns_rr_get_type(ldns_rr_list_rr(rrdata, 0));
rrset->rri_ttl = ldns_rr_ttl(ldns_rr_list_rr(rrdata, 0));
debug2("ldns: got %u answers from DNS", rrset->rri_nrdatas);
/* Check for authenticated data */
if (ldns_pkt_ad(pkt)) {
rrset->rri_flags |= RRSET_VALIDATED;
} else { /* AD is not set, try autonomous validation */
ldns_rr_list * trusted_keys = ldns_rr_list_new();
debug2("ldns: trying to validate RRset");
/* Get eventual sigs */
rrsigs = ldns_pkt_rr_list_by_type(pkt, LDNS_RR_TYPE_RRSIG,
LDNS_SECTION_ANSWER);
rrset->rri_nsigs = ldns_rr_list_rr_count(rrsigs);
debug2("ldns: got %u signature(s) (RRTYPE %u) from DNS",
rrset->rri_nsigs, LDNS_RR_TYPE_RRSIG);
if ((err = ldns_verify_trusted(ldns_res, rrdata, rrsigs,
trusted_keys)) == LDNS_STATUS_OK) {
rrset->rri_flags |= RRSET_VALIDATED;
debug2("ldns: RRset is signed with a valid key");
} else {
debug2("ldns: RRset validation failed: %s",
ldns_get_errorstr_by_id(err));
}
ldns_rr_list_deep_free(trusted_keys);
}
/* allocate memory for answers */
rrset->rri_rdatas = calloc(rrset->rri_nrdatas,
sizeof(struct rdatainfo));
if (rrset->rri_rdatas == NULL) {
result = ERRSET_NOMEMORY;
goto fail;
}
/* allocate memory for signatures */
if (rrset->rri_nsigs > 0) {
rrset->rri_sigs = calloc(rrset->rri_nsigs,
sizeof(struct rdatainfo));
if (rrset->rri_sigs == NULL) {
result = ERRSET_NOMEMORY;
goto fail;
}
}
/* copy answers & signatures */
for (i=0, index_ans=0, index_sig=0; i< pkt->_header->_ancount; i++) {
rdata = NULL;
rr = ldns_rr_list_rr(ldns_pkt_answer(pkt), i);
if (ldns_rr_get_class(rr) == rrset->rri_rdclass &&
ldns_rr_get_type(rr) == rrset->rri_rdtype) {
rdata = &rrset->rri_rdatas[index_ans++];
}
if (rr->_rr_class == rrset->rri_rdclass &&
rr->_rr_type == LDNS_RR_TYPE_RRSIG &&
rrset->rri_sigs) {
rdata = &rrset->rri_sigs[index_sig++];
}
if (rdata) {
size_t rdata_offset = 0;
rdata->rdi_length = 0;
for (j=0; j< rr->_rd_count; j++) {
rdata->rdi_length +=
ldns_rdf_size(ldns_rr_rdf(rr, j));
}
rdata->rdi_data = malloc(rdata->rdi_length);
if (rdata->rdi_data == NULL) {
result = ERRSET_NOMEMORY;
goto fail;
}
/* Re-create the raw DNS RDATA */
for (j=0; j< rr->_rd_count; j++) {
len = ldns_rdf_size(ldns_rr_rdf(rr, j));
memcpy(rdata->rdi_data + rdata_offset,
ldns_rdf_data(ldns_rr_rdf(rr, j)), len);
rdata_offset += len;
}
}
}
*res = rrset;
result = ERRSET_SUCCESS;
fail:
/* freerrset(rrset); */
ldns_rdf_deep_free(domain);
ldns_pkt_free(pkt);
ldns_rr_list_deep_free(rrsigs);
ldns_rr_list_deep_free(rrdata);
ldns_resolver_deep_free(ldns_res);
return result;
}
ldns_status
ldns_resolver_new_frm_fp_l(ldns_resolver **res, FILE *fp, int *line_nr)
{
ldns_resolver *r;
const char *keyword[LDNS_RESOLV_KEYWORDS];
char word[LDNS_MAX_LINELEN + 1];
int8_t expect;
uint8_t i;
ldns_rdf *tmp;
#ifdef HAVE_SSL
ldns_rr *tmp_rr;
#endif
ssize_t gtr, bgtr;
ldns_buffer *b;
int lnr = 0, oldline;
if(!line_nr) line_nr = &lnr;
/* do this better
* expect =
* 0: keyword
* 1: default domain dname
* 2: NS aaaa or a record
*/
/* recognized keywords */
keyword[LDNS_RESOLV_NAMESERVER] = "nameserver";
keyword[LDNS_RESOLV_DEFDOMAIN] = "domain";
keyword[LDNS_RESOLV_SEARCH] = "search";
/* these two are read but not used atm TODO */
keyword[LDNS_RESOLV_SORTLIST] = "sortlist";
keyword[LDNS_RESOLV_OPTIONS] = "options";
keyword[LDNS_RESOLV_ANCHOR] = "anchor";
expect = LDNS_RESOLV_KEYWORD;
r = ldns_resolver_new();
if (!r) {
return LDNS_STATUS_MEM_ERR;
}
gtr = 1;
word[0] = 0;
oldline = *line_nr;
expect = LDNS_RESOLV_KEYWORD;
while (gtr > 0) {
/* check comments */
if (word[0] == '#') {
word[0]='x';
if(oldline == *line_nr) {
/* skip until end of line */
int c;
do {
c = fgetc(fp);
} while(c != EOF && c != '\n');
if(c=='\n' && line_nr) (*line_nr)++;
}
/* and read next to prepare for further parsing */
oldline = *line_nr;
continue;
}
oldline = *line_nr;
switch(expect) {
case LDNS_RESOLV_KEYWORD:
/* keyword */
gtr = ldns_fget_token_l(fp, word, LDNS_PARSE_NORMAL, 0, line_nr);
if (gtr != 0) {
if(word[0] == '#') continue;
for(i = 0; i < LDNS_RESOLV_KEYWORDS; i++) {
if (strcasecmp(keyword[i], word) == 0) {
/* chosen the keyword and
* expect values carefully
*/
expect = i;
break;
}
}
/* no keyword recognized */
if (expect == LDNS_RESOLV_KEYWORD) {
/* skip line */
/*
ldns_resolver_deep_free(r);
return LDNS_STATUS_SYNTAX_KEYWORD_ERR;
*/
}
}
break;
case LDNS_RESOLV_DEFDOMAIN:
/* default domain dname */
gtr = ldns_fget_token_l(fp, word, LDNS_PARSE_NORMAL, 0, line_nr);
if (gtr == 0) {
return LDNS_STATUS_SYNTAX_MISSING_VALUE_ERR;
}
if(word[0] == '#') {
expect = LDNS_RESOLV_KEYWORD;
continue;
}
tmp = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_DNAME, word);
if (!tmp) {
ldns_resolver_deep_free(r);
return LDNS_STATUS_SYNTAX_DNAME_ERR;
}
/* DOn't free, because we copy the pointer */
ldns_resolver_set_domain(r, tmp);
expect = LDNS_RESOLV_KEYWORD;
break;
case LDNS_RESOLV_NAMESERVER:
/* NS aaaa or a record */
gtr = ldns_fget_token_l(fp, word, LDNS_PARSE_NORMAL, 0, line_nr);
if (gtr == 0) {
return LDNS_STATUS_SYNTAX_MISSING_VALUE_ERR;
}
if(word[0] == '#') {
expect = LDNS_RESOLV_KEYWORD;
continue;
}
if(strchr(word, '%')) {
/* snip off interface labels,
* fe80::222:19ff:fe31:4222%eth0 */
strchr(word, '%')[0]=0;
}
tmp = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_AAAA, word);
if (!tmp) {
/* try ip4 */
tmp = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_A, word);
}
/* could not parse it, exit */
if (!tmp) {
ldns_resolver_deep_free(r);
return LDNS_STATUS_SYNTAX_ERR;
}
(void)ldns_resolver_push_nameserver(r, tmp);
ldns_rdf_deep_free(tmp);
expect = LDNS_RESOLV_KEYWORD;
break;
case LDNS_RESOLV_SEARCH:
/* search list domain dname */
gtr = ldns_fget_token_l(fp, word, LDNS_PARSE_SKIP_SPACE, 0, line_nr);
b = LDNS_MALLOC(ldns_buffer);
if(!b) {
ldns_resolver_deep_free(r);
return LDNS_STATUS_MEM_ERR;
}
ldns_buffer_new_frm_data(b, word, (size_t) gtr);
if(ldns_buffer_status(b) != LDNS_STATUS_OK) {
LDNS_FREE(b);
ldns_resolver_deep_free(r);
return LDNS_STATUS_MEM_ERR;
}
bgtr = ldns_bget_token(b, word, LDNS_PARSE_NORMAL, (size_t) gtr + 1);
while (bgtr > 0) {
gtr -= bgtr;
if(word[0] == '#') {
expect = LDNS_RESOLV_KEYWORD;
ldns_buffer_free(b);
continue;
}
tmp = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_DNAME, word);
if (!tmp) {
ldns_resolver_deep_free(r);
ldns_buffer_free(b);
return LDNS_STATUS_SYNTAX_DNAME_ERR;
}
ldns_resolver_push_searchlist(r, tmp);
ldns_rdf_deep_free(tmp);
bgtr = ldns_bget_token(b, word, LDNS_PARSE_NORMAL,
(size_t) gtr + 1);
}
ldns_buffer_free(b);
gtr = 1;
expect = LDNS_RESOLV_KEYWORD;
break;
case LDNS_RESOLV_SORTLIST:
gtr = ldns_fget_token_l(fp, word, LDNS_PARSE_SKIP_SPACE, 0, line_nr);
/* sortlist not implemented atm */
expect = LDNS_RESOLV_KEYWORD;
break;
case LDNS_RESOLV_OPTIONS:
gtr = ldns_fget_token_l(fp, word, LDNS_PARSE_SKIP_SPACE, 0, line_nr);
/* options not implemented atm */
expect = LDNS_RESOLV_KEYWORD;
break;
case LDNS_RESOLV_ANCHOR:
/* a file containing a DNSSEC trust anchor */
gtr = ldns_fget_token_l(fp, word, LDNS_PARSE_NORMAL, 0, line_nr);
if (gtr == 0) {
ldns_resolver_deep_free(r);
return LDNS_STATUS_SYNTAX_MISSING_VALUE_ERR;
}
if(word[0] == '#') {
expect = LDNS_RESOLV_KEYWORD;
continue;
}
#ifdef HAVE_SSL
tmp_rr = ldns_read_anchor_file(word);
(void) ldns_resolver_push_dnssec_anchor(r, tmp_rr);
ldns_rr_free(tmp_rr);
#endif
expect = LDNS_RESOLV_KEYWORD;
break;
}
}
/* finally, add the root domain to the search list */
ldns_resolver_push_searchlist(r, ldns_dname_new_frm_str("."));
if (res) {
*res = r;
return LDNS_STATUS_OK;
} else {
ldns_resolver_deep_free(r);
return LDNS_STATUS_NULL;
}
}
int
main(int argc, char *argv[])
{
ldns_rdf *dname, *hashed_dname;
uint8_t nsec3_algorithm = 1;
size_t nsec3_iterations_cmd = 1;
uint16_t nsec3_iterations = 1;
uint8_t nsec3_salt_length = 0;
uint8_t *nsec3_salt = NULL;
char *prog = strdup(argv[0]);
int c;
while ((c = getopt(argc, argv, "a:s:t:")) != -1) {
switch (c) {
case 'a':
nsec3_algorithm = (uint8_t) atoi(optarg);
break;
case 's':
if (strlen(optarg) % 2 != 0) {
fprintf(stderr, "Salt value is not valid hex data, not a multiple of 2 characters\n");
exit(EXIT_FAILURE);
}
if (strlen(optarg) > 512) {
fprintf(stderr, "Salt too long\n");
exit(EXIT_FAILURE);
}
nsec3_salt_length = (uint8_t) (strlen(optarg) / 2);
nsec3_salt = LDNS_XMALLOC(uint8_t, nsec3_salt_length);
for (c = 0; c < (int) strlen(optarg); c += 2) {
if (isxdigit((int) optarg[c]) && isxdigit((int) optarg[c+1])) {
nsec3_salt[c/2] = (uint8_t) ldns_hexdigit_to_int(optarg[c]) * 16 +
ldns_hexdigit_to_int(optarg[c+1]);
} else {
fprintf(stderr, "Salt value is not valid hex data.\n");
exit(EXIT_FAILURE);
}
}
break;
case 't':
nsec3_iterations_cmd = (size_t) atol(optarg);
if (nsec3_iterations_cmd > LDNS_NSEC3_MAX_ITERATIONS) {
fprintf(stderr, "Iterations count can not exceed %u, quitting\n", LDNS_NSEC3_MAX_ITERATIONS);
exit(EXIT_FAILURE);
}
nsec3_iterations = (uint16_t) nsec3_iterations_cmd;
break;
default:
usage(stderr, prog);
exit(EXIT_SUCCESS);
}
}
argc -= optind;
argv += optind;
if (argc < 1) {
printf("Error: not enough arguments\n");
usage(stdout, prog);
exit(EXIT_FAILURE);
} else {
dname = ldns_dname_new_frm_str(argv[0]);
if (!dname) {
fprintf(stderr,
"Error: unable to parse domain name\n");
return EXIT_FAILURE;
}
hashed_dname = ldns_nsec3_hash_name(dname,
nsec3_algorithm,
nsec3_iterations,
nsec3_salt_length,
nsec3_salt);
if (!hashed_dname) {
fprintf(stderr,
"Error creating NSEC3 hash\n");
return EXIT_FAILURE;
}
ldns_rdf_print(stdout, hashed_dname);
printf("\n");
ldns_rdf_deep_free(dname);
ldns_rdf_deep_free(hashed_dname);
}
if (nsec3_salt) {
free(nsec3_salt);
}
free(prog);
return EXIT_SUCCESS;
}
/* same naive method as in drill0.9
* We resolver _ALL_ the names, which is ofcourse not needed
* We _do_ use the local resolver to do that, so it still is
* fast, but it can be made to run much faster
*/
ldns_pkt *
do_trace(ldns_resolver *local_res, ldns_rdf *name, ldns_rr_type t,
ldns_rr_class c)
{
ldns_resolver *res;
ldns_pkt *p;
ldns_rr_list *new_nss_a;
ldns_rr_list *new_nss_aaaa;
ldns_rr_list *final_answer;
ldns_rr_list *new_nss;
ldns_rr_list *ns_addr;
uint16_t loop_count;
ldns_rdf *pop;
ldns_status status;
size_t i;
loop_count = 0;
new_nss_a = NULL;
new_nss_aaaa = NULL;
new_nss = NULL;
ns_addr = NULL;
final_answer = NULL;
p = ldns_pkt_new();
res = ldns_resolver_new();
if (!p) {
if (res) {
ldns_resolver_free(res);
}
error("Memory allocation failed");
return NULL;
}
if (!res) {
ldns_pkt_free(p);
error("Memory allocation failed");
return NULL;
}
/* transfer some properties of local_res to res,
* because they were given on the commandline */
ldns_resolver_set_ip6(res,
ldns_resolver_ip6(local_res));
ldns_resolver_set_port(res,
ldns_resolver_port(local_res));
ldns_resolver_set_debug(res,
ldns_resolver_debug(local_res));
ldns_resolver_set_dnssec(res,
ldns_resolver_dnssec(local_res));
ldns_resolver_set_fail(res,
ldns_resolver_fail(local_res));
ldns_resolver_set_usevc(res,
ldns_resolver_usevc(local_res));
ldns_resolver_set_random(res,
ldns_resolver_random(local_res));
ldns_resolver_set_recursive(res, false);
/* setup the root nameserver in the new resolver */
status = ldns_resolver_push_nameserver_rr_list(res, global_dns_root);
if (status != LDNS_STATUS_OK) {
fprintf(stderr, "Error adding root servers to resolver: %s\n", ldns_get_errorstr_by_id(status));
ldns_rr_list_print(stdout, global_dns_root);
ldns_resolver_free(res);
ldns_pkt_free(p);
return NULL;
}
/* this must be a real query to local_res */
status = ldns_resolver_send(&p, res, ldns_dname_new_frm_str("."), LDNS_RR_TYPE_NS, c, 0);
/* p can still be NULL */
if (ldns_pkt_empty(p)) {
warning("No root server information received");
}
if (status == LDNS_STATUS_OK) {
if (!ldns_pkt_empty(p)) {
drill_pkt_print(stdout, local_res, p);
}
} else {
error("cannot use local resolver");
return NULL;
}
status = ldns_resolver_send(&p, res, name, t, c, 0);
while(status == LDNS_STATUS_OK &&
ldns_pkt_reply_type(p) == LDNS_PACKET_REFERRAL) {
if (!p) {
/* some error occurred, bail out */
return NULL;
}
new_nss_a = ldns_pkt_rr_list_by_type(p,
LDNS_RR_TYPE_A, LDNS_SECTION_ADDITIONAL);
new_nss_aaaa = ldns_pkt_rr_list_by_type(p,
LDNS_RR_TYPE_AAAA, LDNS_SECTION_ADDITIONAL);
new_nss = ldns_pkt_rr_list_by_type(p,
LDNS_RR_TYPE_NS, LDNS_SECTION_AUTHORITY);
if (verbosity != -1) {
ldns_rr_list_print(stdout, new_nss);
}
/* checks itself for verbosity */
drill_pkt_print_footer(stdout, local_res, p);
/* remove the old nameserver from the resolver */
while(ldns_resolver_pop_nameserver(res)) { /* do it */ }
/* also check for new_nss emptyness */
if (!new_nss_aaaa && !new_nss_a) {
/*
* no nameserver found!!!
* try to resolve the names we do got
*/
for(i = 0; i < ldns_rr_list_rr_count(new_nss); i++) {
/* get the name of the nameserver */
pop = ldns_rr_rdf(ldns_rr_list_rr(new_nss, i), 0);
if (!pop) {
break;
}
ldns_rr_list_print(stdout, new_nss);
ldns_rdf_print(stdout, pop);
/* retrieve it's addresses */
ns_addr = ldns_rr_list_cat_clone(ns_addr,
ldns_get_rr_list_addr_by_name(local_res, pop, c, 0));
}
if (ns_addr) {
if (ldns_resolver_push_nameserver_rr_list(res, ns_addr) !=
LDNS_STATUS_OK) {
error("Error adding new nameservers");
ldns_pkt_free(p);
return NULL;
}
ldns_rr_list_free(ns_addr);
} else {
ldns_rr_list_print(stdout, ns_addr);
error("Could not find the nameserver ip addr; abort");
ldns_pkt_free(p);
return NULL;
}
}
/* add the new ones */
if (new_nss_aaaa) {
if (ldns_resolver_push_nameserver_rr_list(res, new_nss_aaaa) !=
LDNS_STATUS_OK) {
error("adding new nameservers");
ldns_pkt_free(p);
return NULL;
}
}
if (new_nss_a) {
if (ldns_resolver_push_nameserver_rr_list(res, new_nss_a) !=
LDNS_STATUS_OK) {
error("adding new nameservers");
ldns_pkt_free(p);
return NULL;
}
}
if (loop_count++ > 20) {
/* unlikely that we are doing something usefull */
error("Looks like we are looping");
ldns_pkt_free(p);
return NULL;
}
status = ldns_resolver_send(&p, res, name, t, c, 0);
new_nss_aaaa = NULL;
new_nss_a = NULL;
ns_addr = NULL;
}
status = ldns_resolver_send(&p, res, name, t, c, 0);
if (!p) {
return NULL;
}
new_nss = ldns_pkt_authority(p);
final_answer = ldns_pkt_answer(p);
if (verbosity != -1) {
ldns_rr_list_print(stdout, final_answer);
ldns_rr_list_print(stdout, new_nss);
}
drill_pkt_print_footer(stdout, local_res, p);
ldns_pkt_free(p);
return NULL;
}
switch_status_t ldns_lookup(const char *number, const char *root, char *server_name[ENUM_MAXNAMESERVERS] , enum_record_t **results)
{
ldns_resolver *res = NULL;
ldns_rdf *domain = NULL;
ldns_pkt *p = NULL;
ldns_rr_list *naptr = NULL;
ldns_status s = LDNS_STATUS_ERR;
ldns_rdf *serv_rdf;
switch_status_t status = SWITCH_STATUS_FALSE;
char *name = NULL;
struct timeval to = { 0, 0};
int inameserver = 0;
int added_server = 0;
if (!(name = reverse_number(number, root))) {
switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_DEBUG, "Parse Error!\n");
goto end;
}
if (!(domain = ldns_dname_new_frm_str(name))) {
goto end;
}
if (server_name) {
res = ldns_resolver_new();
switch_assert(res);
for(inameserver=0; inameserver<ENUM_MAXNAMESERVERS; inameserver++) {
if ( server_name[inameserver] != NULL ) {
switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_DEBUG, "Adding Nameserver [%s]\n", server_name[inameserver]);
if ((serv_rdf = ldns_rdf_new_addr_frm_str( server_name[inameserver] ))) {
s = ldns_resolver_push_nameserver(res, serv_rdf);
ldns_rdf_deep_free(serv_rdf);
added_server = 1;
}
}
}
}
if (!added_server) {
switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_DEBUG, "No Nameservers specified, using host default\n");
/* create a new resolver from /etc/resolv.conf */
s = ldns_resolver_new_frm_file(&res, NULL);
}
if (s != LDNS_STATUS_OK) {
goto end;
}
to.tv_sec = globals.timeout / 1000;
to.tv_usec = (globals.timeout % 1000) * 1000;
ldns_resolver_set_timeout(res, to);
ldns_resolver_set_retry(res, (uint8_t)globals.retries);
ldns_resolver_set_random(res, globals.random);
if ((p = ldns_resolver_query(res,
domain,
LDNS_RR_TYPE_NAPTR,
LDNS_RR_CLASS_IN,
LDNS_RD))) {
/* retrieve the NAPTR records from the answer section of that
* packet
*/
if ((naptr = ldns_pkt_rr_list_by_type(p, LDNS_RR_TYPE_NAPTR, LDNS_SECTION_ANSWER))) {
size_t i;
ldns_rr_list_sort(naptr);
for (i = 0; i < ldns_rr_list_rr_count(naptr); i++) {
parse_naptr(ldns_rr_list_rr(naptr, i), number, results);
}
//ldns_rr_list_print(stdout, naptr);
ldns_rr_list_deep_free(naptr);
status = SWITCH_STATUS_SUCCESS;
}
}
end:
switch_safe_free(name);
if (domain) {
ldns_rdf_deep_free(domain);
}
if (p) {
ldns_pkt_free(p);
}
if (res) {
ldns_resolver_deep_free(res);
}
return status;
}
int
main(int argc, char *argv[])
{
ldns_resolver *res;
ldns_rdf *ns;
ldns_rdf *domain;
ldns_rr_list *l = NULL;
ldns_rr_list *dns_root = NULL;
const char *root_file = "/etc/named.root";
ldns_status status;
int i;
char *domain_str;
char *outputfile_str;
ldns_buffer *outputfile_buffer;
FILE *outputfile;
ldns_rr *k;
bool insecure = false;
ldns_pkt *pkt;
domain = NULL;
res = NULL;
if (argc < 2) {
usage(stdout, argv[0]);
exit(EXIT_FAILURE);
} else {
for (i = 1; i < argc; i++) {
if (strncmp("-4", argv[i], 3) == 0) {
if (address_family != 0) {
fprintf(stderr, "Options -4 and -6 cannot be specified at the same time\n");
exit(EXIT_FAILURE);
}
address_family = 1;
} else if (strncmp("-6", argv[i], 3) == 0) {
if (address_family != 0) {
fprintf(stderr, "Options -4 and -6 cannot be specified at the same time\n");
exit(EXIT_FAILURE);
}
address_family = 2;
} else if (strncmp("-h", argv[i], 3) == 0) {
usage(stdout, argv[0]);
exit(EXIT_SUCCESS);
} else if (strncmp("-i", argv[i], 2) == 0) {
insecure = true;
} else if (strncmp("-r", argv[i], 2) == 0) {
if (strlen(argv[i]) > 2) {
root_file = argv[i]+2;
} else if (i+1 >= argc) {
usage(stdout, argv[0]);
exit(EXIT_FAILURE);
} else {
root_file = argv[i+1];
i++;
}
} else if (strncmp("-s", argv[i], 3) == 0) {
store_in_file = true;
} else if (strncmp("-v", argv[i], 2) == 0) {
if (strlen(argv[i]) > 2) {
verbosity = atoi(argv[i]+2);
} else if (i+1 > argc) {
usage(stdout, argv[0]);
exit(EXIT_FAILURE);
} else {
verbosity = atoi(argv[i+1]);
i++;
}
} else {
/* create a rdf from the command line arg */
if (domain) {
fprintf(stdout, "You can only specify one domain at a time\n");
exit(EXIT_FAILURE);
}
domain = ldns_dname_new_frm_str(argv[i]);
}
}
if (!domain) {
usage(stdout, argv[0]);
exit(EXIT_FAILURE);
}
}
dns_root = read_root_hints(root_file);
if (!dns_root) {
fprintf(stderr, "cannot read the root hints file\n");
exit(EXIT_FAILURE);
}
/* create a new resolver from /etc/resolv.conf */
status = ldns_resolver_new_frm_file(&res, NULL);
if (status != LDNS_STATUS_OK) {
fprintf(stderr, "Warning: Unable to create stub resolver from /etc/resolv.conf:\n");
fprintf(stderr, "%s\n", ldns_get_errorstr_by_id(status));
fprintf(stderr, "defaulting to nameserver at 127.0.0.1 for separate nameserver name lookups\n");
res = ldns_resolver_new();
ns = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_A, "127.0.0.1");
status = ldns_resolver_push_nameserver(res, ns);
if (status != LDNS_STATUS_OK) {
fprintf(stderr, "Unable to create stub resolver: %s\n", ldns_get_errorstr_by_id(status));
exit(EXIT_FAILURE);
}
ldns_rdf_deep_free(ns);
}
ldns_resolver_set_ip6(res, address_family);
if (insecure) {
pkt = ldns_resolver_query(res, domain, LDNS_RR_TYPE_DNSKEY, LDNS_RR_CLASS_IN, LDNS_RD);
if (pkt) {
l = ldns_pkt_rr_list_by_type(pkt, LDNS_RR_TYPE_DNSKEY, LDNS_SECTION_ANY_NOQUESTION);
}
} else {
l = retrieve_dnskeys(res, domain, LDNS_RR_TYPE_DNSKEY, LDNS_RR_CLASS_IN, dns_root);
}
/* separator for result data and verbosity data */
if (verbosity > 0) {
fprintf(stdout, "; ---------------------------\n");
fprintf(stdout, "; Got the following keys:\n");
}
if (l) {
if (store_in_file) {
/* create filename:
* K<domain>.+<alg>.+<id>.key
*/
for (i = 0; (size_t) i < ldns_rr_list_rr_count(l); i++) {
k = ldns_rr_list_rr(l, (size_t) i);
outputfile_buffer = ldns_buffer_new(300);
domain_str = ldns_rdf2str(ldns_rr_owner(k));
ldns_buffer_printf(outputfile_buffer, "K%s+%03u+%05u.key", domain_str, ldns_rdf2native_int8(ldns_rr_rdf(k, 2)),
(unsigned int) ldns_calc_keytag(k));
outputfile_str = ldns_buffer_export(outputfile_buffer);
if (verbosity >= 1) {
fprintf(stdout, "Writing key to file %s\n", outputfile_str);
}
outputfile = fopen(outputfile_str, "w");
if (!outputfile) {
fprintf(stderr, "Error writing key to file %s: %s\n", outputfile_str, strerror(errno));
} else {
ldns_rr_print(outputfile, k);
fclose(outputfile);
}
LDNS_FREE(domain_str);
LDNS_FREE(outputfile_str);
LDNS_FREE(outputfile_buffer);
}
} else {
ldns_rr_list_print(stdout, l);
}
} else {
fprintf(stderr, "no answer packet received, stub resolver config:\n");
ldns_resolver_print(stderr, res);
}
printf("\n");
ldns_rdf_deep_free(domain);
ldns_resolver_deep_free(res);
ldns_rr_list_deep_free(l);
ldns_rr_list_deep_free(dns_root);
return EXIT_SUCCESS;
}
