/** verify and test an entry - every rr in the message */ static void verifytest_entry(struct entry* e, struct alloc_cache* alloc, struct regional* region, ldns_buffer* pkt, struct ub_packed_rrset_key* dnskey, struct module_env* env, struct val_env* ve) { struct query_info qinfo; struct reply_info* rep = NULL; size_t i; regional_free_all(region); if(vsig) { printf("verifying pkt:\n"); ldns_pkt_print(stdout, e->reply_list->reply); printf("\n"); } entry_to_repinfo(e, alloc, region, pkt, &qinfo, &rep); for(i=0; i<rep->rrset_count; i++) { verifytest_rrset(env, ve, rep->rrsets[i], dnskey, &qinfo); } reply_info_parsedelete(rep, alloc); query_info_clear(&qinfo); }
static int l_pkt_print(lua_State *L) { /* we always print to stdout */ ldns_pkt *toprint = (ldns_pkt*)lua_touserdata(L, 1); /* pop from the stack */ if (!toprint) { return 0; } ldns_pkt_print(stdout, toprint); return 0; }
/** check if unbound formerr equals ldns formerr */ static void checkformerr(ldns_buffer* pkt) { ldns_pkt* p; ldns_status status = ldns_buffer2pkt_wire(&p, pkt); if(vbmp) printf("formerr, ldns parse is: %s\n", ldns_get_errorstr_by_id(status)); if(status == LDNS_STATUS_OK) { printf("Formerr, but ldns gives packet:\n"); ldns_pkt_print(stdout, p); exit(1); } unit_assert(status != LDNS_STATUS_OK); }
/** DS sig test an entry - get DNSKEY and DS in entry and verify */ static void dstest_entry(struct entry* e, struct alloc_cache* alloc, struct regional* region, ldns_buffer* pkt, struct module_env* env) { struct query_info qinfo; struct reply_info* rep = NULL; struct ub_packed_rrset_key* ds, *dnskey; int ret; regional_free_all(region); if(vsig) { printf("verifying DS-DNSKEY match:\n"); ldns_pkt_print(stdout, e->reply_list->reply); printf("\n"); } entry_to_repinfo(e, alloc, region, pkt, &qinfo, &rep); ds = find_rrset_type(rep, LDNS_RR_TYPE_DS); dnskey = find_rrset_type(rep, LDNS_RR_TYPE_DNSKEY); /* check test is OK */ unit_assert(ds && dnskey); ret = ds_digest_match_dnskey(env, dnskey, 0, ds, 0); if(strncmp((char*)qinfo.qname, "\003yes", 4) == 0) { if(vsig) { printf("result(yes)= %s\n", ret?"yes":"no"); } unit_assert(ret); } else if (strncmp((char*)qinfo.qname, "\002no", 3) == 0) { if(vsig) { printf("result(no)= %s\n", ret?"yes":"no"); } unit_assert(!ret); verbose(VERB_QUERY, "DS fail: OK; matched unit test"); } else { fatal_exit("Bad qname in DS unit test, yes or no"); } reply_info_parsedelete(rep, alloc); query_info_clear(&qinfo); }
/** Test hash algo - NSEC3 hash it and compare result */ static void nsec3_hash_test_entry(struct entry* e, rbtree_t* ct, struct alloc_cache* alloc, struct regional* region, ldns_buffer* buf) { struct query_info qinfo; struct reply_info* rep = NULL; struct ub_packed_rrset_key* answer, *nsec3; struct nsec3_cached_hash* hash; int ret; uint8_t* qname; if(vsig) { printf("verifying NSEC3 hash:\n"); ldns_pkt_print(stdout, e->reply_list->reply); printf("\n"); } entry_to_repinfo(e, alloc, region, buf, &qinfo, &rep); nsec3 = find_rrset_type(rep, LDNS_RR_TYPE_NSEC3); answer = find_rrset_type(rep, LDNS_RR_TYPE_AAAA); qname = regional_alloc_init(region, qinfo.qname, qinfo.qname_len); /* check test is OK */ unit_assert(nsec3 && answer && qname); ret = nsec3_hash_name(ct, region, buf, nsec3, 0, qname, qinfo.qname_len, &hash); if(ret != 1) { printf("Bad nsec3_hash_name retcode %d\n", ret); unit_assert(ret == 1); } unit_assert(hash->dname && hash->hash && hash->hash_len && hash->b32 && hash->b32_len); unit_assert(hash->b32_len == (size_t)answer->rk.dname[0]); /* does not do lowercasing. */ unit_assert(memcmp(hash->b32, answer->rk.dname+1, hash->b32_len) == 0); reply_info_parsedelete(rep, alloc); query_info_clear(&qinfo); }
ldns_status ldns_resolver_prepare_query_pkt(ldns_pkt **query_pkt, ldns_resolver *r, const ldns_rdf *name, ldns_rr_type type, ldns_rr_class c, uint16_t flags) { /* prepare a question pkt from the parameters * and then send this */ *query_pkt = ldns_pkt_query_new(ldns_rdf_clone(name), type, c, flags); if (!*query_pkt) { return LDNS_STATUS_ERR; } /* set DO bit if necessary */ if (ldns_resolver_dnssec(r)) { if (ldns_resolver_edns_udp_size(r) == 0) { ldns_resolver_set_edns_udp_size(r, 4096); } ldns_pkt_set_edns_do(*query_pkt, true); if (ldns_resolver_dnssec_cd(r) || (flags & LDNS_CD)) { ldns_pkt_set_cd(*query_pkt, true); } } /* transfer the udp_edns_size from the resolver to the packet */ if (ldns_resolver_edns_udp_size(r) != 0) { ldns_pkt_set_edns_udp_size(*query_pkt, ldns_resolver_edns_udp_size(r)); } if (ldns_resolver_debug(r)) { ldns_pkt_print(stdout, *query_pkt); } /* only set the id if it is not set yet */ if (ldns_pkt_id(*query_pkt) == 0) { ldns_pkt_set_random_id(*query_pkt); } return LDNS_STATUS_OK; }
int main(int argc, char **argv) { /* arguments */ int port; const char *zone_file; /* network */ int sock; ssize_t nb; struct sockaddr addr_me; struct sockaddr addr_him; socklen_t hislen = (socklen_t) sizeof(addr_him); uint8_t inbuf[INBUF_SIZE]; uint8_t *outbuf; /* dns */ ldns_status status; ldns_pkt *query_pkt; ldns_pkt *answer_pkt; size_t answer_size; ldns_rr *query_rr; ldns_rr_list *answer_qr; ldns_rr_list *answer_an; ldns_rr_list *answer_ns; ldns_rr_list *answer_ad; ldns_rdf *origin = NULL; /* zone */ ldns_zone *zone; int line_nr; FILE *zone_fp; /* use this to listen on specified interfaces later? */ char *my_address = NULL; if (argc < 5) { usage(stderr); exit(EXIT_FAILURE); } else { my_address = argv[1]; port = atoi(argv[2]); if (port < 1) { usage(stderr); exit(EXIT_FAILURE); } if (ldns_str2rdf_dname(&origin, argv[3]) != LDNS_STATUS_OK) { fprintf(stderr, "Bad origin, not a correct domain name\n"); usage(stderr); exit(EXIT_FAILURE); } zone_file = argv[4]; } printf("Reading zone file %s\n", zone_file); zone_fp = fopen(zone_file, "r"); if (!zone_fp) { fprintf(stderr, "Unable to open %s: %s\n", zone_file, strerror(errno)); exit(EXIT_FAILURE); } line_nr = 0; status = ldns_zone_new_frm_fp_l(&zone, zone_fp, origin, 0, LDNS_RR_CLASS_IN, &line_nr); if (status != LDNS_STATUS_OK) { printf("Zone reader failed, aborting\n"); exit(EXIT_FAILURE); } else { printf("Read %u resource records in zone file\n", (unsigned int) ldns_zone_rr_count(zone)); } fclose(zone_fp); printf("Listening on port %d\n", port); sock = socket(AF_INET, SOCK_DGRAM, 0); if (sock < 0) { fprintf(stderr, "%s: socket(): %s\n", argv[0], strerror(errno)); exit(1); } memset(&addr_me, 0, sizeof(addr_me)); /* bind: try all ports in that range */ if (udp_bind(sock, port, my_address)) { fprintf(stderr, "%s: cannot bind(): %s\n", argv[0], strerror(errno)); exit(errno); } /* Done. Now receive */ while (1) { nb = recvfrom(sock, (void*)inbuf, INBUF_SIZE, 0, &addr_him, &hislen); if (nb < 1) { fprintf(stderr, "%s: recvfrom(): %s\n", argv[0], strerror(errno)); exit(1); } /* show(inbuf, nb, nn, hp, sp, ip, bp); */ printf("Got query of %u bytes\n", (unsigned int) nb); status = ldns_wire2pkt(&query_pkt, inbuf, (size_t) nb); if (status != LDNS_STATUS_OK) { printf("Got bad packet: %s\n", ldns_get_errorstr_by_id(status)); } else { ldns_pkt_print(stdout, query_pkt); } query_rr = ldns_rr_list_rr(ldns_pkt_question(query_pkt), 0); printf("QUERY RR: \n"); ldns_rr_print(stdout, query_rr); answer_qr = ldns_rr_list_new(); ldns_rr_list_push_rr(answer_qr, ldns_rr_clone(query_rr)); answer_an = get_rrset(zone, ldns_rr_owner(query_rr), ldns_rr_get_type(query_rr), ldns_rr_get_class(query_rr)); answer_pkt = ldns_pkt_new(); answer_ns = ldns_rr_list_new(); answer_ad = ldns_rr_list_new(); ldns_pkt_set_qr(answer_pkt, 1); ldns_pkt_set_aa(answer_pkt, 1); ldns_pkt_set_id(answer_pkt, ldns_pkt_id(query_pkt)); ldns_pkt_push_rr_list(answer_pkt, LDNS_SECTION_QUESTION, answer_qr); ldns_pkt_push_rr_list(answer_pkt, LDNS_SECTION_ANSWER, answer_an); ldns_pkt_push_rr_list(answer_pkt, LDNS_SECTION_AUTHORITY, answer_ns); ldns_pkt_push_rr_list(answer_pkt, LDNS_SECTION_ADDITIONAL, answer_ad); status = ldns_pkt2wire(&outbuf, answer_pkt, &answer_size); printf("Answer packet size: %u bytes.\n", (unsigned int) answer_size); if (status != LDNS_STATUS_OK) { printf("Error creating answer: %s\n", ldns_get_errorstr_by_id(status)); } else { nb = sendto(sock, (void*)outbuf, answer_size, 0, &addr_him, hislen); } ldns_pkt_free(query_pkt); ldns_pkt_free(answer_pkt); LDNS_FREE(outbuf); ldns_rr_list_free(answer_qr); ldns_rr_list_free(answer_an); ldns_rr_list_free(answer_ns); ldns_rr_list_free(answer_ad); } /* No cleanup because of the infinite loop * * ldns_rdf_deep_free(origin); * ldns_zone_deep_free(zone); * return 0; */ }
/** * Main function of drill * parse the arguments and prepare a query */ int main(int argc, char *argv[]) { ldns_resolver *res = NULL; ldns_resolver *cmdline_res = NULL; /* only used to resolv @name names */ ldns_rr_list *cmdline_rr_list = NULL; ldns_rdf *cmdline_dname = NULL; ldns_rdf *qname, *qname_tmp; ldns_pkt *pkt; ldns_pkt *qpkt; char *serv; const char *name; char *name2; char *progname; char *query_file = NULL; char *answer_file = NULL; ldns_buffer *query_buffer = NULL; ldns_rdf *serv_rdf; ldns_rr_type type; ldns_rr_class clas; #if 0 ldns_pkt_opcode opcode = LDNS_PACKET_QUERY; #endif int i, c; int int_type; int int_clas; int PURPOSE; char *tsig_name = NULL; char *tsig_data = NULL; char *tsig_algorithm = NULL; size_t tsig_separator; size_t tsig_separator2; ldns_rr *axfr_rr; ldns_status status; char *type_str; /* list of keys used in dnssec operations */ ldns_rr_list *key_list = ldns_rr_list_new(); /* what key verify the current answer */ ldns_rr_list *key_verified; /* resolver options */ uint16_t qflags; uint16_t qbuf; uint16_t qport; uint8_t qfamily; bool qdnssec; bool qfallback; bool qds; bool qusevc; bool qrandom; char *resolv_conf_file = NULL; ldns_rdf *trace_start_name = NULL; int result = 0; #ifdef USE_WINSOCK int r; WSADATA wsa_data; #endif int_type = -1; serv = NULL; type = 0; int_clas = -1; name = NULL; clas = 0; qname = NULL; progname = strdup(argv[0]); #ifdef USE_WINSOCK r = WSAStartup(MAKEWORD(2,2), &wsa_data); if(r != 0) { printf("Failed WSAStartup: %d\n", r); result = EXIT_FAILURE; goto exit; } #endif /* USE_WINSOCK */ PURPOSE = DRILL_QUERY; qflags = LDNS_RD; qport = LDNS_PORT; verbosity = 2; qdnssec = false; qfamily = LDNS_RESOLV_INETANY; qfallback = false; qds = false; qbuf = 0; qusevc = false; qrandom = true; key_verified = NULL; ldns_init_random(NULL, 0); if (argc == 0) { usage(stdout, progname); result = EXIT_FAILURE; goto exit; } /* string from orig drill: "i:w:I46Sk:TNp:b:DsvhVcuaq:f:xr" */ /* global first, query opt next, option with parm's last * and sorted */ /* "46DITSVQf:i:w:q:achuvxzy:so:p:b:k:" */ while ((c = getopt(argc, argv, "46ab:c:d:Df:hi:Ik:o:p:q:Qr:sStTuvV:w:xy:z")) != -1) { switch(c) { /* global options */ case '4': qfamily = LDNS_RESOLV_INET; break; case '6': qfamily = LDNS_RESOLV_INET6; break; case 'D': qdnssec = true; break; case 'I': /* reserved for backward compatibility */ break; case 'T': if (PURPOSE == DRILL_CHASE) { fprintf(stderr, "-T and -S cannot be used at the same time.\n"); exit(EXIT_FAILURE); } PURPOSE = DRILL_TRACE; break; #ifdef HAVE_SSL case 'S': if (PURPOSE == DRILL_TRACE) { fprintf(stderr, "-T and -S cannot be used at the same time.\n"); exit(EXIT_FAILURE); } PURPOSE = DRILL_CHASE; break; #endif /* HAVE_SSL */ case 'V': if (strtok(optarg, "0123456789") != NULL) { fprintf(stderr, "-V expects an number as an argument.\n"); exit(EXIT_FAILURE); } verbosity = atoi(optarg); break; case 'Q': verbosity = -1; break; case 'f': query_file = optarg; break; case 'i': answer_file = optarg; PURPOSE = DRILL_AFROMFILE; break; case 'w': answer_file = optarg; break; case 'q': query_file = optarg; PURPOSE = DRILL_QTOFILE; break; case 'r': if (global_dns_root) { fprintf(stderr, "There was already a series of root servers set\n"); exit(EXIT_FAILURE); } global_dns_root = read_root_hints(optarg); if (!global_dns_root) { fprintf(stderr, "Unable to read root hints file %s, aborting\n", optarg); exit(EXIT_FAILURE); } break; /* query options */ case 'a': qfallback = true; break; case 'b': qbuf = (uint16_t)atoi(optarg); if (qbuf == 0) { error("%s", "<bufsize> could not be converted"); } break; case 'c': resolv_conf_file = optarg; break; case 't': qusevc = true; break; case 'k': status = read_key_file(optarg, key_list, false); if (status != LDNS_STATUS_OK) { error("Could not parse the key file %s: %s", optarg, ldns_get_errorstr_by_id(status)); } qdnssec = true; /* enable that too */ break; case 'o': /* only looks at the first hit: capital=ON, lowercase=OFF*/ if (strstr(optarg, "QR")) { DRILL_ON(qflags, LDNS_QR); } if (strstr(optarg, "qr")) { DRILL_OFF(qflags, LDNS_QR); } if (strstr(optarg, "AA")) { DRILL_ON(qflags, LDNS_AA); } if (strstr(optarg, "aa")) { DRILL_OFF(qflags, LDNS_AA); } if (strstr(optarg, "TC")) { DRILL_ON(qflags, LDNS_TC); } if (strstr(optarg, "tc")) { DRILL_OFF(qflags, LDNS_TC); } if (strstr(optarg, "RD")) { DRILL_ON(qflags, LDNS_RD); } if (strstr(optarg, "rd")) { DRILL_OFF(qflags, LDNS_RD); } if (strstr(optarg, "CD")) { DRILL_ON(qflags, LDNS_CD); } if (strstr(optarg, "cd")) { DRILL_OFF(qflags, LDNS_CD); } if (strstr(optarg, "RA")) { DRILL_ON(qflags, LDNS_RA); } if (strstr(optarg, "ra")) { DRILL_OFF(qflags, LDNS_RA); } if (strstr(optarg, "AD")) { DRILL_ON(qflags, LDNS_AD); } if (strstr(optarg, "ad")) { DRILL_OFF(qflags, LDNS_AD); } break; case 'p': qport = (uint16_t)atoi(optarg); if (qport == 0) { error("%s", "<port> could not be converted"); } break; case 's': qds = true; break; case 'u': qusevc = false; break; case 'v': version(stdout, progname); result = EXIT_SUCCESS; goto exit; case 'x': PURPOSE = DRILL_REVERSE; break; case 'y': #ifdef HAVE_SSL if (strchr(optarg, ':')) { tsig_separator = (size_t) (strchr(optarg, ':') - optarg); if (strchr(optarg + tsig_separator + 1, ':')) { tsig_separator2 = (size_t) (strchr(optarg + tsig_separator + 1, ':') - optarg); tsig_algorithm = xmalloc(strlen(optarg) - tsig_separator2); strncpy(tsig_algorithm, optarg + tsig_separator2 + 1, strlen(optarg) - tsig_separator2); tsig_algorithm[strlen(optarg) - tsig_separator2 - 1] = '\0'; } else { tsig_separator2 = strlen(optarg); tsig_algorithm = xmalloc(26); strncpy(tsig_algorithm, "hmac-md5.sig-alg.reg.int.", 25); tsig_algorithm[25] = '\0'; } tsig_name = xmalloc(tsig_separator + 1); tsig_data = xmalloc(tsig_separator2 - tsig_separator); strncpy(tsig_name, optarg, tsig_separator); strncpy(tsig_data, optarg + tsig_separator + 1, tsig_separator2 - tsig_separator - 1); /* strncpy does not append \0 if source is longer than n */ tsig_name[tsig_separator] = '\0'; tsig_data[ tsig_separator2 - tsig_separator - 1] = '\0'; } #else fprintf(stderr, "TSIG requested, but SSL is not supported\n"); result = EXIT_FAILURE; goto exit; #endif /* HAVE_SSL */ break; case 'z': qrandom = false; break; case 'd': trace_start_name = ldns_dname_new_frm_str(optarg); if (!trace_start_name) { fprintf(stderr, "Unable to parse argument for -%c\n", c); result = EXIT_FAILURE; goto exit; } break; case 'h': version(stdout, progname); usage(stdout, progname); result = EXIT_SUCCESS; goto exit; break; default: fprintf(stderr, "Unknown argument: -%c, use -h to see usage\n", c); result = EXIT_FAILURE; goto exit; } } argc -= optind; argv += optind; if ((PURPOSE == DRILL_CHASE || (PURPOSE == DRILL_TRACE && qdnssec)) && ldns_rr_list_rr_count(key_list) == 0) { (void) read_key_file(LDNS_TRUST_ANCHOR_FILE, key_list, true); } if (ldns_rr_list_rr_count(key_list) > 0) { printf(";; Number of trusted keys: %d\n", (int) ldns_rr_list_rr_count(key_list)); } /* do a secure trace when requested */ if (PURPOSE == DRILL_TRACE && qdnssec) { #ifdef HAVE_SSL if (ldns_rr_list_rr_count(key_list) == 0) { warning("%s", "No trusted keys were given. Will not be able to verify authenticity!"); } PURPOSE = DRILL_SECTRACE; #else fprintf(stderr, "ldns has not been compiled with OpenSSL support. Secure trace not available\n"); exit(1); #endif /* HAVE_SSL */ } /* parse the arguments, with multiple arguments, the last argument * found is used */ for(i = 0; i < argc; i++) { /* if ^@ then it's a server */ if (argv[i][0] == '@') { if (strlen(argv[i]) == 1) { warning("%s", "No nameserver given"); exit(EXIT_FAILURE); } serv = argv[i] + 1; continue; } /* if has a dot, it's a name */ if (strchr(argv[i], '.')) { name = argv[i]; continue; } /* if it matches a type, it's a type */ if (int_type == -1) { type = ldns_get_rr_type_by_name(argv[i]); if (type != 0) { int_type = 0; continue; } } /* if it matches a class, it's a class */ if (int_clas == -1) { clas = ldns_get_rr_class_by_name(argv[i]); if (clas != 0) { int_clas = 0; continue; } } /* it all fails assume it's a name */ name = argv[i]; } /* act like dig and use for . NS */ if (!name) { name = "."; int_type = 0; type = LDNS_RR_TYPE_NS; } /* defaults if not given */ if (int_clas == -1) { clas = LDNS_RR_CLASS_IN; } if (int_type == -1) { if (PURPOSE != DRILL_REVERSE) { type = LDNS_RR_TYPE_A; } else { type = LDNS_RR_TYPE_PTR; } } /* set the nameserver to use */ if (!serv) { /* no server given make a resolver from /etc/resolv.conf */ status = ldns_resolver_new_frm_file(&res, resolv_conf_file); if (status != LDNS_STATUS_OK) { warning("Could not create a resolver structure: %s (%s)\n" "Try drill @localhost if you have a resolver running on your machine.", ldns_get_errorstr_by_id(status), resolv_conf_file); result = EXIT_FAILURE; goto exit; } } else { res = ldns_resolver_new(); if (!res || strlen(serv) <= 0) { warning("Could not create a resolver structure"); result = EXIT_FAILURE; goto exit; } /* add the nameserver */ serv_rdf = ldns_rdf_new_addr_frm_str(serv); if (!serv_rdf) { /* try to resolv the name if possible */ status = ldns_resolver_new_frm_file(&cmdline_res, resolv_conf_file); if (status != LDNS_STATUS_OK) { error("%s", "@server ip could not be converted"); } ldns_resolver_set_dnssec(cmdline_res, qdnssec); ldns_resolver_set_ip6(cmdline_res, qfamily); ldns_resolver_set_fallback(cmdline_res, qfallback); ldns_resolver_set_usevc(cmdline_res, qusevc); cmdline_dname = ldns_dname_new_frm_str(serv); cmdline_rr_list = ldns_get_rr_list_addr_by_name( cmdline_res, cmdline_dname, LDNS_RR_CLASS_IN, qflags); ldns_rdf_deep_free(cmdline_dname); if (!cmdline_rr_list) { /* This error msg is not always accurate */ error("%s `%s\'", "could not find any address for the name:", serv); } else { if (ldns_resolver_push_nameserver_rr_list( res, cmdline_rr_list ) != LDNS_STATUS_OK) { error("%s", "pushing nameserver"); } } } else { if (ldns_resolver_push_nameserver(res, serv_rdf) != LDNS_STATUS_OK) { error("%s", "pushing nameserver"); } else { ldns_rdf_deep_free(serv_rdf); } } } /* set the resolver options */ ldns_resolver_set_port(res, qport); if (verbosity >= 5) { ldns_resolver_set_debug(res, true); } else { ldns_resolver_set_debug(res, false); } ldns_resolver_set_dnssec(res, qdnssec); /* ldns_resolver_set_dnssec_cd(res, qdnssec);*/ ldns_resolver_set_ip6(res, qfamily); ldns_resolver_set_fallback(res, qfallback); ldns_resolver_set_usevc(res, qusevc); ldns_resolver_set_random(res, qrandom); if (qbuf != 0) { ldns_resolver_set_edns_udp_size(res, qbuf); } if (!name && PURPOSE != DRILL_AFROMFILE && !query_file ) { usage(stdout, progname); result = EXIT_FAILURE; goto exit; } if (tsig_name && tsig_data) { ldns_resolver_set_tsig_keyname(res, tsig_name); ldns_resolver_set_tsig_keydata(res, tsig_data); ldns_resolver_set_tsig_algorithm(res, tsig_algorithm); } /* main switching part of drill */ switch(PURPOSE) { case DRILL_TRACE: /* do a trace from the root down */ if (!global_dns_root) { init_root(); } qname = ldns_dname_new_frm_str(name); if (!qname) { error("%s", "parsing query name"); } /* don't care about return packet */ (void)do_trace(res, qname, type, clas); clear_root(); break; case DRILL_SECTRACE: /* do a secure trace from the root down */ if (!global_dns_root) { init_root(); } qname = ldns_dname_new_frm_str(name); if (!qname) { error("%s", "making qname"); } /* don't care about return packet */ #ifdef HAVE_SSL result = do_secure_trace(res, qname, type, clas, key_list, trace_start_name); #endif /* HAVE_SSL */ clear_root(); break; case DRILL_CHASE: qname = ldns_dname_new_frm_str(name); if (!qname) { error("%s", "making qname"); } ldns_resolver_set_dnssec(res, true); ldns_resolver_set_dnssec_cd(res, true); /* set dnssec implies udp_size of 4096 */ ldns_resolver_set_edns_udp_size(res, 4096); pkt = ldns_resolver_query(res, qname, type, clas, qflags); if (!pkt) { error("%s", "error pkt sending"); result = EXIT_FAILURE; } else { if (verbosity >= 3) { ldns_pkt_print(stdout, pkt); } if (!ldns_pkt_answer(pkt)) { mesg("No answer in packet"); } else { #ifdef HAVE_SSL ldns_resolver_set_dnssec_anchors(res, ldns_rr_list_clone(key_list)); result = do_chase(res, qname, type, clas, key_list, pkt, qflags, NULL, verbosity); if (result == LDNS_STATUS_OK) { if (verbosity != -1) { mesg("Chase successful"); } result = 0; } else { if (verbosity != -1) { mesg("Chase failed."); } } #endif /* HAVE_SSL */ } ldns_pkt_free(pkt); } break; case DRILL_AFROMFILE: pkt = read_hex_pkt(answer_file); if (pkt) { if (verbosity != -1) { ldns_pkt_print(stdout, pkt); } ldns_pkt_free(pkt); } break; case DRILL_QTOFILE: qname = ldns_dname_new_frm_str(name); if (!qname) { error("%s", "making qname"); } status = ldns_resolver_prepare_query_pkt(&qpkt, res, qname, type, clas, qflags); if(status != LDNS_STATUS_OK) { error("%s", "making query: %s", ldns_get_errorstr_by_id(status)); } dump_hex(qpkt, query_file); ldns_pkt_free(qpkt); break; case DRILL_NSEC: break; case DRILL_REVERSE: /* ipv4 or ipv6 addr? */ if (strchr(name, ':')) { if (strchr(name, '.')) { error("Syntax error: both '.' and ':' seen in address\n"); } name2 = malloc(IP6_ARPA_MAX_LEN + 20); c = 0; for (i=0; i<(int)strlen(name); i++) { if (i >= IP6_ARPA_MAX_LEN) { error("%s", "reverse argument to long"); } if (name[i] == ':') { if (i < (int) strlen(name) && name[i + 1] == ':') { error("%s", ":: not supported (yet)"); } else { if (i + 2 == (int) strlen(name) || name[i + 2] == ':') { name2[c++] = '0'; name2[c++] = '.'; name2[c++] = '0'; name2[c++] = '.'; name2[c++] = '0'; name2[c++] = '.'; } else if (i + 3 == (int) strlen(name) || name[i + 3] == ':') { name2[c++] = '0'; name2[c++] = '.'; name2[c++] = '0'; name2[c++] = '.'; } else if (i + 4 == (int) strlen(name) || name[i + 4] == ':') { name2[c++] = '0'; name2[c++] = '.'; } } } else { name2[c++] = name[i]; name2[c++] = '.'; } } name2[c++] = '\0'; qname = ldns_dname_new_frm_str(name2); qname_tmp = ldns_dname_reverse(qname); ldns_rdf_deep_free(qname); qname = qname_tmp; qname_tmp = ldns_dname_new_frm_str("ip6.arpa."); status = ldns_dname_cat(qname, qname_tmp); if (status != LDNS_STATUS_OK) { error("%s", "could not create reverse address for ip6: %s\n", ldns_get_errorstr_by_id(status)); } ldns_rdf_deep_free(qname_tmp); free(name2); } else { qname = ldns_dname_new_frm_str(name); qname_tmp = ldns_dname_reverse(qname); ldns_rdf_deep_free(qname); qname = qname_tmp; qname_tmp = ldns_dname_new_frm_str("in-addr.arpa."); status = ldns_dname_cat(qname, qname_tmp); if (status != LDNS_STATUS_OK) { error("%s", "could not create reverse address for ip4: %s\n", ldns_get_errorstr_by_id(status)); } ldns_rdf_deep_free(qname_tmp); } if (!qname) { error("%s", "-x implies an ip address"); } /* create a packet and set the RD flag on it */ pkt = ldns_resolver_query(res, qname, type, clas, qflags); if (!pkt) { error("%s", "pkt sending"); result = EXIT_FAILURE; } else { if (verbosity != -1) { ldns_pkt_print(stdout, pkt); } ldns_pkt_free(pkt); } break; case DRILL_QUERY: default: if (query_file) { /* this old way, the query packet needed to be parseable, but we want to be able to send mangled packets, so we need to do it directly */ #if 0 qpkt = read_hex_pkt(query_file); if (qpkt) { status = ldns_resolver_send_pkt(&pkt, res, qpkt); if (status != LDNS_STATUS_OK) { printf("Error: %s\n", ldns_get_errorstr_by_id(status)); exit(1); } } else { /* qpkt was bogus, reset pkt */ pkt = NULL; } #endif query_buffer = read_hex_buffer(query_file); if (query_buffer) { status = ldns_send_buffer(&pkt, res, query_buffer, NULL); ldns_buffer_free(query_buffer); if (status != LDNS_STATUS_OK) { printf("Error: %s\n", ldns_get_errorstr_by_id(status)); exit(1); } } else { printf("NO BUFFER\n"); pkt = NULL; } } else { qname = ldns_dname_new_frm_str(name); if (!qname) { error("%s", "error in making qname"); } if (type == LDNS_RR_TYPE_AXFR) { status = ldns_axfr_start(res, qname, clas); if(status != LDNS_STATUS_OK) { error("Error starting axfr: %s", ldns_get_errorstr_by_id(status)); } axfr_rr = ldns_axfr_next(res); if(!axfr_rr) { fprintf(stderr, "AXFR failed.\n"); ldns_pkt_print(stdout, ldns_axfr_last_pkt(res)); goto exit; } while (axfr_rr) { if (verbosity != -1) { ldns_rr_print(stdout, axfr_rr); } ldns_rr_free(axfr_rr); axfr_rr = ldns_axfr_next(res); } goto exit; } else { /* create a packet and set the RD flag on it */ pkt = ldns_resolver_query(res, qname, type, clas, qflags); } } if (!pkt) { mesg("No packet received"); result = EXIT_FAILURE; } else { if (verbosity != -1) { ldns_pkt_print(stdout, pkt); if (ldns_pkt_tc(pkt)) { fprintf(stdout, "\n;; WARNING: The answer packet was truncated; you might want to\n"); fprintf(stdout, ";; query again with TCP (-t argument), or EDNS0 (-b for buffer size)\n"); } } if (qds) { if (verbosity != -1) { print_ds_of_keys(pkt); printf("\n"); } } if (ldns_rr_list_rr_count(key_list) > 0) { /* -k's were given on the cmd line */ ldns_rr_list *rrset_verified; uint16_t key_count; rrset_verified = ldns_pkt_rr_list_by_name_and_type( pkt, qname, type, LDNS_SECTION_ANY_NOQUESTION); if (type == LDNS_RR_TYPE_ANY) { /* don't verify this */ break; } if (verbosity != -1) { printf("; "); ldns_rr_list_print(stdout, rrset_verified); } /* verify */ #ifdef HAVE_SSL key_verified = ldns_rr_list_new(); result = ldns_pkt_verify(pkt, type, qname, key_list, NULL, key_verified); if (result == LDNS_STATUS_ERR) { /* is the existence denied then? */ result = ldns_verify_denial(pkt, qname, type, NULL, NULL); if (result == LDNS_STATUS_OK) { if (verbosity != -1) { printf("Existence denied for "); ldns_rdf_print(stdout, qname); type_str = ldns_rr_type2str(type); printf("\t%s\n", type_str); LDNS_FREE(type_str); } } else { if (verbosity != -1) { printf("Bad data; RR for name and " "type not found or failed to " "verify, and denial of " "existence failed.\n"); } } } else if (result == LDNS_STATUS_OK) { for(key_count = 0; key_count < ldns_rr_list_rr_count(key_verified); key_count++) { if (verbosity != -1) { printf("; VALIDATED by id = %u, owner = ", (unsigned int)ldns_calc_keytag( ldns_rr_list_rr(key_verified, key_count))); ldns_rdf_print(stdout, ldns_rr_owner( ldns_rr_list_rr(key_list, key_count))); printf("\n"); } } } else { for(key_count = 0; key_count < ldns_rr_list_rr_count(key_list); key_count++) { if (verbosity != -1) { printf("; %s for id = %u, owner = ", ldns_get_errorstr_by_id(result), (unsigned int)ldns_calc_keytag( ldns_rr_list_rr(key_list, key_count))); ldns_rdf_print(stdout, ldns_rr_owner( ldns_rr_list_rr(key_list, key_count))); printf("\n"); } } } ldns_rr_list_free(key_verified); #else (void) key_count; #endif /* HAVE_SSL */ } if (answer_file) { dump_hex(pkt, answer_file); } ldns_pkt_free(pkt); } break; } exit: ldns_rdf_deep_free(qname); ldns_resolver_deep_free(res); ldns_resolver_deep_free(cmdline_res); ldns_rr_list_deep_free(key_list); ldns_rr_list_deep_free(cmdline_rr_list); ldns_rdf_deep_free(trace_start_name); xfree(progname); xfree(tsig_name); xfree(tsig_data); xfree(tsig_algorithm); #ifdef HAVE_SSL ERR_remove_state(0); CRYPTO_cleanup_all_ex_data(); ERR_free_strings(); EVP_cleanup(); #endif #ifdef USE_WINSOCK WSACleanup(); #endif return result; }
/** see if buffers contain the same packet */ static int test_buffers(ldns_buffer* pkt, ldns_buffer* out) { ldns_pkt* p1=0, *p2=0; ldns_status s1, s2; /* check binary same */ if(ldns_buffer_limit(pkt) == ldns_buffer_limit(out) && memcmp(ldns_buffer_begin(pkt), ldns_buffer_begin(out), ldns_buffer_limit(pkt)) == 0) { if(vbmp) printf("binary the same (length=%u)\n", (unsigned)ldns_buffer_limit(pkt)); return 1; } if(vbmp) { size_t sz = 16; size_t count; size_t lim = ldns_buffer_limit(out); if(ldns_buffer_limit(pkt) < lim) lim = ldns_buffer_limit(pkt); for(count=0; count<lim; count+=sz) { size_t rem = sz; if(lim-count < sz) rem = lim-count; if(memcmp(ldns_buffer_at(pkt, count), ldns_buffer_at(out, count), rem) == 0) { log_info("same %d %d", (int)count, (int)rem); log_hex("same: ", ldns_buffer_at(pkt, count), rem); } else { log_info("diff %d %d", (int)count, (int)rem); log_hex("difp: ", ldns_buffer_at(pkt, count), rem); log_hex("difo: ", ldns_buffer_at(out, count), rem); } } } /* check if it 'means the same' */ s1 = ldns_buffer2pkt_wire(&p1, pkt); s2 = ldns_buffer2pkt_wire(&p2, out); if(vbmp) { log_buf(0, "orig in hex", pkt); log_buf(0, "unbound out in hex", out); printf("\npacket from unbound (%d):\n", (int)ldns_buffer_limit(out)); ldns_pkt_print(stdout, p2); printf("\npacket original (%d):\n", (int)ldns_buffer_limit(pkt)); ldns_pkt_print(stdout, p1); printf("\n"); } if(s1 != s2) { /* oops! */ printf("input ldns parse: %s, output ldns parse: %s.\n", ldns_get_errorstr_by_id(s1), ldns_get_errorstr_by_id(s2)); unit_assert(0); } /* compare packets */ unit_assert(match_all(p1, p2)); ldns_pkt_free(p1); ldns_pkt_free(p2); return 0; }
ldns_status ldns_verify_denial(ldns_pkt *pkt, ldns_rdf *name, ldns_rr_type type, ldns_rr_list **nsec_rrs, ldns_rr_list **nsec_rr_sigs) { uint16_t nsec_i; ldns_rr_list *nsecs; ldns_status result; if (verbosity >= 5) { printf("VERIFY DENIAL FROM:\n"); ldns_pkt_print(stdout, pkt); } result = LDNS_STATUS_CRYPTO_NO_RRSIG; /* Try to see if there are NSECS in the packet */ nsecs = ldns_pkt_rr_list_by_type(pkt, LDNS_RR_TYPE_NSEC, LDNS_SECTION_ANY_NOQUESTION); if (nsecs) { for (nsec_i = 0; nsec_i < ldns_rr_list_rr_count(nsecs); nsec_i++) { /* there are four options: * - name equals ownername and is covered by the type bitmap * - name equals ownername but is not covered by the type bitmap * - name falls within nsec coverage but is not equal to the owner name * - name falls outside of nsec coverage */ if (ldns_dname_compare(ldns_rr_owner(ldns_rr_list_rr(nsecs, nsec_i)), name) == 0) { /* printf("CHECKING NSEC:\n"); ldns_rr_print(stdout, ldns_rr_list_rr(nsecs, nsec_i)); printf("DAWASEM\n"); */ if (ldns_nsec_bitmap_covers_type( ldns_nsec_get_bitmap(ldns_rr_list_rr(nsecs, nsec_i)), type)) { /* Error, according to the nsec this rrset is signed */ result = LDNS_STATUS_CRYPTO_NO_RRSIG; } else { /* ok nsec denies existence */ if (verbosity >= 3) { printf(";; Existence of data set with this type denied by NSEC\n"); } /*printf(";; Verifiably insecure.\n");*/ if (nsec_rrs && nsec_rr_sigs) { (void) get_dnssec_rr(pkt, ldns_rr_owner(ldns_rr_list_rr(nsecs, nsec_i)), LDNS_RR_TYPE_NSEC, nsec_rrs, nsec_rr_sigs); } ldns_rr_list_deep_free(nsecs); return LDNS_STATUS_OK; } } else if (ldns_nsec_covers_name(ldns_rr_list_rr(nsecs, nsec_i), name)) { if (verbosity >= 3) { printf(";; Existence of data set with this name denied by NSEC\n"); } if (nsec_rrs && nsec_rr_sigs) { (void) get_dnssec_rr(pkt, ldns_rr_owner(ldns_rr_list_rr(nsecs, nsec_i)), LDNS_RR_TYPE_NSEC, nsec_rrs, nsec_rr_sigs); } ldns_rr_list_deep_free(nsecs); return LDNS_STATUS_OK; } else { /* nsec has nothing to do with this data */ } } ldns_rr_list_deep_free(nsecs); } else if( (nsecs = ldns_pkt_rr_list_by_type(pkt, LDNS_RR_TYPE_NSEC3, LDNS_SECTION_ANY_NOQUESTION)) ) { ldns_rr_list* sigs = ldns_pkt_rr_list_by_type(pkt, LDNS_RR_TYPE_RRSIG, LDNS_SECTION_ANY_NOQUESTION); ldns_rr* q = ldns_rr_new(); if(!sigs) return LDNS_STATUS_MEM_ERR; if(!q) return LDNS_STATUS_MEM_ERR; ldns_rr_set_question(q, 1); ldns_rr_set_ttl(q, 0); ldns_rr_set_owner(q, ldns_rdf_clone(name)); if(!ldns_rr_owner(q)) return LDNS_STATUS_MEM_ERR; ldns_rr_set_type(q, type); result = ldns_dnssec_verify_denial_nsec3(q, nsecs, sigs, ldns_pkt_get_rcode(pkt), type, ldns_pkt_ancount(pkt) == 0); ldns_rr_free(q); ldns_rr_list_deep_free(nsecs); ldns_rr_list_deep_free(sigs); } return result; }
static void notify_host(int s, struct addrinfo* res, uint8_t* wire, size_t wiresize, const char* addrstr) { int timeout_retry = 5; /* seconds */ int num_retry = max_num_retry; #ifndef S_SPLINT_S fd_set rfds; #endif struct timeval tv; int retval = 0; ssize_t received = 0; int got_ack = 0; socklen_t addrlen = 0; uint8_t replybuf[2048]; ldns_status status; ldns_pkt* pkt = NULL; while(!got_ack) { /* send it */ if(sendto(s, (void*)wire, wiresize, 0, res->ai_addr, res->ai_addrlen) == -1) { printf("warning: send to %s failed: %s\n", addrstr, strerror(errno)); #ifndef USE_WINSOCK close(s); #else closesocket(s); #endif return; } /* wait for ACK packet */ #ifndef S_SPLINT_S FD_ZERO(&rfds); FD_SET(s, &rfds); tv.tv_sec = timeout_retry; /* seconds */ #endif tv.tv_usec = 0; /* microseconds */ retval = select(s + 1, &rfds, NULL, NULL, &tv); if (retval == -1) { printf("error waiting for reply from %s: %s\n", addrstr, strerror(errno)); #ifndef USE_WINSOCK close(s); #else closesocket(s); #endif return; } if(retval == 0) { num_retry--; if(num_retry == 0) { printf("error: failed to send notify to %s.\n", addrstr); exit(1); } printf("timeout (%d s) expired, retry notify to %s.\n", timeout_retry, addrstr); } if (retval == 1) { got_ack = 1; } } /* got reply */ addrlen = res->ai_addrlen; received = recvfrom(s, (void*)replybuf, sizeof(replybuf), 0, res->ai_addr, &addrlen); res->ai_addrlen = addrlen; #ifndef USE_WINSOCK close(s); #else closesocket(s); #endif if (received == -1) { printf("recv %s failed: %s\n", addrstr, strerror(errno)); return; } /* check reply */ status = ldns_wire2pkt(&pkt, replybuf, (size_t)received); if(status != LDNS_STATUS_OK) { ssize_t i; printf("Could not parse reply packet: %s\n", ldns_get_errorstr_by_id(status)); if (verbose > 1) { printf("hexdump of reply: "); for(i=0; i<received; i++) printf("%02x", (unsigned)replybuf[i]); printf("\n"); } exit(1); } if(verbose) { ssize_t i; printf("# reply from %s:\n", addrstr); ldns_pkt_print(stdout, pkt); if (verbose > 1) { printf("hexdump of reply: "); for(i=0; i<received; i++) printf("%02x", (unsigned)replybuf[i]); printf("\n"); } } ldns_pkt_free(pkt); }
int main(int argc, char **argv) { int c; int i; /* LDNS types */ ldns_pkt *notify; ldns_rr *question; ldns_resolver *res; ldns_rdf *ldns_zone_name = NULL; ldns_status status; const char *zone_name = NULL; int include_soa = 0; uint32_t soa_version = 0; ldns_tsig_credentials tsig_cred = {0,0,0}; int do_hexdump = 1; uint8_t *wire = NULL; size_t wiresize = 0; char *port = "53"; srandom(time(NULL) ^ getpid()); while ((c = getopt(argc, argv, "vhdp:r:s:y:z:")) != -1) { switch (c) { case 'd': verbose++; break; case 'p': port = optarg; break; case 'r': max_num_retry = atoi(optarg); break; case 's': include_soa = 1; soa_version = (uint32_t)atoi(optarg); break; case 'y': tsig_cred.algorithm = "hmac-md5.sig-alg.reg.int."; tsig_cred.keyname = optarg; tsig_cred.keydata = strchr(optarg, ':'); *tsig_cred.keydata = '\0'; tsig_cred.keydata++; printf("Sign with %s : %s\n", tsig_cred.keyname, tsig_cred.keydata); break; case 'z': zone_name = optarg; ldns_zone_name = ldns_dname_new_frm_str(zone_name); if(!ldns_zone_name) { printf("cannot parse zone name: %s\n", zone_name); exit(1); } break; case 'v': version(); case 'h': case '?': default: usage(); } } argc -= optind; argv += optind; if (argc == 0 || zone_name == NULL) { usage(); } notify = ldns_pkt_new(); question = ldns_rr_new(); res = ldns_resolver_new(); if (!notify || !question || !res) { /* bail out */ printf("error: cannot create ldns types\n"); exit(1); } /* create the rr for inside the pkt */ ldns_rr_set_class(question, LDNS_RR_CLASS_IN); ldns_rr_set_owner(question, ldns_zone_name); ldns_rr_set_type(question, LDNS_RR_TYPE_SOA); ldns_pkt_set_opcode(notify, LDNS_PACKET_NOTIFY); ldns_pkt_push_rr(notify, LDNS_SECTION_QUESTION, question); ldns_pkt_set_aa(notify, true); ldns_pkt_set_id(notify, random()&0xffff); if(include_soa) { char buf[10240]; ldns_rr *soa_rr=NULL; ldns_rdf *prev=NULL; snprintf(buf, sizeof(buf), "%s 3600 IN SOA . . %u 0 0 0 0", zone_name, (unsigned)soa_version); /*printf("Adding soa %s\n", buf);*/ status = ldns_rr_new_frm_str(&soa_rr, buf, 3600, NULL, &prev); if(status != LDNS_STATUS_OK) { printf("Error adding SOA version: %s\n", ldns_get_errorstr_by_id(status)); } ldns_pkt_push_rr(notify, LDNS_SECTION_ANSWER, soa_rr); } if(tsig_cred.keyname) { #ifdef HAVE_SSL status = ldns_pkt_tsig_sign(notify, tsig_cred.keyname, tsig_cred.keydata, 300, tsig_cred.algorithm, NULL); if(status != LDNS_STATUS_OK) { printf("Error TSIG sign query: %s\n", ldns_get_errorstr_by_id(status)); } #else fprintf(stderr, "Warning: TSIG needs OpenSSL support, which has not been compiled in, TSIG skipped\n"); #endif } if(verbose) { printf("# Sending packet:\n"); ldns_pkt_print(stdout, notify); } status = ldns_pkt2wire(&wire, notify, &wiresize); if(wiresize == 0) { printf("Error converting notify packet to hex.\n"); exit(1); } if(do_hexdump && verbose > 1) { printf("Hexdump of notify packet:\n"); for(i=0; i<(int)wiresize; i++) printf("%02x", (unsigned)wire[i]); printf("\n"); } for(i=0; i<argc; i++) { struct addrinfo hints, *res0, *res; int error; int default_family = AF_INET; if(verbose) printf("# sending to %s\n", argv[i]); memset(&hints, 0, sizeof(hints)); hints.ai_family = default_family; hints.ai_socktype = SOCK_DGRAM; hints.ai_protocol = IPPROTO_UDP; error = getaddrinfo(argv[i], port, &hints, &res0); if (error) { printf("skipping bad address: %s: %s\n", argv[i], gai_strerror(error)); continue; } for (res = res0; res; res = res->ai_next) { int s = socket(res->ai_family, res->ai_socktype, res->ai_protocol); if(s == -1) continue; /* send the notify */ notify_host(s, res, wire, wiresize, argv[i]); } freeaddrinfo(res0); } ldns_pkt_free(notify); free(wire); return 0; }
int main(int argc, char *argv[]) { ldns_resolver *res; ldns_rdf *name; ldns_rdf *version, *id; ldns_pkt *p; ldns_rr_list *addr; ldns_rr_list *info; ldns_status s; ldns_rdf *pop; size_t i; if (argc != 2) { usage(stdout, argv[0]); exit(EXIT_FAILURE); } else { /* create a rdf from the command line arg */ name = ldns_dname_new_frm_str(argv[1]); if (!name) { usage(stdout, argv[0]); exit(EXIT_FAILURE); } } /* create rdf for what we are going to ask */ version = ldns_dname_new_frm_str("version.bind"); id = ldns_dname_new_frm_str("hostname.bind"); /* create a new resolver from /etc/resolv.conf */ s = ldns_resolver_new_frm_file(&res, NULL); if (s != LDNS_STATUS_OK) { ldns_rdf_deep_free(name); exit(EXIT_FAILURE); } ldns_resolver_set_retry(res, 1); /* don't want to wait too long */ /* use the resolver to send it a query for the a/aaaa of name */ addr = ldns_get_rr_list_addr_by_name(res, name, LDNS_RR_CLASS_IN, LDNS_RD); if (!addr) { fprintf(stderr, " *** could not get an address for %s\n", argv[1]); ldns_rdf_deep_free(name); ldns_resolver_deep_free(res); exit(EXIT_FAILURE); } /* remove current list of nameservers from resolver */ while((pop = ldns_resolver_pop_nameserver(res))) { ldns_rdf_deep_free(pop); } /* can be multihomed */ for(i = 0; i < ldns_rr_list_rr_count(addr); i++) { if (i > 0) { fprintf(stdout, "\n"); } if (ldns_resolver_push_nameserver_rr(res, ldns_rr_list_rr(addr, i)) != LDNS_STATUS_OK) { printf("Error adding nameserver to resolver\n"); } ldns_rr_print(stdout, ldns_rr_list_rr(addr, i)); fprintf(stdout, "\n"); p = ldns_resolver_query(res, version, LDNS_RR_TYPE_TXT, LDNS_RR_CLASS_CH, LDNS_RD); if (p) { ldns_pkt_print(stdout, p); info = ldns_pkt_rr_list_by_type(p, LDNS_RR_TYPE_TXT, LDNS_SECTION_ANSWER); if (info) { ldns_rr_list_print(stdout, info); ldns_rr_list_deep_free(info); } else { printf(" *** version retrieval failed\n"); } ldns_pkt_free(p); } else { printf(" *** query failed\n"); } p = ldns_resolver_query(res, id, LDNS_RR_TYPE_TXT, LDNS_RR_CLASS_CH, LDNS_RD); if (p) { info = ldns_pkt_rr_list_by_type(p, LDNS_RR_TYPE_TXT, LDNS_SECTION_ANSWER); if (info) { ldns_rr_list_print(stdout, info); ldns_rr_list_deep_free(info); } else { printf(" *** id retrieval failed\n"); } ldns_pkt_free(p); } else { printf(" *** query failed for\n"); } ldns_rdf_deep_free(ldns_resolver_pop_nameserver(res)); } ldns_rdf_deep_free(name); ldns_resolver_deep_free(res); exit(EXIT_SUCCESS); }
int main (int argc, char **argv) { /* Local Vars */ char *out = NULL; ldns_resolver *res; ldns_rdf *domain; ldns_rdf *host; ldns_rdf *example; ldns_pkt *pkt; ldns_rr *rr; ldns_status status; /* Set signal handling and alarm */ if (signal(SIGALRM, timeout_alarm_handler) == SIG_ERR) critical("Setup SIGALRM trap failed!"); /* Process check arguments */ if (process_arguments(argc, argv) != OK) unknown("Parsing arguments failed!"); /* Start plugin timeout */ alarm(mp_timeout); // Create DNAME from domainname domain = ldns_dname_new_frm_str(domainname); if (!domain) usage("Invalid domainname '%s'", domainname); // Create rdf from hostaddr host = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_A, hostname); #ifdef USE_IPV6 if (!host) host = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_AAAA, hostname); #endif if (!host) { ldns_rdf_deep_free(domain); usage("Invalid hostname '%s'", hostname); } // Create DNAME from example.com example = ldns_dname_new_frm_str("exmple.com"); if (!example) usage("Invalid domainname 'example.com'"); // Create resolver res = ldns_resolver_new(); if (!res) { ldns_rdf_deep_free(domain); ldns_rdf_deep_free(host); unknown("Create resolver failed."); } // Add ns to resolver status = ldns_resolver_push_nameserver(res, host); if (status != LDNS_STATUS_OK) { ldns_rdf_deep_free(domain); ldns_rdf_deep_free(host); ldns_resolver_deep_free(res); unknown("Adding %s as NS fails.", domainname); } if (udp) { // Disable TCP ldns_resolver_set_usevc(res, 0); // Fetch SOA pkt = mp_ldns_resolver_query(res, domain, LDNS_RR_TYPE_SOA, LDNS_RR_CLASS_IN, 0); if (pkt == NULL || ldns_pkt_get_rcode(pkt) != LDNS_RCODE_NOERROR) { mp_strcat_comma(&out, "No UDP Answer"); } else if (ldns_pkt_aa(pkt) == 0) { mp_strcat_comma(&out, "Non Authoritative UDP Answer"); } if (mp_verbose > 2) { printf("[ SOA Answer ]----------\n"); ldns_pkt_print(stdout,pkt); } ldns_pkt_free(pkt); if (recursion) { // Fetch example.com SOA ldns_resolver_set_recursive(res, TRUE); pkt = mp_ldns_resolver_query(res, example, LDNS_RR_TYPE_SOA, LDNS_RR_CLASS_IN, LDNS_RD); ldns_resolver_set_recursive(res, FALSE); if (pkt && (ldns_pkt_get_rcode(pkt) != LDNS_RCODE_REFUSED && ldns_pkt_get_rcode(pkt) != LDNS_RCODE_SERVFAIL)) { mp_strcat_comma(&out, "Recursive UDP Answer"); } if (mp_verbose > 2) { printf("[ SOA Answer ]----------\n"); ldns_pkt_print(stdout,pkt); } ldns_pkt_free(pkt); } } if (tcp) { // Enable TCP ldns_resolver_set_usevc(res, 1); // Fetch SOA pkt = mp_ldns_resolver_query(res, domain, LDNS_RR_TYPE_SOA, LDNS_RR_CLASS_IN, 0); if (pkt == NULL || ldns_pkt_get_rcode(pkt) != LDNS_RCODE_NOERROR) { mp_strcat_comma(&out, "No TCP Answer"); } else if (ldns_pkt_aa(pkt) == 0) { mp_strcat_comma(&out, "Non Authoritative TCP Answer"); } if (mp_verbose > 2) { printf("[ SOA Answer ]----------\n"); ldns_pkt_print(stdout,pkt); } ldns_pkt_free(pkt); if (recursion) { // Fetch example.com SOA ldns_resolver_set_recursive(res, TRUE); pkt = mp_ldns_resolver_query(res, example, LDNS_RR_TYPE_SOA, LDNS_RR_CLASS_IN, LDNS_RD); ldns_resolver_set_recursive(res, FALSE); if (pkt && (ldns_pkt_get_rcode(pkt) != LDNS_RCODE_REFUSED && ldns_pkt_get_rcode(pkt) != LDNS_RCODE_SERVFAIL)) { mp_strcat_comma(&out, "Recursive TCP Answer"); } if (mp_verbose > 2) { printf("[ SOA Answer ]----------\n"); ldns_pkt_print(stdout,pkt); } ldns_pkt_free(pkt); } } if (axfr) { status = ldns_axfr_start(res, domain, LDNS_RR_CLASS_IN); if (status == LDNS_STATUS_OK) { rr = NULL; rr = ldns_axfr_next(res); if (rr) { mp_strcat_comma(&out, "AXFR allowed."); } } } if (out) critical("Authoritative DNS for %s: %s", domainname, out); ok("Authoritative DNS for %s", domainname); }
ldns_status do_chase(ldns_resolver *res, ldns_rdf *name, ldns_rr_type type, ldns_rr_class c, ldns_rr_list *trusted_keys, ldns_pkt *pkt_o, uint16_t qflags, ldns_rr_list *prev_key_list, int verbosity) { ldns_rr_list *rrset = NULL; ldns_status result; ldns_rr *orig_rr = NULL; /* ldns_rr_list *sigs; ldns_rr *cur_sig; uint16_t sig_i; ldns_rr_list *keys; */ ldns_pkt *pkt; ldns_status tree_result; ldns_dnssec_data_chain *chain; ldns_dnssec_trust_tree *tree; const ldns_rr_descriptor *descriptor; descriptor = ldns_rr_descript(type); ldns_dname2canonical(name); pkt = ldns_pkt_clone(pkt_o); if (!name) { ldns_pkt_free(pkt); return LDNS_STATUS_EMPTY_LABEL; } if (verbosity != -1) { printf(";; Chasing: "); ldns_rdf_print(stdout, name); if (descriptor && descriptor->_name) { printf(" %s\n", descriptor->_name); } else { printf(" type %d\n", type); } } if (!trusted_keys || ldns_rr_list_rr_count(trusted_keys) < 1) { } if (pkt) { rrset = ldns_pkt_rr_list_by_name_and_type(pkt, name, type, LDNS_SECTION_ANSWER ); if (!rrset) { /* nothing in answer, try authority */ rrset = ldns_pkt_rr_list_by_name_and_type(pkt, name, type, LDNS_SECTION_AUTHORITY ); } /* answer might be a cname, chase that first, then chase cname target? (TODO) */ if (!rrset) { rrset = ldns_pkt_rr_list_by_name_and_type(pkt, name, LDNS_RR_TYPE_CNAME, LDNS_SECTION_ANSWER ); if (!rrset) { /* nothing in answer, try authority */ rrset = ldns_pkt_rr_list_by_name_and_type(pkt, name, LDNS_RR_TYPE_CNAME, LDNS_SECTION_AUTHORITY ); } } } else { /* no packet? */ if (verbosity >= 0) { fprintf(stderr, "%s", ldns_get_errorstr_by_id(LDNS_STATUS_MEM_ERR)); fprintf(stderr, "\n"); } return LDNS_STATUS_MEM_ERR; } if (!rrset) { /* not found in original packet, try again */ ldns_pkt_free(pkt); pkt = NULL; pkt = ldns_resolver_query(res, name, type, c, qflags); if (!pkt) { if (verbosity >= 0) { fprintf(stderr, "%s", ldns_get_errorstr_by_id(LDNS_STATUS_NETWORK_ERR)); fprintf(stderr, "\n"); } return LDNS_STATUS_NETWORK_ERR; } if (verbosity >= 5) { ldns_pkt_print(stdout, pkt); } rrset = ldns_pkt_rr_list_by_name_and_type(pkt, name, type, LDNS_SECTION_ANSWER ); } orig_rr = ldns_rr_new(); /* if the answer had no answer section, we need to construct our own rr (for instance if * the rr qe asked for doesn't exist. This rr will be destroyed when the chain is freed */ if (ldns_pkt_ancount(pkt) < 1) { ldns_rr_set_type(orig_rr, type); ldns_rr_set_owner(orig_rr, ldns_rdf_clone(name)); chain = ldns_dnssec_build_data_chain(res, qflags, rrset, pkt, ldns_rr_clone(orig_rr)); } else { /* chase the first answer */ chain = ldns_dnssec_build_data_chain(res, qflags, rrset, pkt, NULL); } if (verbosity >= 4) { printf("\n\nDNSSEC Data Chain:\n"); ldns_dnssec_data_chain_print(stdout, chain); } result = LDNS_STATUS_OK; tree = ldns_dnssec_derive_trust_tree(chain, NULL); if (verbosity >= 2) { printf("\n\nDNSSEC Trust tree:\n"); ldns_dnssec_trust_tree_print(stdout, tree, 0, true); } if (ldns_rr_list_rr_count(trusted_keys) > 0) { tree_result = ldns_dnssec_trust_tree_contains_keys(tree, trusted_keys); if (tree_result == LDNS_STATUS_DNSSEC_EXISTENCE_DENIED) { if (verbosity >= 1) { printf("Existence denied or verifiably insecure\n"); } result = LDNS_STATUS_OK; } else if (tree_result != LDNS_STATUS_OK) { if (verbosity >= 1) { printf("No trusted keys found in tree: first error was: %s\n", ldns_get_errorstr_by_id(tree_result)); } result = tree_result; } } else { result = -1; if (verbosity >= 0) { printf("You have not provided any trusted keys.\n"); } } ldns_rr_free(orig_rr); ldns_dnssec_trust_tree_free(tree); ldns_dnssec_data_chain_deep_free(chain); ldns_rr_list_deep_free(rrset); ldns_pkt_free(pkt); /* ldns_rr_free(orig_rr);*/ return result; }
/* * Parses data buffer to a query, finds the correct answer * and calls the given function for every packet to send. */ void handle_query(uint8_t* inbuf, ssize_t inlen, struct entry* entries, int* count, enum transport_type transport, void (*sendfunc)(uint8_t*, size_t, void*), void* userdata, FILE* verbose_out) { ldns_status status; ldns_pkt *query_pkt = NULL; ldns_pkt *answer_pkt = NULL; struct reply_packet *p; ldns_rr *query_rr = NULL; uint8_t *outbuf = NULL; size_t answer_size = 0; struct entry* entry = NULL; ldns_rdf *stop_command = ldns_dname_new_frm_str("server.stop."); status = ldns_wire2pkt(&query_pkt, inbuf, (size_t)inlen); if (status != LDNS_STATUS_OK) { verbose(1, "Got bad packet: %s\n", ldns_get_errorstr_by_id(status)); ldns_rdf_free(stop_command); return; } query_rr = ldns_rr_list_rr(ldns_pkt_question(query_pkt), 0); verbose(1, "query %d: id %d: %s %d bytes: ", ++(*count), (int)ldns_pkt_id(query_pkt), (transport==transport_tcp)?"TCP":"UDP", (int)inlen); if(verbose_out) ldns_rr_print(verbose_out, query_rr); if(verbose_out) ldns_pkt_print(verbose_out, query_pkt); if (ldns_rr_get_type(query_rr) == LDNS_RR_TYPE_TXT && ldns_rr_get_class(query_rr) == LDNS_RR_CLASS_CH && ldns_dname_compare(ldns_rr_owner(query_rr), stop_command) == 0) { exit(0); } /* fill up answer packet */ entry = find_match(entries, query_pkt, transport); if(!entry || !entry->reply_list) { verbose(1, "no answer packet for this query, no reply.\n"); ldns_pkt_free(query_pkt); ldns_rdf_free(stop_command); return; } for(p = entry->reply_list; p; p = p->next) { verbose(3, "Answer pkt:\n"); if (p->reply_from_hex) { /* try to parse the hex packet, if it can be * parsed, we can use adjust rules. if not, * send packet literally */ status = ldns_buffer2pkt_wire(&answer_pkt, p->reply_from_hex); if (status == LDNS_STATUS_OK) { adjust_packet(entry, answer_pkt, query_pkt); if(verbose_out) ldns_pkt_print(verbose_out, answer_pkt); status = ldns_pkt2wire(&outbuf, answer_pkt, &answer_size); verbose(2, "Answer packet size: %u bytes.\n", (unsigned int)answer_size); if (status != LDNS_STATUS_OK) { verbose(1, "Error creating answer: %s\n", ldns_get_errorstr_by_id(status)); ldns_pkt_free(query_pkt); ldns_rdf_free(stop_command); return; } ldns_pkt_free(answer_pkt); answer_pkt = NULL; } else { verbose(3, "Could not parse hex data (%s), sending hex data directly.\n", ldns_get_errorstr_by_id(status)); /* still try to adjust ID */ answer_size = ldns_buffer_capacity(p->reply_from_hex); outbuf = LDNS_XMALLOC(uint8_t, answer_size); memcpy(outbuf, ldns_buffer_export(p->reply_from_hex), answer_size); if(entry->copy_id) { ldns_write_uint16(outbuf, ldns_pkt_id(query_pkt)); } } } else { answer_pkt = ldns_pkt_clone(p->reply); adjust_packet(entry, answer_pkt, query_pkt); if(verbose_out) ldns_pkt_print(verbose_out, answer_pkt); status = ldns_pkt2wire(&outbuf, answer_pkt, &answer_size); verbose(1, "Answer packet size: %u bytes.\n", (unsigned int)answer_size); if (status != LDNS_STATUS_OK) { verbose(1, "Error creating answer: %s\n", ldns_get_errorstr_by_id(status)); ldns_pkt_free(query_pkt); ldns_rdf_free(stop_command); return; } ldns_pkt_free(answer_pkt); answer_pkt = NULL; } if(p->packet_sleep) { verbose(3, "sleeping for next packet %d secs\n", p->packet_sleep); #ifdef HAVE_SLEEP sleep(p->packet_sleep); #else Sleep(p->packet_sleep * 1000); #endif verbose(3, "wakeup for next packet " "(slept %d secs)\n", p->packet_sleep); } sendfunc(outbuf, answer_size, userdata); LDNS_FREE(outbuf); outbuf = NULL; answer_size = 0; } ldns_pkt_free(query_pkt); ldns_rdf_free(stop_command); }
char * compare_to_file(ldns_pkt *qp, ldns_pkt *pkt1, ldns_pkt *pkt2) { size_t iq, i1, i2, j, max_iq, max_i1, max_i2, max_j, k; char *pkt_str1 = ldns_pkt2str(pkt1); char *pkt_str2 = ldns_pkt2str(pkt2); char *pkt_query = ldns_pkt2str(qp); bool same = true; size_t match_count; char *match_words[MAX_MATCH_WORDS]; size_t match_word_count; bool done; size_t cur_file_nr; char *description; char *query_match; char *answer_match; max_iq = strlen(pkt_query); max_i1 = strlen(pkt_str1); max_i2 = strlen(pkt_str2); if (verbosity > 3) { printf("PACKET 1:\n"); ldns_pkt_print(stdout, pkt1); printf("\n\n\nPACKET 2:\n"); ldns_pkt_print(stdout, pkt2); printf("\n\n\n"); } for (cur_file_nr = 0; cur_file_nr < match_file_count; cur_file_nr++) { same = true; description = match_files[cur_file_nr].description; query_match = match_files[cur_file_nr].query_match; answer_match = match_files[cur_file_nr].answer_match; if (verbosity > 2) { printf("Trying: %s\n", description);\ } if (verbosity > 3) { printf("MATCH TO:\n"); printf("descr: %s\n", description); printf("QUERY:\n%s\n", query_match); printf("ANSWER:\n%s\n", answer_match); } /* first, try query match */ /* special case for unparseable queries */ if (!qp) { if (strncmp(query_match, "BADPACKET\n", 11) == 0 || strncmp(query_match, "*\n", 3) == 0 ) { same = true; } else { same = false; } goto querymatch; } max_j = strlen(query_match); iq = 0; j = 0; while (same && iq < max_iq && j < max_j) { if (pkt_query[iq] == ' ' || pkt_query[iq] == '\t' || pkt_query[iq] == '\n') { iq++; } else if (query_match[j] == ' ' || query_match[j] == '\t' || query_match[j] == '\n') { j++; } else if (pkt_query[iq] == query_match[j]) { iq++; j++; } else if (query_match[j] == '*') { j++; match_count = 1; while (query_match[j] == '*') { match_count++; if (j + 1 < max_j) { j++; } else { goto querymatch; } } while (query_match[j] == ' ' || query_match[j] == '\n' || query_match[j] == '\t') { if (j + 1 < max_j) { j++; } else { goto querymatch; } } while (strncmp(&pkt_query[iq], &query_match[j], match_count) != 0) { if (iq < max_iq) { iq++; } else { if (verbosity > 1) { printf("End of query packet reached while doing a * check\n"); } same = false; goto querymatch; } } } else if (query_match[j] == '[') { k = j + 1; done = false; match_word_count = 0; while (!done) { if (j < max_j) { j++; } else { fprintf(stderr, "Error: [ not closed\n"); exit(2); same = false; } if (query_match[j] == '|' || query_match[j] == ']') { if (match_word_count < MAX_MATCH_WORDS) { match_words[match_word_count] = strndup(&query_match[k], j - k); match_words[match_word_count][j-k] = 0; match_word_count++; k = j + 1; } else { fprintf(stderr, "Error, not more than %u match words (between [ and ]) allowed. Aborting\n", MAX_MATCH_WORDS); exit(3); } if (query_match[j] == ']') { done = true; } j++; } } while((pkt_query[iq] == ' ' || pkt_query[iq] == '\t' || pkt_query[iq] == '\n') && iq < max_iq) { if (iq < max_iq) { iq++; } else { if (verbosity > 1) { fprintf(stderr, "End query packet reached while looking for a match word ([])\n"); } same = false; goto match_word_done_iq; } } for (k = 0; k < match_word_count; k++) { if (strncmp(&pkt_query[iq], match_words[k], strlen(match_words[k])) == 0) { /* ok */ if (verbosity > 1) { printf("Found in 1, skipping\n"); } iq += strlen(match_words[k]); goto found_iq; } } found_iq: if (k == match_word_count) { if (verbosity > 1) { fprintf(stderr, "no match word found in query packet. Rest of packet:\n"); fprintf(stderr, "%s\n", &pkt_query[iq]); } same = false; } match_word_done_iq: for (k = 0; k < match_word_count; k++) { free(match_words[k]); } match_word_count = 0; } else if (query_match[j] == '?') { k = j + 1; while (query_match[j] != ' ' && query_match[j] != '\t' && query_match[j] != '\n' && j < max_j) { j++; } while((pkt_query[iq] == ' ' || pkt_query[iq] == '\t' || pkt_query[iq] == '\n') && iq < max_iq) { if (iq < max_iq) { iq++; } } if (iq + j - k < max_iq) { if (strncmp(&pkt_query[iq], &query_match[k], j - k) == 0) { iq += j - k; } } } else { if (verbosity > 1) { printf("Difference at iq: %u, j: %u, (%c != %c)\n", (unsigned int) iq, (unsigned int) j, pkt_query[iq], query_match[j]); } same = false; } } querymatch: if (same && verbosity > 0) { printf("query matches\n"); } /* ok the query matches, now look at both answers */ /* special case if one packet is null (ie. one server answers and one doesnt) */ if (same && (!pkt1 || !pkt2)) { if (strncmp(answer_match, "NOANSWER\n", 10) == 0 || strncmp(answer_match, "*\n", 3) == 0 ) { goto match; } else { same = false; if (verbosity > 4) { printf("no answer packet, no NOANSWER or * in spec.\n"); } } } max_j = strlen(answer_match); i1 = 0; i2 = 0; j = 0; while (same && i1 < max_i1 && i2 < max_i2 && j < max_j) { if (pkt_str1[i1] == ' ' || pkt_str1[i1] == '\t' || pkt_str1[i1] == '\n') { i1++; } else if (pkt_str2[i2] == ' ' || pkt_str2[i2] == '\t' || pkt_str2[i2] == '\n') { i2++; } else if (answer_match[j] == ' ' || answer_match[j] == '\t' || answer_match[j] == '\n') { j++; } else if (pkt_str1[i1] == pkt_str2[i2] && pkt_str2[i2] == answer_match[j]) { i1++; i2++; j++; } else if (answer_match[j] == '&') { j++; match_count = 1; while (answer_match[j] == '&') { match_count++; if (j + 1 < max_j) { j++; } else { /* TODO */ /* check sameness to end*/ if (verbosity >= 5) { printf("End of match reached in &\n"); } goto match; } } while (answer_match[j] == ' ' || answer_match[j] == '\t' || answer_match[j] == '\n') { if (j + 1 < max_j) { j++; } else { /* TODO */ /* check sameness to end*/ if (verbosity >= 5) { printf("End of match reached in & (2)\n"); } goto match; } } /* while (((answer_match[j] == '?' && !(strncmp(&pkt_str1[i1], &answer_match[j+1], match_count) != 0 || strncmp(&pkt_str2[i2], &answer_match[j+1], match_count) != 0)) || (strncmp(&pkt_str1[i1], &answer_match[j], match_count) != 0 && strncmp(&pkt_str2[i2], &answer_match[j], match_count) != 0)) && same */ while ((strncmp(&pkt_str1[i1], &answer_match[j], match_count) != 0 && strncmp(&pkt_str2[i2], &answer_match[j], match_count) != 0) && same ) { if (i1 < max_i1) { i1++; while ((pkt_str1[i1] == '\n' || pkt_str1[i1] == '\t' || pkt_str1[i1] == ' ' ) && i1 < max_i1) { i1++; } } else { if (verbosity > 1) { printf("End of pkt1 reached while doing an & check\n"); } same = false; } if (i2 < max_i2) { i2++; while ((pkt_str2[i2] == '\n' || pkt_str2[i2] == '\t' || pkt_str2[i2] == ' ' ) && i2 < max_i2) { i2++; } } else { if (verbosity > 1) { printf("End of pkt2 reached while doing an & check\n"); } same = false; } if (pkt_str1[i1] != pkt_str2[i2]) { if (verbosity > 1) { printf("Difference between the packets where they should be equal: %c != %c (%u, %u, & len: %u)\n", pkt_str1[i1], pkt_str2[i2], (unsigned int) i1, (unsigned int) i2, (unsigned int) match_count); } same = false; } } } else if (answer_match[j] == '*') { j++; match_count = 1; while (answer_match[j] == '*') { match_count++; if (j + 1 < max_j) { j++; } else { if (verbosity >= 5) { printf("End of match reached in *\n"); } goto match; } } while (answer_match[j] == ' ' || answer_match[j] == '\n' || answer_match[j] == '\t') { if (j + 1 < max_j) { j++; } else { if (verbosity >= 5) { printf("End of match reached in * (2)\n"); } goto match; } } while (strncmp(&pkt_str1[i1], &answer_match[j], match_count) != 0) { if (i1 < max_i1) { i1++; } else { if (verbosity > 1) { printf("End of pkt1 reached while doing a * check\n"); } same = false; goto match; } } while ((answer_match[j] == '?' && strncmp(&pkt_str2[i2], &answer_match[j + 1], match_count) != 0) || strncmp(&pkt_str2[i2], &answer_match[j], match_count) != 0) { if (i2 < max_i2) { i2++; } else { if (verbosity > 1) { printf("End of pkt2 reached while doing a * check\n"); } same = false; } } } else if (answer_match[j] == '[') { k = j + 1; done = false; match_word_count = 0; while (!done) { if (j < max_j) { j++; } else { fprintf(stderr, "Error: no match found for [\n"); exit(2); same = false; } if (answer_match[j] == '|' || answer_match[j] == ']') { if (match_word_count < MAX_MATCH_WORDS) { match_words[match_word_count] = strndup(&answer_match[k], j - k); match_words[match_word_count][j-k] = 0; match_word_count++; k = j + 1; } else { fprintf(stderr, "Error, not more than %u match words (between [ and ]) allowed. Aborting\n", MAX_MATCH_WORDS); exit(3); } if (answer_match[j] == ']') { done = true; } j++; } } while((pkt_str1[i1] == ' ' || pkt_str1[i1] == '\t' || pkt_str1[i1] == '\n') && i1 < max_i1) { if (i1 < max_i1) { i1++; } else { if (verbosity > 1) { fprintf(stderr, "End of pkt 1 reached while looking for a match word ([])\n"); } same = false; goto match_word_done; } } for (k = 0; k < match_word_count; k++) { if (strncmp(&pkt_str1[i1], match_words[k], strlen(match_words[k])) == 0) { /* ok */ if (verbosity > 1) { printf("Found %s in 1, skipping\n", match_words[k]); } i1 += strlen(match_words[k]); goto found1; } } found1: if (k >= match_word_count) { if (verbosity > 1) { fprintf(stderr, "no match word found in packet 1. Rest of packet:\n"); fprintf(stderr, "%s\n", &pkt_str1[i1]); } same = false; } while((pkt_str2[i2] == ' ' || pkt_str2[i2] == '\t' || pkt_str2[i2] == '\n') && i2 < max_i2) { if (i2 < max_i2) { i2++; } else { if (verbosity > 1) { fprintf(stderr, "End of pkt 2 reached while looking for a match word ([])\n"); } same = false; goto match_word_done; } } for (k = 0; k < match_word_count; k++) { if (strncmp(&pkt_str2[i2], match_words[k], strlen(match_words[k])) == 0) { /* ok */ if (verbosity > 1) { printf("Match word %s found in 2, skipping\n", match_words[k]); } i2 += strlen(match_words[k]); goto found2; } } found2: if (k >= match_word_count) { if (verbosity > 1) { fprintf(stdout, "no match word found in packet 2. Rest of packet:\n"); fprintf(stdout, "%s\n", &pkt_str2[i2]); } same = false; } match_word_done: for (k = 0; k < match_word_count; k++) { free(match_words[k]); } match_word_count = 0; } else if (answer_match[j] == '?' && answer_match[j+1] == '&' ) { j++; j++; k = j; while ((answer_match[j] != ' ' && answer_match[j] != '\t' && answer_match[j] != '\n' ) && j < max_j) { j++; } while((pkt_str1[i1] == ' ' || pkt_str1[i1] == '\t' || pkt_str1[i1] == '\n') && i1 < max_i1) { if (i1 < max_i1) { i1++; } } while((pkt_str2[i2] == ' ' || pkt_str2[i2] == '\t' || pkt_str2[i2] == '\n') && i2 < max_i2) { if (i2 < max_i2) { i2++; } } if (i1 + j - k < max_i1 && i2 + j - k < max_i2) { if (strncmp(&pkt_str1[i1], &answer_match[k], j - k) == 0 && strncmp(&pkt_str2[i2], &answer_match[k], j - k) == 0 ) { i1 += j - k; i2 += j - k; } } } else if (answer_match[j] == '?') { j++; k = j; while ((answer_match[j] != ' ' && answer_match[j] != '\t' && answer_match[j] != '\n' ) && j < max_j) { j++; } while((pkt_str1[i1] == ' ' || pkt_str1[i1] == '\t' || pkt_str1[i1] == '\n') && i1 < max_i1) { if (i1 < max_i1) { i1++; } } if (i1 + j - k < max_i1) { if (strncmp(&pkt_str1[i1], &answer_match[k], j - k) == 0) { i1 += j - k; } } while((pkt_str2[i2] == ' ' || pkt_str2[i2] == '\t' || pkt_str2[i2] == '\n') && i2 < max_i2) { if (i2 < max_i2) { i2++; } } if (i2 + j - k < max_i2) { if (strncmp(&pkt_str2[i2], &answer_match[k], j - k) == 0) { i2 += j - k; } } } else { if (verbosity > 1) { printf("Difference at i1: %u, i2: %u, j: %u (%c), (%c != %c)\n", (unsigned int) i1, (unsigned int) i2, (unsigned int) j, answer_match[j], pkt_str1[i1], pkt_str2[i2]); printf("rest of packet1:\n"); printf("%s\n\n\n", &pkt_str1[i1]); printf("rest of packet 2:\n"); printf("%s\n\n\n", &pkt_str2[i2]); printf("rest of match packet:\n"); printf("%s\n\n\n", &answer_match[j]); } same = false; } } if (same) { if (verbosity >= 5) { printf("Big while loop ended, we have match\n"); } goto match; } else { if (verbosity > 0) { printf("no match\n"); } if (verbosity > 0) { printf("REST OF MATCH: %s\n", &answer_match[j]); printf("REST OF PKT1: %s\n", &pkt_str1[i1]); printf("REST OF PKT2: %s\n", &pkt_str2[i2]); } } } LDNS_FREE(pkt_str1); LDNS_FREE(pkt_str2); LDNS_FREE(pkt_query); if (verbosity > 0) { printf("<<<<<<< NO MATCH >>>>>>>>\n"); printf("Query: %s\n", pkt_query); printf("Packet1:\n%s\n", pkt_str1); printf("Packet2:\n%s\n", pkt_str2); } return NULL; match: if (verbosity > 0) { printf("<<<<<<< MATCH!!! >>>>>>>>\n"); printf("Query: %s\n", pkt_query); printf("Packet1:\n%s\n", pkt_str1); printf("Packet2:\n%s\n", pkt_str2); printf("MATCHES BECAUSE: %s\n", description); printf("-------------------------\n\n\n"); } LDNS_FREE(pkt_str1); LDNS_FREE(pkt_str2); LDNS_FREE(pkt_query); return strdup(description); }
void compare(struct dns_info *d1, struct dns_info *d2) { ldns_pkt *p1, *p2, *pq; bool diff = false; char *pstr1, *pstr2; struct timeval now; char *compare_result; size_t file_nr; gettimeofday(&now, NULL); if (verbosity > 0) { printf("Id: %u\n", (unsigned int) d1->seq); } if (strcmp(d1->qdata, d2->qdata) != 0) { fprintf(stderr, "Query differs!\n"); fprintf(stdout, "q: %d:%d\n%s\n%s\n%s\n", (int)d1->seq, (int)d2->seq, d1->qdata, d1->qdata, d2->qdata); } else { if (strcmp(d1->adata, d2->adata) != 0) { if (advanced_match) { /* try to read the packet and sort the sections */ p1 = read_hex_pkt(d1->adata); p2 = read_hex_pkt(d2->adata); if (p1) { ldns_pkt_set_timestamp(p1, now); } if (p2) { ldns_pkt_set_timestamp(p2, now); } if (p1 && ldns_pkt_qdcount(p1) > 0) { ldns_rr_list2canonical(ldns_pkt_question(p1)); ldns_rr_list_sort(ldns_pkt_question(p1)); } if (p1 && ldns_pkt_ancount(p1) > 0) { ldns_rr_list2canonical(ldns_pkt_answer(p1)); ldns_rr_list_sort(ldns_pkt_answer(p1)); } if (p1 && ldns_pkt_nscount(p1) > 0) { ldns_rr_list2canonical(ldns_pkt_authority(p1)); ldns_rr_list_sort(ldns_pkt_authority(p1)); } if (p1 && ldns_pkt_arcount(p1) > 0) { ldns_rr_list2canonical(ldns_pkt_additional(p1)); ldns_rr_list_sort(ldns_pkt_additional(p1)); } if (p2 && ldns_pkt_qdcount(p2) > 0) { ldns_rr_list2canonical(ldns_pkt_question(p2)); ldns_rr_list_sort(ldns_pkt_question(p2)); } if (p2 && ldns_pkt_ancount(p2) > 0) { ldns_rr_list2canonical(ldns_pkt_answer(p2)); ldns_rr_list_sort(ldns_pkt_answer(p2)); } if (p2 && ldns_pkt_nscount(p2) > 0) { ldns_rr_list2canonical(ldns_pkt_authority(p2)); ldns_rr_list_sort(ldns_pkt_authority(p2)); } if (p2 && ldns_pkt_arcount(p2) > 0) { ldns_rr_list2canonical(ldns_pkt_additional(p2)); ldns_rr_list_sort(ldns_pkt_additional(p2)); } /* simply do string comparison first */ pstr1 = ldns_pkt2str(p1); pstr2 = ldns_pkt2str(p2); if ((!p1 && !p2) || strcmp(pstr1, pstr2) != 0) { /* okay strings still differ, get the query and do a match for the match files */ pq = read_hex_pkt(d1->qdata); compare_result = compare_to_file(pq, p1, p2); if (compare_result != NULL) { /*fprintf(stderr, compare_result);*/ if (compare_result[strlen(compare_result)-1] == '\n') { compare_result[strlen(compare_result)-1] = 0; } file_nr = add_known_difference(compare_result); if (store_known_differences) { fprintf(known_differences[file_nr].file, "q: %d:%d\n%s\n%s\n%s\n", (int)d1->seq, (int)d2->seq, d1->qdata, d1->adata, d2->adata); } free(compare_result); diff = false; } else { diff=false; printf("Error: Unknown difference in packet number %u:\n", (unsigned int) total_nr_of_packets); ldns_pkt_print(stdout, pq); printf("\n"); ldns_pkt_print(stdout, p1); printf("\n"); ldns_pkt_print(stdout, p2); printf("Quitting at packet %u\n", (unsigned int) d1->seq); exit(1); } ldns_pkt_free(pq); } else { sames++; } if (diff) { if (show_originals) { fprintf(stdout, "%d:%d\n%s\n%s\n%s\n", (int)d1->seq, (int)d2->seq, d1->qdata, d1->adata, d2->adata); } else { fprintf(stdout, "%d:%d\n", (int)d1->seq, (int)d2->seq); if (!dump_hex(stdout, p1)) { fprintf(stdout, "%s", d1->adata); } fprintf(stdout, "\n"); if (!dump_hex(stdout, p2)) { fprintf(stdout, "%s", d2->adata); } fprintf(stdout, "\n"); } } LDNS_FREE(pstr1); LDNS_FREE(pstr2); ldns_pkt_free(p1); ldns_pkt_free(p2); } else { fprintf(stdout, "%d:%d\n%s\n%s\n%s\n", (int)d1->seq, (int)d2->seq, d1->qdata, d1->adata, d2->adata); } } else { sames++; bytesames++; } } }
static ldns_rr_list * retrieve_dnskeys(ldns_resolver *local_res, ldns_rdf *name, ldns_rr_type t, ldns_rr_class c, ldns_rr_list *dns_root) { ldns_resolver *res; ldns_pkt *p; ldns_rr_list *new_nss_a; ldns_rr_list *new_nss_aaaa; ldns_rr_list *final_answer; ldns_rr_list *new_nss; ldns_rr_list *ns_addr; ldns_rr_list *ns_addr2; uint16_t loop_count; ldns_rdf *pop; ldns_status status; size_t i; size_t nss_i; ldns_rr_list *answer_list = NULL; ldns_rr_list *authority_list = NULL; size_t last_nameserver_count; ldns_rdf **last_nameservers; loop_count = 0; new_nss_a = NULL; new_nss_aaaa = NULL; new_nss = NULL; ns_addr = NULL; ns_addr2 = NULL; final_answer = NULL; p = ldns_pkt_new(); res = ldns_resolver_new(); if (!p || !res) { fprintf(stderr, "Memory allocation failed"); return NULL; } if (verbosity >= 2) { printf("Finding dnskey data for zone: "); ldns_rdf_print(stdout, name); printf("\n\n"); } /* transfer some properties of local_res to res, * because they were given on the commandline */ ldns_resolver_set_ip6(res, ldns_resolver_ip6(local_res)); ldns_resolver_set_port(res, ldns_resolver_port(local_res)); ldns_resolver_set_debug(res, ldns_resolver_debug(local_res)); ldns_resolver_set_dnssec(res, ldns_resolver_dnssec(local_res)); ldns_resolver_set_fail(res, ldns_resolver_fail(local_res)); ldns_resolver_set_usevc(res, ldns_resolver_usevc(local_res)); ldns_resolver_set_random(res, ldns_resolver_random(local_res)); ldns_resolver_set_recursive(res, false); /* setup the root nameserver in the new resolver */ status = ldns_resolver_push_nameserver_rr_list(res, dns_root); if (status != LDNS_STATUS_OK) { fprintf(stderr, "Error setting root nameservers in resolver: %s\n", ldns_get_errorstr_by_id(status)); return NULL; } ldns_pkt_free(p); status = ldns_resolver_send(&p, res, name, t, c, 0); if (status != LDNS_STATUS_OK) { fprintf(stderr, "Error querying root servers: %s\n", ldns_get_errorstr_by_id(status)); return NULL; } if (ldns_pkt_get_rcode(p) != LDNS_RCODE_NOERROR) { printf("Error in packet:\n"); ldns_pkt_print(stdout, p); return NULL; } if (verbosity >= 4) { ldns_pkt_print(stdout, p); printf("\n\n"); } /* from now on, use TCP */ ldns_resolver_set_usevc(res, true); while(status == LDNS_STATUS_OK && ldns_pkt_reply_type(p) == LDNS_PACKET_REFERRAL) { if (verbosity >= 3) { printf("This is a delegation!\n\n"); } if (address_family == 0 || address_family == 1) { new_nss_a = ldns_pkt_rr_list_by_type(p, LDNS_RR_TYPE_A, LDNS_SECTION_ADDITIONAL); } else { new_nss_a = ldns_rr_list_new(); } if (address_family == 0 || address_family == 2) { new_nss_aaaa = ldns_pkt_rr_list_by_type(p, LDNS_RR_TYPE_AAAA, LDNS_SECTION_ADDITIONAL); } else { new_nss_aaaa = ldns_rr_list_new(); } new_nss = ldns_pkt_rr_list_by_type(p, LDNS_RR_TYPE_NS, LDNS_SECTION_AUTHORITY); /* remove the old nameserver from the resolver */ while((pop = ldns_resolver_pop_nameserver(res))) { ldns_rdf_deep_free(pop); } /* also check for new_nss emptyness */ if (!new_nss_aaaa && !new_nss_a) { /* * no nameserver found!!! * try to resolve the names we do got */ if (verbosity >= 3) { printf("Did not get address record for nameserver, doing seperate query.\n"); } ns_addr = ldns_rr_list_new(); for(i = 0; (size_t) i < ldns_rr_list_rr_count(new_nss); i++) { /* get the name of the nameserver */ pop = ldns_rr_rdf(ldns_rr_list_rr(new_nss, i), 0); if (!pop) { break; } /* retrieve it's addresses */ ns_addr2 = ldns_get_rr_list_addr_by_name(local_res, pop, c, 0); if (!ldns_rr_list_cat(ns_addr, ns_addr2)) { fprintf(stderr, "Internal error adding nameserver address.\n"); exit(EXIT_FAILURE); } ldns_rr_list_free(ns_addr2); } if (ns_addr) { if (ldns_resolver_push_nameserver_rr_list(res, ns_addr) != LDNS_STATUS_OK) { fprintf(stderr, "Error adding new nameservers"); ldns_pkt_free(p); return NULL; } ldns_rr_list_deep_free(ns_addr); } else { ldns_rr_list_print(stdout, ns_addr); fprintf(stderr, "Could not find the nameserver ip addr; abort"); ldns_pkt_free(p); return NULL; } } /* normally, the first working ns is used, but we need all now, so do it one by one * if the answer is null, take it from the next resolver * if the answer is not, compare it to that of the next resolver * error if different, continue if the same * if answer list null and no resolvers left die. */ ldns_rr_list_deep_free(answer_list); ldns_rr_list_deep_free(authority_list); answer_list = NULL; authority_list = NULL; for (nss_i = 0; nss_i < ldns_rr_list_rr_count(new_nss_aaaa); nss_i++) { while((pop = ldns_resolver_pop_nameserver(res))) { ldns_rdf_deep_free(pop); } status = ldns_resolver_push_nameserver(res, ldns_rr_rdf(ldns_rr_list_rr(new_nss_aaaa, nss_i), 0)); if (status != LDNS_STATUS_OK) { fprintf(stderr, "Error adding nameserver to resolver: %s\n", ldns_get_errorstr_by_id(status)); } if (verbosity >= 1) { fprintf(stdout, "Querying nameserver: "); ldns_rdf_print(stdout, ldns_rr_owner(ldns_rr_list_rr(new_nss_aaaa, nss_i))); fprintf(stdout, " ("); ldns_rdf_print(stdout, ldns_rr_rdf(ldns_rr_list_rr(new_nss_aaaa, nss_i), 0)); fprintf(stdout, ")\n"); } status = ldns_resolver_push_nameserver(res, ldns_rr_rdf(ldns_rr_list_rr(new_nss_aaaa, nss_i), 0)); if (status != LDNS_STATUS_OK) { fprintf(stderr, "Error adding nameserver to resolver: %s\n", ldns_get_errorstr_by_id(status)); } ldns_pkt_free(p); status = ldns_resolver_send(&p, res, name, t, c, 0); if (status == LDNS_STATUS_OK && p) { if (ldns_pkt_get_rcode(p) != LDNS_RCODE_NOERROR) { printf("Error in packet:\n"); ldns_pkt_print(stdout, p); return NULL; } if (verbosity >= 4) { ldns_pkt_print(stdout, p); printf("\n\n"); } if (answer_list) { if (verbosity >= 2) { printf("Comparing answer list of answer to previous\n\n"); } ldns_rr_list_sort(ldns_pkt_answer(p)); ldns_rr_list_sort(answer_list); if (ldns_rr_list_compare(answer_list, ldns_pkt_answer(p)) != 0) { fprintf(stderr, "ERROR: different answer answer from nameserver\n"); fprintf(stderr, "\nI had (from previous servers):\n"); ldns_rr_list_print(stderr, answer_list); fprintf(stderr, "\nI received (from nameserver at "); ldns_rdf_print(stderr, ldns_resolver_nameservers(res)[0]); fprintf(stderr, "):\n"); ldns_rr_list_print(stderr, ldns_pkt_answer(p)); exit(EXIT_FAILURE); } } else { answer_list = ldns_rr_list_clone(ldns_pkt_answer(p)); ldns_rr_list_sort(answer_list); if (verbosity >= 2) { printf("First answer list for this set, nothing to compare with\n\n"); } } if (authority_list) { if (verbosity >= 2) { printf("Comparing authority list of answer to previous\n\n"); } ldns_rr_list_sort(ldns_pkt_authority(p)); ldns_rr_list_sort(authority_list); if (ldns_rr_list_compare(authority_list, ldns_pkt_authority(p)) != 0) { fprintf(stderr, "ERROR: different authority answer from nameserver\n"); fprintf(stderr, "\nI had (from previous servers):\n"); ldns_rr_list_print(stderr, authority_list); fprintf(stderr, "\nI received (from nameserver at "); ldns_rdf_print(stderr, ldns_resolver_nameservers(res)[0]); fprintf(stderr, "):\n"); ldns_rr_list_print(stderr, ldns_pkt_authority(p)); exit(EXIT_FAILURE); } } else { authority_list = ldns_rr_list_clone(ldns_pkt_authority(p)); ldns_rr_list_sort(authority_list); if (verbosity >= 2) { printf("First authority list for this set, nothing to compare with\n\n"); } if (verbosity >= 3) { printf("NS RRset:\n"); ldns_rr_list_print(stdout, authority_list); printf("\n"); } } } } ldns_rr_list_deep_free(answer_list); ldns_rr_list_deep_free(authority_list); answer_list = NULL; authority_list = NULL; for (nss_i = 0; nss_i < ldns_rr_list_rr_count(new_nss_a); nss_i++) { while((pop = ldns_resolver_pop_nameserver(res))) {ldns_rdf_deep_free(pop); } if (verbosity >= 1) { fprintf(stdout, "Querying nameserver: "); ldns_rdf_print(stdout, ldns_rr_owner(ldns_rr_list_rr(new_nss_a, nss_i))); fprintf(stdout, " ("); ldns_rdf_print(stdout, ldns_rr_rdf(ldns_rr_list_rr(new_nss_a, nss_i), 0)); fprintf(stdout, ")\n"); } status = ldns_resolver_push_nameserver(res, ldns_rr_rdf(ldns_rr_list_rr(new_nss_a, nss_i), 0)); if (status != LDNS_STATUS_OK) { fprintf(stderr, "Error adding nameserver to resolver: %s\n", ldns_get_errorstr_by_id(status)); } ldns_pkt_free(p); status = ldns_resolver_send(&p, res, name, t, c, 0); if (status == LDNS_STATUS_OK) { if (ldns_pkt_get_rcode(p) != LDNS_RCODE_NOERROR) { printf("Error in packet:\n"); ldns_pkt_print(stdout, p); return NULL; } if (verbosity >= 4) { ldns_pkt_print(stdout, p); printf("\n\n"); } if (answer_list) { if (verbosity >= 2) { printf("Comparing answer list of answer to previous\n\n"); } ldns_rr_list_sort(ldns_pkt_answer(p)); ldns_rr_list_sort(answer_list); if (ldns_rr_list_compare(answer_list, ldns_pkt_answer(p)) != 0) { fprintf(stderr, "ERROR: different answer answer from nameserver\n"); fprintf(stderr, "\nI had (from previous servers):\n"); ldns_rr_list_print(stderr, answer_list); fprintf(stderr, "\nI received (from nameserver at "); ldns_rdf_print(stderr, ldns_resolver_nameservers(res)[0]); fprintf(stderr, "):\n"); ldns_rr_list_print(stderr, ldns_pkt_answer(p)); exit(EXIT_FAILURE); } } else { if (verbosity >= 2) { printf("First answer list for this set, nothing to compare with\n\n"); } answer_list = ldns_rr_list_clone(ldns_pkt_answer(p)); ldns_rr_list_sort(answer_list); } if (authority_list) { if (verbosity >= 2) { printf("Comparing authority list of answer to previous\n\n"); } ldns_rr_list_sort(ldns_pkt_authority(p)); ldns_rr_list_sort(authority_list); if (ldns_rr_list_compare(authority_list, ldns_pkt_authority(p)) != 0) { fprintf(stderr, "ERROR: different authority answer from nameserver\n"); fprintf(stderr, "\nI had (from previous servers):\n"); ldns_rr_list_print(stderr, authority_list); fprintf(stderr, "\nI received (from nameserver at "); ldns_rdf_print(stderr, ldns_resolver_nameservers(res)[0]); fprintf(stderr, "):\n"); ldns_rr_list_print(stderr, ldns_pkt_authority(p)); exit(EXIT_FAILURE); } } else { if (verbosity >= 2) { printf("First authority list for this set, nothing to compare with\n\n"); } authority_list = ldns_rr_list_clone(ldns_pkt_authority(p)); ldns_rr_list_sort(authority_list); if (verbosity >= 3) { printf("NS RRset:\n"); ldns_rr_list_print(stdout, authority_list); printf("\n"); } } } } ldns_rr_list_deep_free(authority_list); authority_list = NULL; if (loop_count++ > 20) { /* unlikely that we are doing something usefull */ fprintf(stderr, "Looks like we are looping"); ldns_pkt_free(p); return NULL; } ldns_pkt_free(p); if (verbosity >= 3) { fprintf(stdout, "This level ok. Continuing to next.\n\n"); } status = ldns_resolver_send(&p, res, name, t, c, 0); if (status != LDNS_STATUS_OK) { fprintf(stderr, "Error querying root servers: %s\n", ldns_get_errorstr_by_id(status)); return NULL; } if (ldns_pkt_get_rcode(p) != LDNS_RCODE_NOERROR) { printf("Error in packet:\n"); ldns_pkt_print(stdout, p); return NULL; } if (verbosity >= 4) { ldns_pkt_print(stdout, p); printf("\n\n"); } ldns_rr_list_deep_free(new_nss_aaaa); ldns_rr_list_deep_free(new_nss_a); ldns_rr_list_deep_free(new_nss); new_nss_aaaa = NULL; new_nss_a = NULL; ns_addr = NULL; } ldns_rr_list_deep_free(answer_list); answer_list = NULL; /* clone the nameserver list, we are going to handle them one by one */ last_nameserver_count = 0; last_nameservers = LDNS_XMALLOC(ldns_rdf *, ldns_resolver_nameserver_count(res)); pop = NULL; while((pop = ldns_resolver_pop_nameserver(res))) { last_nameservers[last_nameserver_count] = pop; last_nameserver_count++; } for (nss_i = 0; nss_i < last_nameserver_count; nss_i++) { /* remove previous nameserver */ while((pop = ldns_resolver_pop_nameserver(res))) { ldns_rdf_deep_free(pop); } if (verbosity >= 1) { printf("Querying nameserver: "); ldns_rdf_print(stdout, last_nameservers[nss_i]); printf("\n"); } status = ldns_resolver_push_nameserver(res, last_nameservers[nss_i]); if (status != LDNS_STATUS_OK) { fprintf(stderr, "Error adding nameserver to resolver: %s\n", ldns_get_errorstr_by_id(status)); } ldns_pkt_free(p); status = ldns_resolver_send(&p, res, name, t, c, 0); if (!p) { fprintf(stderr, "no packet received\n"); return NULL; } if (status == LDNS_STATUS_RES_NO_NS) { fprintf(stderr, "Error: nameserver at "); ldns_rdf_print(stderr, last_nameservers[nss_i]); fprintf(stderr, " not responding. Unable to check RRset here, aborting.\n"); return NULL; } if (ldns_pkt_get_rcode(p) != LDNS_RCODE_NOERROR) { printf("Error in packet:\n"); ldns_pkt_print(stdout, p); return NULL; } if (answer_list) { if (verbosity >= 2) { printf("1Comparing answer rr list of answer to previous\n"); } ldns_rr_list_sort(ldns_pkt_answer(p)); ldns_rr_list_sort(answer_list); if (ldns_rr_list_compare(answer_list, ldns_pkt_answer(p)) != 0) { printf("ERROR: different answer section in response from nameserver\n"); fprintf(stderr, "\nI had:\n"); ldns_rr_list_print(stderr, answer_list); fprintf(stderr, "\nI received (from nameserver at "); ldns_rdf_print(stderr, ldns_resolver_nameservers(res)[0]); fprintf(stderr, "):\n"); ldns_rr_list_print(stderr, ldns_pkt_answer(p)); exit(EXIT_FAILURE); } } else { if (verbosity >= 2) { printf("First answer rr list for this set, nothing to compare with\n"); } answer_list = ldns_rr_list_clone(ldns_pkt_answer(p)); if (verbosity >= 3) { printf("DNSKEY RRset:\n"); ldns_rr_list_print(stdout, answer_list); } } } for (nss_i = 0; nss_i < last_nameserver_count; nss_i++) { ldns_rdf_deep_free(last_nameservers[nss_i]); } LDNS_FREE(last_nameservers); ldns_resolver_deep_free(res); ldns_pkt_free(p); return answer_list; }