int main(int argc, char **argv) { size_t i; if(argc != 1) { usage(stderr); return 0; } /* read in */ ldns_rr_list *list = ldns_rr_list_new(); ldns_rdf *qname = 0; read_in(list, &qname, stdin); /* check covers */ covertests(list, qname); for(i=0; i<ldns_rr_list_rr_count(list); ++i) { ldns_rr* rr = ldns_rr_list_rr(list, i); if(!ldns_dname_is_subdomain(qname, ldns_rr_owner(rr))) { covertests(list, ldns_rr_owner(rr)); } } ldns_rr_list_deep_free(list); return 0; }
/* this will probably be moved to a better place in the library itself */ ldns_rr_list * get_rrset(const ldns_zone *zone, const ldns_rdf *owner_name, const ldns_rr_type qtype, const ldns_rr_class qclass) { const char* result; switch(qtype) { case LDNS_RR_TYPE_A: result = rp_get_a_record(rp_handle, owner_name->_data); break; default: result = 0; } if(!result) { return 0; } uint16_t i; ldns_rr_list *rrlist = ldns_rr_list_new(); if (!zone || !owner_name) { fprintf(stderr, "Warning: get_rrset called with NULL zone or owner name\n"); return rrlist; } ldns_rr* rr = ldns_rr_new_frm_type(LDNS_RR_TYPE_A); ldns_rr_set_owner(rr, ldns_rdf_clone(owner_name)); ldns_rdf* rdf = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_A, result); ldns_rr_push_rdf(rr, rdf); ldns_rr_list_push_rr(rrlist, ldns_rr_clone(rr)); return rrlist; }
/** read list of rrs from the file */ static ldns_rr_list* read_rrs(FILE* in) { uint32_t my_ttl = 3600; ldns_rdf *my_origin = NULL; ldns_rdf *my_prev = NULL; ldns_status s; int line_nr = 1; int b; ldns_rr_list* list; ldns_rr *rr; list = ldns_rr_list_new(); if(!list) fatal_exit("alloc error"); while(!feof(in)) { s = ldns_rr_new_frm_fp_l(&rr, in, &my_ttl, &my_origin, &my_prev, &line_nr); if(s == LDNS_STATUS_SYNTAX_TTL || s == LDNS_STATUS_SYNTAX_ORIGIN || s == LDNS_STATUS_SYNTAX_EMPTY) continue; else if(s != LDNS_STATUS_OK) fatal_exit("parse error in line %d: %s", line_nr, ldns_get_errorstr_by_id(s)); b = ldns_rr_list_push_rr(list, rr); log_assert(b); } printf("read %d lines\n", line_nr); return list; }
void * sign (void *arg) { hsm_ctx_t *ctx = NULL; hsm_key_t *key = NULL; size_t i; unsigned int iterations = 0; ldns_rr_list *rrset; ldns_rr *rr, *sig, *dnskey_rr; ldns_status status; hsm_sign_params_t *sign_params; sign_arg_t *sign_arg = arg; ctx = sign_arg->ctx; key = sign_arg->key; iterations = sign_arg->iterations; fprintf(stderr, "Signer thread #%d started...\n", sign_arg->id); /* Prepare dummy RRset for signing */ rrset = ldns_rr_list_new(); status = ldns_rr_new_frm_str(&rr, "regress.opendnssec.se. IN A 123.123.123.123", 0, NULL, NULL); if (status == LDNS_STATUS_OK) ldns_rr_list_push_rr(rrset, rr); status = ldns_rr_new_frm_str(&rr, "regress.opendnssec.se. IN A 124.124.124.124", 0, NULL, NULL); if (status == LDNS_STATUS_OK) ldns_rr_list_push_rr(rrset, rr); sign_params = hsm_sign_params_new(); sign_params->algorithm = algorithm; sign_params->owner = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_DNAME, "opendnssec.se."); dnskey_rr = hsm_get_dnskey(ctx, key, sign_params); sign_params->keytag = ldns_calc_keytag(dnskey_rr); /* Do some signing */ for (i=0; i<iterations; i++) { sig = hsm_sign_rrset(ctx, rrset, key, sign_params); if (! sig) { fprintf(stderr, "hsm_sign_rrset() returned error: %s in %s\n", ctx->error_message, ctx->error_action ); break; } ldns_rr_free(sig); } /* Clean up */ ldns_rr_list_deep_free(rrset); hsm_sign_params_free(sign_params); ldns_rr_free(dnskey_rr); hsm_destroy_context(ctx); fprintf(stderr, "Signer thread #%d done.\n", sign_arg->id); pthread_exit(NULL); }
struct zversion_t* zversion_read(struct zone_entry_t* entry, uint32_t serial) { const char* fn = zinfo_ixfr_name(entry, serial); struct zversion_t* v; FILE* in = fopen(fn, "ra"); ldns_status status; ldns_rr* rr = 0; uint32_t dttl = 3600; ldns_rdf* origin = 0, *prev = 0; int line_nr = 1; if(!in) { perror(fn); return NULL; } v = (struct zversion_t*)calloc(1, sizeof(*v)); if(!v) { fclose(in); printf("out of memory\n"); return NULL; } v->serial = serial; v->ixfr = ldns_rr_list_new(); while(!feof(in)) { status = ldns_rr_new_frm_fp_l(&rr, in, &dttl, &origin, &prev, &line_nr); if(status == LDNS_STATUS_SYNTAX_TTL || status == LDNS_STATUS_SYNTAX_ORIGIN || status == LDNS_STATUS_SYNTAX_EMPTY) continue; if(status != LDNS_STATUS_OK) { printf("error %s:%d: %s\n", fn, line_nr, ldns_get_errorstr_by_id(status)); fclose(in); ldns_rdf_deep_free(origin); ldns_rdf_deep_free(prev); ldns_rr_list_deep_free(v->ixfr); free(v); return NULL; } ldns_rr_list_push_rr(v->ixfr, rr); } ldns_rdf_deep_free(origin); ldns_rdf_deep_free(prev); fclose(in); if(ldns_rr_list_rr_count(v->ixfr) < 1 || ldns_rr_get_type(ldns_rr_list_rr(v->ixfr, 0)) != LDNS_RR_TYPE_SOA) { printf("invalid IXFR format in %s\n", fn); ldns_rr_list_deep_free(v->ixfr); free(v); return NULL; } v->next_serial = ldns_rdf2native_int32(ldns_rr_rdf( ldns_rr_list_rr(v->ixfr, 0), 2)); return v; }
/* * generic function to get some RRset from a nameserver * and possible some signatures too (that would be the day...) */ ldns_pkt_type get_dnssec_rr(ldns_pkt *p, ldns_rdf *name, ldns_rr_type t, ldns_rr_list **rrlist, ldns_rr_list **sig) { ldns_pkt_type pt = LDNS_PACKET_UNKNOWN; ldns_rr_list *rr = NULL; ldns_rr_list *sigs = NULL; size_t i; if (!p) { if (rrlist) { *rrlist = NULL; } return LDNS_PACKET_UNKNOWN; } pt = ldns_pkt_reply_type(p); if (name) { rr = ldns_pkt_rr_list_by_name_and_type(p, name, t, LDNS_SECTION_ANSWER); if (!rr) { rr = ldns_pkt_rr_list_by_name_and_type(p, name, t, LDNS_SECTION_AUTHORITY); } sigs = ldns_pkt_rr_list_by_name_and_type(p, name, LDNS_RR_TYPE_RRSIG, LDNS_SECTION_ANSWER); if (!sigs) { sigs = ldns_pkt_rr_list_by_name_and_type(p, name, LDNS_RR_TYPE_RRSIG, LDNS_SECTION_AUTHORITY); } } else { /* A DS-referral - get the DS records if they are there */ rr = ldns_pkt_rr_list_by_type(p, t, LDNS_SECTION_AUTHORITY); sigs = ldns_pkt_rr_list_by_type(p, LDNS_RR_TYPE_RRSIG, LDNS_SECTION_AUTHORITY); } if (sig) { *sig = ldns_rr_list_new(); for (i = 0; i < ldns_rr_list_rr_count(sigs); i++) { /* only add the sigs that cover this type */ if (ldns_rdf2rr_type(ldns_rr_rrsig_typecovered(ldns_rr_list_rr(sigs, i))) == t) { ldns_rr_list_push_rr(*sig, ldns_rr_clone(ldns_rr_list_rr(sigs, i))); } } } ldns_rr_list_deep_free(sigs); if (rrlist) { *rrlist = rr; } if (pt == LDNS_PACKET_NXDOMAIN || pt == LDNS_PACKET_NODATA) { return pt; } else { return LDNS_PACKET_ANSWER; } }
static int udp_bind(int sock, int port, const char *my_address) { struct sockaddr_in addr; in_addr_t maddr = INADDR_ANY; if (my_address) { #ifdef AF_INET6 if (inet_pton(AF_INET6, my_address, &maddr) < 1) { #else if (0) { #endif if (inet_pton(AF_INET, my_address, &maddr) < 1) { return -2; } } } #ifndef S_SPLINT_S addr.sin_family = AF_INET; #endif addr.sin_port = (in_port_t) htons((uint16_t)port); addr.sin_addr.s_addr = maddr; return bind(sock, (struct sockaddr *)&addr, (socklen_t) sizeof(addr)); } /* this will probably be moved to a better place in the library itself */ ldns_rr_list * get_rrset(const ldns_zone *zone, const ldns_rdf *owner_name, const ldns_rr_type qtype, const ldns_rr_class qclass) { uint16_t i; ldns_rr_list *rrlist = ldns_rr_list_new(); ldns_rr *cur_rr; if (!zone || !owner_name) { fprintf(stderr, "Warning: get_rrset called with NULL zone or owner name\n"); return rrlist; } for (i = 0; i < ldns_zone_rr_count(zone); i++) { cur_rr = ldns_rr_list_rr(ldns_zone_rrs(zone), i); if (ldns_dname_compare(ldns_rr_owner(cur_rr), owner_name) == 0 && ldns_rr_get_class(cur_rr) == qclass && ldns_rr_get_type(cur_rr) == qtype ) { ldns_rr_list_push_rr(rrlist, ldns_rr_clone(cur_rr)); } } printf("Found rrset of %u rrs\n", (unsigned int) ldns_rr_list_rr_count(rrlist)); return rrlist; }
ldns_zone * ldns_zone_new(void) { ldns_zone *z; z = LDNS_MALLOC(ldns_zone); if (!z) { return NULL; } z->_rrs = ldns_rr_list_new(); ldns_zone_set_soa(z, NULL); return z; }
/* put a hardcoded list in the root and * init the root rrlist structure */ void init_root(void) { ldns_rr *r; global_dns_root = ldns_rr_list_new(); (void)ldns_rr_new_frm_str(&r, "A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4", 0, NULL, NULL); ldns_rr_list_push_rr(global_dns_root, r); (void)ldns_rr_new_frm_str(&r, "A.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:BA3E::2:30", 0, NULL, NULL); ldns_rr_list_push_rr(global_dns_root, r); (void)ldns_rr_new_frm_str(&r, "B.ROOT-SERVERS.NET. 3600000 A 192.228.79.201", 0, NULL, NULL); ldns_rr_list_push_rr(global_dns_root, r); (void)ldns_rr_new_frm_str(&r, "C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12", 0, NULL, NULL); ldns_rr_list_push_rr(global_dns_root, r); (void)ldns_rr_new_frm_str(&r, "D.ROOT-SERVERS.NET. 3600000 A 128.8.10.90", 0, NULL, NULL); ldns_rr_list_push_rr(global_dns_root, r); (void)ldns_rr_new_frm_str(&r, "E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10", 0, NULL, NULL); ldns_rr_list_push_rr(global_dns_root, r); (void)ldns_rr_new_frm_str(&r, "F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241", 0, NULL, NULL); ldns_rr_list_push_rr(global_dns_root, r); (void)ldns_rr_new_frm_str(&r, "F.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2F::F", 0, NULL, NULL); ldns_rr_list_push_rr(global_dns_root, r); (void)ldns_rr_new_frm_str(&r, "G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4", 0, NULL, NULL); ldns_rr_list_push_rr(global_dns_root, r); (void)ldns_rr_new_frm_str(&r, "H.ROOT-SERVERS.NET. 3600000 A 128.63.2.53", 0, NULL, NULL); ldns_rr_list_push_rr(global_dns_root, r); (void)ldns_rr_new_frm_str(&r, "H.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:1::803F:235", 0, NULL, NULL); ldns_rr_list_push_rr(global_dns_root, r); (void)ldns_rr_new_frm_str(&r, "I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17", 0, NULL, NULL); ldns_rr_list_push_rr(global_dns_root, r); (void)ldns_rr_new_frm_str(&r, "J.ROOT-SERVERS.NET. 3600000 A 192.58.128.30", 0, NULL, NULL); ldns_rr_list_push_rr(global_dns_root, r); (void)ldns_rr_new_frm_str(&r, "J.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:C27::2:30", 0, NULL, NULL); ldns_rr_list_push_rr(global_dns_root, r); (void)ldns_rr_new_frm_str(&r, "K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129 ", 0, NULL, NULL); ldns_rr_list_push_rr(global_dns_root, r); (void)ldns_rr_new_frm_str(&r, "K.ROOT-SERVERS.NET. 3600000 AAAA 2001:7FD::1", 0, NULL, NULL); ldns_rr_list_push_rr(global_dns_root, r); (void)ldns_rr_new_frm_str(&r, "L.ROOT-SERVERS.NET. 3600000 A 199.7.83.42", 0, NULL, NULL); ldns_rr_list_push_rr(global_dns_root, r); (void)ldns_rr_new_frm_str(&r, "L.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:3::42 ", 0, NULL, NULL); ldns_rr_list_push_rr(global_dns_root, r); (void)ldns_rr_new_frm_str(&r, "M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33", 0, NULL, NULL); ldns_rr_list_push_rr(global_dns_root, r); (void)ldns_rr_new_frm_str(&r, "M.ROOT-SERVERS.NET. 3600000 AAAA 2001:DC3::35", 0, NULL, NULL); ldns_rr_list_push_rr(global_dns_root, r); }
ldns_status ldns_resolver_push_dnssec_anchor(ldns_resolver *r, ldns_rr *rr) { ldns_rr_list * trust_anchors; if ((!rr) || (ldns_rr_get_type(rr) != LDNS_RR_TYPE_DNSKEY)) { return LDNS_STATUS_ERR; } if (!(trust_anchors = ldns_resolver_dnssec_anchors(r))) { /* Initialize */ trust_anchors = ldns_rr_list_new(); ldns_resolver_set_dnssec_anchors(r, trust_anchors); } return (ldns_rr_list_push_rr(trust_anchors, ldns_rr_clone(rr))) ? LDNS_STATUS_OK : LDNS_STATUS_ERR; }
ldns_zone * ldns_zone_sign_nsec3(ldns_zone *zone, ldns_key_list *key_list, uint8_t algorithm, uint8_t flags, uint16_t iterations, uint8_t salt_length, uint8_t *salt) { ldns_dnssec_zone *dnssec_zone; ldns_zone *signed_zone; ldns_rr_list *new_rrs; size_t i; signed_zone = ldns_zone_new(); dnssec_zone = ldns_dnssec_zone_new(); (void) ldns_dnssec_zone_add_rr(dnssec_zone, ldns_zone_soa(zone)); ldns_zone_set_soa(signed_zone, ldns_zone_soa(zone)); for (i = 0; i < ldns_rr_list_rr_count(ldns_zone_rrs(zone)); i++) { (void) ldns_dnssec_zone_add_rr(dnssec_zone, ldns_rr_list_rr(ldns_zone_rrs(zone), i)); ldns_zone_push_rr(signed_zone, ldns_rr_clone(ldns_rr_list_rr(ldns_zone_rrs(zone), i))); } new_rrs = ldns_rr_list_new(); (void) ldns_dnssec_zone_sign_nsec3(dnssec_zone, new_rrs, key_list, ldns_dnssec_default_replace_signatures, NULL, algorithm, flags, iterations, salt_length, salt); for (i = 0; i < ldns_rr_list_rr_count(new_rrs); i++) { ldns_rr_list_push_rr(ldns_zone_rrs(signed_zone), ldns_rr_clone(ldns_rr_list_rr(new_rrs, i))); } ldns_rr_list_deep_free(new_rrs); ldns_dnssec_zone_free(dnssec_zone); return signed_zone; }
ldns_zone * ldns_zone_sign(const ldns_zone *zone, ldns_key_list *key_list) { ldns_dnssec_zone *dnssec_zone; ldns_zone *signed_zone; ldns_rr_list *new_rrs; size_t i; signed_zone = ldns_zone_new(); dnssec_zone = ldns_dnssec_zone_new(); (void) ldns_dnssec_zone_add_rr(dnssec_zone, ldns_zone_soa(zone)); ldns_zone_set_soa(signed_zone, ldns_zone_soa(zone)); for (i = 0; i < ldns_rr_list_rr_count(ldns_zone_rrs(zone)); i++) { (void) ldns_dnssec_zone_add_rr(dnssec_zone, ldns_rr_list_rr(ldns_zone_rrs(zone), i)); ldns_zone_push_rr(signed_zone, ldns_rr_clone(ldns_rr_list_rr(ldns_zone_rrs(zone), i))); } new_rrs = ldns_rr_list_new(); (void) ldns_dnssec_zone_sign(dnssec_zone, new_rrs, key_list, ldns_dnssec_default_replace_signatures, NULL); for (i = 0; i < ldns_rr_list_rr_count(new_rrs); i++) { ldns_rr_list_push_rr(ldns_zone_rrs(signed_zone), ldns_rr_clone(ldns_rr_list_rr(new_rrs, i))); } ldns_rr_list_deep_free(new_rrs); ldns_dnssec_zone_free(dnssec_zone); return signed_zone; }
/* * Read a hints file as root * * The file with the given path should contain a list of NS RRs * for the root zone and A records for those NS RRs. * Read them, check them, and append the a records to the rr list given. */ ldns_rr_list * read_root_hints(const char *filename) { FILE *fp = NULL; int line_nr = 0; ldns_zone *z; ldns_status status; ldns_rr_list *addresses = NULL; ldns_rr *rr; size_t i; fp = fopen(filename, "r"); if (!fp) { fprintf(stderr, "Unable to open %s for reading: %s\n", filename, strerror(errno)); return NULL; } status = ldns_zone_new_frm_fp_l(&z, fp, NULL, 0, 0, &line_nr); fclose(fp); if (status != LDNS_STATUS_OK) { fprintf(stderr, "Error reading root hints file: %s\n", ldns_get_errorstr_by_id(status)); return NULL; } else { addresses = ldns_rr_list_new(); for (i = 0; i < ldns_rr_list_rr_count(ldns_zone_rrs(z)); i++) { rr = ldns_rr_list_rr(ldns_zone_rrs(z), i); /*if ((address_family == 0 || address_family == 1) && */ if ( ldns_rr_get_type(rr) == LDNS_RR_TYPE_A ) { ldns_rr_list_push_rr(addresses, ldns_rr_clone(rr)); } /*if ((address_family == 0 || address_family == 2) &&*/ if ( ldns_rr_get_type(rr) == LDNS_RR_TYPE_AAAA) { ldns_rr_list_push_rr(addresses, ldns_rr_clone(rr)); } } ldns_zone_deep_free(z); return addresses; } }
static int hsm_test_sign (hsm_ctx_t *ctx, hsm_key_t *key, ldns_algorithm alg) { int result; ldns_rr_list *rrset; ldns_rr *rr, *sig, *dnskey_rr; ldns_status status; hsm_sign_params_t *sign_params; rrset = ldns_rr_list_new(); status = ldns_rr_new_frm_str(&rr, "example.com. IN A 192.168.0.1", 0, NULL, NULL); if (status == LDNS_STATUS_OK) ldns_rr_list_push_rr(rrset, rr); status = ldns_rr_new_frm_str(&rr, "example.com. IN A 192.168.0.2", 0, NULL, NULL); if (status == LDNS_STATUS_OK) ldns_rr_list_push_rr(rrset, rr); sign_params = hsm_sign_params_new(); sign_params->algorithm = alg; sign_params->owner = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_DNAME, "example.com."); dnskey_rr = hsm_get_dnskey(ctx, key, sign_params); sign_params->keytag = ldns_calc_keytag(dnskey_rr); sig = hsm_sign_rrset(ctx, rrset, key, sign_params); if (sig) { result = 0; ldns_rr_free(sig); } else { result = 1; } ldns_rr_list_deep_free(rrset); hsm_sign_params_free(sign_params); ldns_rr_free(dnskey_rr); return result; }
int main(int argc, char **argv) { /* arguments */ int port; const char *zone_file; /* network */ int sock; ssize_t nb; struct sockaddr addr_me; struct sockaddr addr_him; socklen_t hislen = (socklen_t) sizeof(addr_him); uint8_t inbuf[INBUF_SIZE]; uint8_t *outbuf; /* dns */ ldns_status status; ldns_pkt *query_pkt; ldns_pkt *answer_pkt; size_t answer_size; ldns_rr *query_rr; ldns_rr_list *answer_qr; ldns_rr_list *answer_an; ldns_rr_list *answer_ns; ldns_rr_list *answer_ad; ldns_rdf *origin = NULL; /* zone */ ldns_zone *zone; int line_nr; FILE *zone_fp; /* use this to listen on specified interfaces later? */ char *my_address = NULL; if (argc < 5) { usage(stderr); exit(EXIT_FAILURE); } else { my_address = argv[1]; port = atoi(argv[2]); if (port < 1) { usage(stderr); exit(EXIT_FAILURE); } if (ldns_str2rdf_dname(&origin, argv[3]) != LDNS_STATUS_OK) { fprintf(stderr, "Bad origin, not a correct domain name\n"); usage(stderr); exit(EXIT_FAILURE); } zone_file = argv[4]; } printf("Reading zone file %s\n", zone_file); zone_fp = fopen(zone_file, "r"); if (!zone_fp) { fprintf(stderr, "Unable to open %s: %s\n", zone_file, strerror(errno)); exit(EXIT_FAILURE); } line_nr = 0; status = ldns_zone_new_frm_fp_l(&zone, zone_fp, origin, 0, LDNS_RR_CLASS_IN, &line_nr); if (status != LDNS_STATUS_OK) { printf("Zone reader failed, aborting\n"); exit(EXIT_FAILURE); } else { printf("Read %u resource records in zone file\n", (unsigned int) ldns_zone_rr_count(zone)); } fclose(zone_fp); printf("Listening on port %d\n", port); sock = socket(AF_INET, SOCK_DGRAM, 0); if (sock < 0) { fprintf(stderr, "%s: socket(): %s\n", argv[0], strerror(errno)); exit(1); } memset(&addr_me, 0, sizeof(addr_me)); /* bind: try all ports in that range */ if (udp_bind(sock, port, my_address)) { fprintf(stderr, "%s: cannot bind(): %s\n", argv[0], strerror(errno)); exit(errno); } /* Done. Now receive */ while (1) { nb = recvfrom(sock, (void*)inbuf, INBUF_SIZE, 0, &addr_him, &hislen); if (nb < 1) { fprintf(stderr, "%s: recvfrom(): %s\n", argv[0], strerror(errno)); exit(1); } /* show(inbuf, nb, nn, hp, sp, ip, bp); */ printf("Got query of %u bytes\n", (unsigned int) nb); status = ldns_wire2pkt(&query_pkt, inbuf, (size_t) nb); if (status != LDNS_STATUS_OK) { printf("Got bad packet: %s\n", ldns_get_errorstr_by_id(status)); } else { ldns_pkt_print(stdout, query_pkt); } query_rr = ldns_rr_list_rr(ldns_pkt_question(query_pkt), 0); printf("QUERY RR: \n"); ldns_rr_print(stdout, query_rr); answer_qr = ldns_rr_list_new(); ldns_rr_list_push_rr(answer_qr, ldns_rr_clone(query_rr)); answer_an = get_rrset(zone, ldns_rr_owner(query_rr), ldns_rr_get_type(query_rr), ldns_rr_get_class(query_rr)); answer_pkt = ldns_pkt_new(); answer_ns = ldns_rr_list_new(); answer_ad = ldns_rr_list_new(); ldns_pkt_set_qr(answer_pkt, 1); ldns_pkt_set_aa(answer_pkt, 1); ldns_pkt_set_id(answer_pkt, ldns_pkt_id(query_pkt)); ldns_pkt_push_rr_list(answer_pkt, LDNS_SECTION_QUESTION, answer_qr); ldns_pkt_push_rr_list(answer_pkt, LDNS_SECTION_ANSWER, answer_an); ldns_pkt_push_rr_list(answer_pkt, LDNS_SECTION_AUTHORITY, answer_ns); ldns_pkt_push_rr_list(answer_pkt, LDNS_SECTION_ADDITIONAL, answer_ad); status = ldns_pkt2wire(&outbuf, answer_pkt, &answer_size); printf("Answer packet size: %u bytes.\n", (unsigned int) answer_size); if (status != LDNS_STATUS_OK) { printf("Error creating answer: %s\n", ldns_get_errorstr_by_id(status)); } else { nb = sendto(sock, (void*)outbuf, answer_size, 0, &addr_him, hislen); } ldns_pkt_free(query_pkt); ldns_pkt_free(answer_pkt); LDNS_FREE(outbuf); ldns_rr_list_free(answer_qr); ldns_rr_list_free(answer_an); ldns_rr_list_free(answer_ns); ldns_rr_list_free(answer_ad); } /* No cleanup because of the infinite loop * * ldns_rdf_deep_free(origin); * ldns_zone_deep_free(zone); * return 0; */ }
int getrrsetbyname(const char *hostname, unsigned int rdclass, unsigned int rdtype, unsigned int flags, struct rrsetinfo **res) { int result; unsigned int i, j, index_ans, index_sig; struct rrsetinfo *rrset = NULL; struct rdatainfo *rdata; size_t len; ldns_resolver *ldns_res; ldns_rdf *domain = NULL; ldns_pkt *pkt = NULL; ldns_rr_list *rrsigs = NULL, *rrdata = NULL; ldns_status err; ldns_rr *rr; /* check for invalid class and type */ if (rdclass > 0xffff || rdtype > 0xffff) { result = ERRSET_INVAL; goto fail; } /* don't allow queries of class or type ANY */ if (rdclass == 0xff || rdtype == 0xff) { result = ERRSET_INVAL; goto fail; } /* don't allow flags yet, unimplemented */ if (flags) { result = ERRSET_INVAL; goto fail; } /* Initialize resolver from resolv.conf */ domain = ldns_dname_new_frm_str(hostname); if ((err = ldns_resolver_new_frm_file(&ldns_res, NULL)) != \ LDNS_STATUS_OK) { result = ERRSET_FAIL; goto fail; } #ifdef LDNS_DEBUG ldns_resolver_set_debug(ldns_res, true); #endif /* LDNS_DEBUG */ ldns_resolver_set_dnssec(ldns_res, true); /* Use DNSSEC */ /* make query */ pkt = ldns_resolver_query(ldns_res, domain, rdtype, rdclass, LDNS_RD); /*** TODO: finer errcodes -- see original **/ if (!pkt || ldns_pkt_ancount(pkt) < 1) { result = ERRSET_FAIL; goto fail; } /* initialize rrset */ rrset = calloc(1, sizeof(struct rrsetinfo)); if (rrset == NULL) { result = ERRSET_NOMEMORY; goto fail; } rrdata = ldns_pkt_rr_list_by_type(pkt, rdtype, LDNS_SECTION_ANSWER); rrset->rri_nrdatas = ldns_rr_list_rr_count(rrdata); if (!rrset->rri_nrdatas) { result = ERRSET_NODATA; goto fail; } /* copy name from answer section */ len = ldns_rdf_size(ldns_rr_owner(ldns_rr_list_rr(rrdata, 0))); if ((rrset->rri_name = malloc(len)) == NULL) { result = ERRSET_NOMEMORY; goto fail; } memcpy(rrset->rri_name, ldns_rdf_data(ldns_rr_owner(ldns_rr_list_rr(rrdata, 0))), len); rrset->rri_rdclass = ldns_rr_get_class(ldns_rr_list_rr(rrdata, 0)); rrset->rri_rdtype = ldns_rr_get_type(ldns_rr_list_rr(rrdata, 0)); rrset->rri_ttl = ldns_rr_ttl(ldns_rr_list_rr(rrdata, 0)); debug2("ldns: got %u answers from DNS", rrset->rri_nrdatas); /* Check for authenticated data */ if (ldns_pkt_ad(pkt)) { rrset->rri_flags |= RRSET_VALIDATED; } else { /* AD is not set, try autonomous validation */ ldns_rr_list * trusted_keys = ldns_rr_list_new(); debug2("ldns: trying to validate RRset"); /* Get eventual sigs */ rrsigs = ldns_pkt_rr_list_by_type(pkt, LDNS_RR_TYPE_RRSIG, LDNS_SECTION_ANSWER); rrset->rri_nsigs = ldns_rr_list_rr_count(rrsigs); debug2("ldns: got %u signature(s) (RRTYPE %u) from DNS", rrset->rri_nsigs, LDNS_RR_TYPE_RRSIG); if ((err = ldns_verify_trusted(ldns_res, rrdata, rrsigs, trusted_keys)) == LDNS_STATUS_OK) { rrset->rri_flags |= RRSET_VALIDATED; debug2("ldns: RRset is signed with a valid key"); } else { debug2("ldns: RRset validation failed: %s", ldns_get_errorstr_by_id(err)); } ldns_rr_list_deep_free(trusted_keys); } /* allocate memory for answers */ rrset->rri_rdatas = calloc(rrset->rri_nrdatas, sizeof(struct rdatainfo)); if (rrset->rri_rdatas == NULL) { result = ERRSET_NOMEMORY; goto fail; } /* allocate memory for signatures */ if (rrset->rri_nsigs > 0) { rrset->rri_sigs = calloc(rrset->rri_nsigs, sizeof(struct rdatainfo)); if (rrset->rri_sigs == NULL) { result = ERRSET_NOMEMORY; goto fail; } } /* copy answers & signatures */ for (i=0, index_ans=0, index_sig=0; i< pkt->_header->_ancount; i++) { rdata = NULL; rr = ldns_rr_list_rr(ldns_pkt_answer(pkt), i); if (ldns_rr_get_class(rr) == rrset->rri_rdclass && ldns_rr_get_type(rr) == rrset->rri_rdtype) { rdata = &rrset->rri_rdatas[index_ans++]; } if (rr->_rr_class == rrset->rri_rdclass && rr->_rr_type == LDNS_RR_TYPE_RRSIG && rrset->rri_sigs) { rdata = &rrset->rri_sigs[index_sig++]; } if (rdata) { size_t rdata_offset = 0; rdata->rdi_length = 0; for (j=0; j< rr->_rd_count; j++) { rdata->rdi_length += ldns_rdf_size(ldns_rr_rdf(rr, j)); } rdata->rdi_data = malloc(rdata->rdi_length); if (rdata->rdi_data == NULL) { result = ERRSET_NOMEMORY; goto fail; } /* Re-create the raw DNS RDATA */ for (j=0; j< rr->_rd_count; j++) { len = ldns_rdf_size(ldns_rr_rdf(rr, j)); memcpy(rdata->rdi_data + rdata_offset, ldns_rdf_data(ldns_rr_rdf(rr, j)), len); rdata_offset += len; } } } *res = rrset; result = ERRSET_SUCCESS; fail: /* freerrset(rrset); */ ldns_rdf_deep_free(domain); ldns_pkt_free(pkt); ldns_rr_list_deep_free(rrsigs); ldns_rr_list_deep_free(rrdata); ldns_resolver_deep_free(ldns_res); return result; }
int main(int argc, char **argv) { char *fn1, *fn2; FILE *fp1, *fp2; ldns_zone *z1, *z2; ldns_status s; size_t i , j; ldns_rr_list *rrl1, *rrl2; int rr_cmp, rr_chg = 0; ldns_rr *rr1 = NULL, *rr2 = NULL, *rrx = NULL; int line_nr1 = 0, line_nr2 = 0; size_t rrc1 , rrc2; size_t num_ins = 0, num_del = 0, num_chg = 0; int c; bool opt_deleted = false, opt_inserted = false, opt_changed = false; bool sort = true, inc_soa = false; char op = 0; while ((c = getopt(argc, argv, "ahvdicsz")) != -1) { switch (c) { case 'h': usage(argc, argv); exit(EXIT_SUCCESS); break; case 'v': printf("%s version %s (ldns version %s)\n", argv[0], LDNS_VERSION, ldns_version()); exit(EXIT_SUCCESS); break; case 's': inc_soa = true; break; case 'z': sort = false; break; case 'd': opt_deleted = true; break; case 'i': opt_inserted = true; break; case 'c': opt_changed = true; break; case 'a': opt_deleted = true; opt_inserted = true; opt_changed = true; break; } } argc -= optind; argv += optind; if (argc != 2) { argc -= optind; argv -= optind; usage(argc, argv); exit(EXIT_FAILURE); } fn1 = argv[0]; fp1 = fopen(fn1, "r"); if (!fp1) { fprintf(stderr, "Unable to open %s: %s\n", fn1, strerror(errno)); exit(EXIT_FAILURE); } /* Read first zone */ s = ldns_zone_new_frm_fp_l(&z1, fp1, NULL, 0, LDNS_RR_CLASS_IN, &line_nr1); if (s != LDNS_STATUS_OK) { fclose(fp1); fprintf(stderr, "%s: %s at %d\n", fn1, ldns_get_errorstr_by_id(s), line_nr1); exit(EXIT_FAILURE); } fclose(fp1); fn2 = argv[1]; fp2 = fopen(fn2, "r"); if (!fp2) { fprintf(stderr, "Unable to open %s: %s\n", fn2, strerror(errno)); exit(EXIT_FAILURE); } /* Read second zone */ s = ldns_zone_new_frm_fp_l(&z2, fp2, NULL, 0, LDNS_RR_CLASS_IN, &line_nr2); if (s != LDNS_STATUS_OK) { ldns_zone_deep_free(z1); fclose(fp2); fprintf(stderr, "%s: %s at %d\n", fn2, ldns_get_errorstr_by_id(s), line_nr2); exit(EXIT_FAILURE); } fclose(fp2); rrl1 = ldns_zone_rrs(z1); rrc1 = ldns_rr_list_rr_count(rrl1); rrl2 = ldns_zone_rrs(z2); rrc2 = ldns_rr_list_rr_count(rrl2); if (sort) { /* canonicalize zone 1 */ ldns_rr2canonical(ldns_zone_soa(z1)); for (i = 0; i < ldns_rr_list_rr_count(ldns_zone_rrs(z1)); i++) { ldns_rr2canonical(ldns_rr_list_rr(ldns_zone_rrs(z1), i)); } /* sort zone 1 */ ldns_zone_sort(z1); /* canonicalize zone 2 */ ldns_rr2canonical(ldns_zone_soa(z2)); for (i = 0; i < ldns_rr_list_rr_count(ldns_zone_rrs(z2)); i++) { ldns_rr2canonical(ldns_rr_list_rr(ldns_zone_rrs(z2), i)); } /* sort zone 2 */ ldns_zone_sort(z2); } if(inc_soa) { ldns_rr_list* wsoa = ldns_rr_list_new(); ldns_rr_list_push_rr(wsoa, ldns_zone_soa(z1)); ldns_rr_list_cat(wsoa, rrl1); rrl1 = wsoa; rrc1 = ldns_rr_list_rr_count(rrl1); wsoa = ldns_rr_list_new(); ldns_rr_list_push_rr(wsoa, ldns_zone_soa(z2)); ldns_rr_list_cat(wsoa, rrl2); rrl2 = wsoa; rrc2 = ldns_rr_list_rr_count(rrl2); if(sort) { ldns_rr_list_sort(rrl1); ldns_rr_list_sort(rrl2); } } /* * Walk through both zones. The previously seen resource record is * kept (in the variable rrx) so that we can recognize when we are * handling a new owner name. If the owner name changes, we have to * set the operator again. */ for (i = 0, j = 0; i < rrc1 || j < rrc2;) { rr_cmp = 0; if (i < rrc1 && j < rrc2) { rr1 = ldns_rr_list_rr(rrl1, i); rr2 = ldns_rr_list_rr(rrl2, j); rr_cmp = ldns_rr_compare(rr1, rr2); /* Completely skip if the rrs are equal */ if (rr_cmp == 0) { i++; j++; continue; } rr_chg = ldns_dname_compare(ldns_rr_owner(rr1), ldns_rr_owner(rr2)); } else if (i >= rrc1) { /* we have reached the end of zone 1, so the current record * from zone 2 automatically sorts higher */ rr1 = NULL; rr2 = ldns_rr_list_rr(rrl2, j); rr_chg = rr_cmp = 1; } else if (j >= rrc2) { /* we have reached the end of zone 2, so the current record * from zone 1 automatically sorts lower */ rr1 = ldns_rr_list_rr(rrl1, i); rr2 = NULL; rr_chg = rr_cmp = -1; } if (rr_cmp < 0) { i++; if ((rrx != NULL) && (ldns_dname_compare(ldns_rr_owner(rr1), ldns_rr_owner(rrx) ) != 0)) { /* The owner name is different, forget previous rr */ rrx = NULL; } if (rrx == NULL) { if (rr_chg == 0) { num_chg++; op = OP_CHG; } else { num_del++; op = OP_DEL; } rrx = rr1; } if (((op == OP_DEL) && opt_deleted) || ((op == OP_CHG) && opt_changed)) { printf("%c-", op); ldns_rr_print(stdout, rr1); } } else if (rr_cmp > 0) { j++; if ((rrx != NULL) && (ldns_dname_compare(ldns_rr_owner(rr2), ldns_rr_owner(rrx) ) != 0)) { rrx = NULL; } if (rrx == NULL) { if (rr_chg == 0) { num_chg++; op = OP_CHG; } else { num_ins++; op = OP_INS; } /* remember this rr for it's name in the next iteration */ rrx = rr2; } if (((op == OP_INS) && opt_inserted) || ((op == OP_CHG) && opt_changed)) { printf("%c+", op); ldns_rr_print(stdout, rr2); } } } printf("\t%c%u\t%c%u\t%c%u\n", OP_INS, (unsigned int) num_ins, OP_DEL, (unsigned int) num_del, OP_CHG, (unsigned int) num_chg); /* Free resources */ if(inc_soa) { ldns_rr_list_free(rrl1); ldns_rr_list_free(rrl2); } ldns_zone_deep_free(z2); ldns_zone_deep_free(z1); return 0; }
int main(int argc, char **argv) { char *filename; FILE *fp; ldns_zone *z; int line_nr = 0; int c; bool canonicalize = false; bool sort = false; bool strip = false; bool only_dnssec = false; bool print_soa = true; ldns_status s; size_t i; ldns_rr_list *stripped_list; ldns_rr *cur_rr; ldns_rr_type cur_rr_type; ldns_output_format_storage fmt_storage; ldns_output_format* fmt = ldns_output_format_init(&fmt_storage); ldns_soa_serial_increment_func_t soa_serial_increment_func = NULL; int soa_serial_increment_func_data = 0; while ((c = getopt(argc, argv, "0bcdhnpsu:U:vzS:")) != -1) { switch(c) { case 'b': fmt->flags |= ( LDNS_COMMENT_BUBBLEBABBLE | LDNS_COMMENT_FLAGS ); break; case '0': fmt->flags |= LDNS_FMT_ZEROIZE_RRSIGS; break; case 'c': canonicalize = true; break; case 'd': only_dnssec = true; if (strip) { fprintf(stderr, "Warning: stripping both DNSSEC and non-DNSSEC records. Output will be sparse.\n"); } break; case 'h': print_usage("ldns-read-zone"); break; case 'n': print_soa = false; break; case 'p': fmt->flags |= LDNS_FMT_PAD_SOA_SERIAL; break; case 's': strip = true; if (only_dnssec) { fprintf(stderr, "Warning: stripping both DNSSEC and non-DNSSEC records. Output will be sparse.\n"); } break; case 'u': s = ldns_output_format_set_type(fmt, ldns_get_rr_type_by_name(optarg)); if (s != LDNS_STATUS_OK) { fprintf( stderr , "Cannot set rr type %s " "in output format to " "print as unknown type: %s\n" , ldns_rr_descript( ldns_get_rr_type_by_name(optarg) )->_name , ldns_get_errorstr_by_id(s) ); exit(EXIT_FAILURE); } break; case 'U': s = ldns_output_format_clear_type(fmt, ldns_get_rr_type_by_name(optarg)); if (s != LDNS_STATUS_OK) { fprintf( stderr , "Cannot set rr type %s " "in output format to not " "print as unknown type: %s\n" , ldns_rr_descript( ldns_get_rr_type_by_name(optarg) )->_name , ldns_get_errorstr_by_id(s) ); exit(EXIT_FAILURE); } break; case 'v': printf("read zone version %s (ldns version %s)\n", LDNS_VERSION, ldns_version()); exit(EXIT_SUCCESS); break; case 'z': canonicalize = true; sort = true; break; case 'S': strip = true; if (*optarg == '+' || *optarg == '-') { soa_serial_increment_func_data = atoi(optarg); soa_serial_increment_func = ldns_soa_serial_increment_by; } else if (! strtok(optarg, "0123456789")) { soa_serial_increment_func_data = atoi(optarg); soa_serial_increment_func = ldns_soa_serial_identity; } else if (!strcasecmp(optarg, "YYYYMMDDxx")){ soa_serial_increment_func = ldns_soa_serial_datecounter; } else if (!strcasecmp(optarg, "unixtime")){ soa_serial_increment_func = ldns_soa_serial_unixtime; } else { fprintf(stderr, "-S expects a number " "optionally preceded by a " "+ or - sign to indicate an " "offset, or the text YYYYMM" "DDxx or unixtime\n"); exit(EXIT_FAILURE); } break; } } argc -= optind; argv += optind; if (argc == 0) { fp = stdin; } else { filename = argv[0]; fp = fopen(filename, "r"); if (!fp) { fprintf(stderr, "Unable to open %s: %s\n", filename, strerror(errno)); exit(EXIT_FAILURE); } } s = ldns_zone_new_frm_fp_l(&z, fp, NULL, 0, LDNS_RR_CLASS_IN, &line_nr); fclose(fp); if (s != LDNS_STATUS_OK) { fprintf(stderr, "%s at %d\n", ldns_get_errorstr_by_id(s), line_nr); exit(EXIT_FAILURE); } if (strip) { stripped_list = ldns_rr_list_new(); while ((cur_rr = ldns_rr_list_pop_rr(ldns_zone_rrs(z)))) { cur_rr_type = ldns_rr_get_type(cur_rr); if (cur_rr_type == LDNS_RR_TYPE_RRSIG || cur_rr_type == LDNS_RR_TYPE_NSEC || cur_rr_type == LDNS_RR_TYPE_NSEC3 || cur_rr_type == LDNS_RR_TYPE_NSEC3PARAM ) { ldns_rr_free(cur_rr); } else { ldns_rr_list_push_rr(stripped_list, cur_rr); } } ldns_rr_list_free(ldns_zone_rrs(z)); ldns_zone_set_rrs(z, stripped_list); } if (only_dnssec) { stripped_list = ldns_rr_list_new(); while ((cur_rr = ldns_rr_list_pop_rr(ldns_zone_rrs(z)))) { cur_rr_type = ldns_rr_get_type(cur_rr); if (cur_rr_type == LDNS_RR_TYPE_RRSIG || cur_rr_type == LDNS_RR_TYPE_NSEC || cur_rr_type == LDNS_RR_TYPE_NSEC3 || cur_rr_type == LDNS_RR_TYPE_NSEC3PARAM ) { ldns_rr_list_push_rr(stripped_list, cur_rr); } else { ldns_rr_free(cur_rr); } } ldns_rr_list_free(ldns_zone_rrs(z)); ldns_zone_set_rrs(z, stripped_list); } if (canonicalize) { ldns_rr2canonical(ldns_zone_soa(z)); for (i = 0; i < ldns_rr_list_rr_count(ldns_zone_rrs(z)); i++) { ldns_rr2canonical(ldns_rr_list_rr(ldns_zone_rrs(z), i)); } } if (sort) { ldns_zone_sort(z); } if (print_soa && ldns_zone_soa(z)) { if (soa_serial_increment_func) { ldns_rr_soa_increment_func_int( ldns_zone_soa(z) , soa_serial_increment_func , soa_serial_increment_func_data ); } ldns_rr_print_fmt(stdout, fmt, ldns_zone_soa(z)); } ldns_rr_list_print_fmt(stdout, fmt, ldns_zone_rrs(z)); ldns_zone_deep_free(z); exit(EXIT_SUCCESS); }
int main(int argc, char **argv) { char *filename; FILE *fp; ldns_zone *z; int line_nr = 0; int c; bool canonicalize = false; bool sort = false; bool strip = false; bool only_dnssec = false; bool print_soa = true; ldns_status s; size_t i; ldns_rr_list *stripped_list; ldns_rr *cur_rr; ldns_rr_type cur_rr_type; while ((c = getopt(argc, argv, "cdhnsvz")) != -1) { switch(c) { case 'c': canonicalize = true; break; case 'd': only_dnssec = true; if (strip) { fprintf(stderr, "Warning: stripping both DNSSEC and non-DNSSEC records. Output will be sparse.\n"); } break; case 'h': printf("Usage: %s [-c] [-v] [-z] <zonefile>\n", argv[0]); printf("\tReads the zonefile and prints it.\n"); printf("\tThe RR count of the zone is printed to stderr.\n"); printf("\t-c canonicalize all rrs in the zone.\n"); printf("\t-d only show DNSSEC data from the zone\n"); printf("\t-h show this text\n"); printf("\t-n do not print the SOA record\n"); printf("\t-s strip DNSSEC data from the zone\n"); printf("\t-v shows the version and exits\n"); printf("\t-z sort the zone (implies -c).\n"); printf("\nif no file is given standard input is read\n"); exit(EXIT_SUCCESS); break; case 'n': print_soa = false; break; case 's': strip = true; if (only_dnssec) { fprintf(stderr, "Warning: stripping both DNSSEC and non-DNSSEC records. Output will be sparse.\n"); } break; case 'v': printf("read zone version %s (ldns version %s)\n", LDNS_VERSION, ldns_version()); exit(EXIT_SUCCESS); break; case 'z': canonicalize = true; sort = true; break; } } argc -= optind; argv += optind; if (argc == 0) { fp = stdin; } else { filename = argv[0]; fp = fopen(filename, "r"); if (!fp) { fprintf(stderr, "Unable to open %s: %s\n", filename, strerror(errno)); exit(EXIT_FAILURE); } } s = ldns_zone_new_frm_fp_l(&z, fp, NULL, 0, LDNS_RR_CLASS_IN, &line_nr); if (strip) { stripped_list = ldns_rr_list_new(); while ((cur_rr = ldns_rr_list_pop_rr(ldns_zone_rrs(z)))) { cur_rr_type = ldns_rr_get_type(cur_rr); if (cur_rr_type == LDNS_RR_TYPE_RRSIG || cur_rr_type == LDNS_RR_TYPE_NSEC || cur_rr_type == LDNS_RR_TYPE_NSEC3 || cur_rr_type == LDNS_RR_TYPE_NSEC3PARAMS ) { ldns_rr_free(cur_rr); } else { ldns_rr_list_push_rr(stripped_list, cur_rr); } } ldns_rr_list_free(ldns_zone_rrs(z)); ldns_zone_set_rrs(z, stripped_list); } if (only_dnssec) { stripped_list = ldns_rr_list_new(); while ((cur_rr = ldns_rr_list_pop_rr(ldns_zone_rrs(z)))) { cur_rr_type = ldns_rr_get_type(cur_rr); if (cur_rr_type == LDNS_RR_TYPE_RRSIG || cur_rr_type == LDNS_RR_TYPE_NSEC || cur_rr_type == LDNS_RR_TYPE_NSEC3 || cur_rr_type == LDNS_RR_TYPE_NSEC3PARAMS ) { ldns_rr_list_push_rr(stripped_list, cur_rr); } else { ldns_rr_free(cur_rr); } } ldns_rr_list_free(ldns_zone_rrs(z)); ldns_zone_set_rrs(z, stripped_list); } if (s == LDNS_STATUS_OK) { if (canonicalize) { ldns_rr2canonical(ldns_zone_soa(z)); for (i = 0; i < ldns_rr_list_rr_count(ldns_zone_rrs(z)); i++) { ldns_rr2canonical(ldns_rr_list_rr(ldns_zone_rrs(z), i)); } } if (sort) { ldns_zone_sort(z); } if (print_soa && ldns_zone_soa(z)) { ldns_rr_print(stdout, ldns_zone_soa(z)); } ldns_rr_list_print(stdout, ldns_zone_rrs(z)); ldns_zone_deep_free(z); } else { fprintf(stderr, "%s at %d\n", ldns_get_errorstr_by_id(s), line_nr); exit(EXIT_FAILURE); } fclose(fp); exit(EXIT_SUCCESS); }
ldns_status ldns_dnssec_zone_create_rrsigs_flg( ldns_dnssec_zone *zone , ldns_rr_list *new_rrs , ldns_key_list *key_list , int (*func)(ldns_rr *, void*) , void *arg , int flags ) { ldns_status result = LDNS_STATUS_OK; ldns_rbnode_t *cur_node; ldns_rr_list *rr_list; ldns_dnssec_name *cur_name; ldns_dnssec_rrsets *cur_rrset; ldns_dnssec_rrs *cur_rr; ldns_rr_list *siglist; size_t i; int on_delegation_point = 0; /* handle partially occluded names */ ldns_rr_list *pubkey_list = ldns_rr_list_new(); for (i = 0; i<ldns_key_list_key_count(key_list); i++) { ldns_rr_list_push_rr( pubkey_list , ldns_key2rr(ldns_key_list_key( key_list, i)) ); } /* TODO: callback to see is list should be signed */ /* TODO: remove 'old' signatures from signature list */ cur_node = ldns_rbtree_first(zone->names); while (cur_node != LDNS_RBTREE_NULL) { cur_name = (ldns_dnssec_name *) cur_node->data; if (!cur_name->is_glue) { on_delegation_point = ldns_dnssec_rrsets_contains_type( cur_name->rrsets, LDNS_RR_TYPE_NS) && !ldns_dnssec_rrsets_contains_type( cur_name->rrsets, LDNS_RR_TYPE_SOA); cur_rrset = cur_name->rrsets; while (cur_rrset) { /* reset keys to use */ ldns_key_list_set_use(key_list, true); /* walk through old sigs, remove the old, and mark which keys (not) to use) */ cur_rrset->signatures = ldns_dnssec_remove_signatures(cur_rrset->signatures, key_list, func, arg); if(!(flags&LDNS_SIGN_DNSKEY_WITH_ZSK) && cur_rrset->type == LDNS_RR_TYPE_DNSKEY) ldns_key_list_filter_for_dnskey(key_list); if(cur_rrset->type != LDNS_RR_TYPE_DNSKEY) ldns_key_list_filter_for_non_dnskey(key_list); /* TODO: just set count to zero? */ rr_list = ldns_rr_list_new(); cur_rr = cur_rrset->rrs; while (cur_rr) { ldns_rr_list_push_rr(rr_list, cur_rr->rr); cur_rr = cur_rr->next; } /* only sign non-delegation RRsets */ /* (glue should have been marked earlier, * except on the delegation points itself) */ if (!on_delegation_point || ldns_rr_list_type(rr_list) == LDNS_RR_TYPE_DS || ldns_rr_list_type(rr_list) == LDNS_RR_TYPE_NSEC || ldns_rr_list_type(rr_list) == LDNS_RR_TYPE_NSEC3) { siglist = ldns_sign_public(rr_list, key_list); for (i = 0; i < ldns_rr_list_rr_count(siglist); i++) { if (cur_rrset->signatures) { result = ldns_dnssec_rrs_add_rr(cur_rrset->signatures, ldns_rr_list_rr(siglist, i)); } else { cur_rrset->signatures = ldns_dnssec_rrs_new(); cur_rrset->signatures->rr = ldns_rr_list_rr(siglist, i); } if (new_rrs) { ldns_rr_list_push_rr(new_rrs, ldns_rr_list_rr(siglist, i)); } } ldns_rr_list_free(siglist); } ldns_rr_list_free(rr_list); cur_rrset = cur_rrset->next; } /* sign the nsec */ ldns_key_list_set_use(key_list, true); cur_name->nsec_signatures = ldns_dnssec_remove_signatures(cur_name->nsec_signatures, key_list, func, arg); ldns_key_list_filter_for_non_dnskey(key_list); rr_list = ldns_rr_list_new(); ldns_rr_list_push_rr(rr_list, cur_name->nsec); siglist = ldns_sign_public(rr_list, key_list); for (i = 0; i < ldns_rr_list_rr_count(siglist); i++) { if (cur_name->nsec_signatures) { result = ldns_dnssec_rrs_add_rr(cur_name->nsec_signatures, ldns_rr_list_rr(siglist, i)); } else { cur_name->nsec_signatures = ldns_dnssec_rrs_new(); cur_name->nsec_signatures->rr = ldns_rr_list_rr(siglist, i); } if (new_rrs) { ldns_rr_list_push_rr(new_rrs, ldns_rr_list_rr(siglist, i)); } } ldns_rr_list_free(siglist); ldns_rr_list_free(rr_list); } cur_node = ldns_rbtree_next(cur_node); } ldns_rr_list_deep_free(pubkey_list); return result; }
void zkdns_start(const char* my_address, int port, const char* my_zone) { rp_handle = rp_initialize(my_zone); /* network */ int sock; ssize_t nb; struct sockaddr addr_me; struct sockaddr addr_him; socklen_t hislen = (socklen_t) sizeof(addr_him); uint8_t inbuf[INBUF_SIZE]; uint8_t *outbuf; /* dns */ ldns_status status; ldns_pkt *query_pkt; ldns_pkt *answer_pkt; size_t answer_size; ldns_rr *query_rr; ldns_rr_list *answer_qr; ldns_rr_list *answer_an; ldns_rr_list *answer_ns; ldns_rr_list *answer_ad; ldns_rdf *origin = NULL; /* zone */ ldns_zone *zone; int line_nr; FILE *zone_fp; if (ldns_str2rdf_dname(&origin, my_zone) != LDNS_STATUS_OK) { fprintf(stderr, "Bad origin, not a correct domain name\n"); exit(EXIT_FAILURE); } printf("Listening on port %d\n", port); sock = socket(AF_INET, SOCK_DGRAM, 0); if (sock < 0) { fprintf(stderr, "socket(): %s\n", strerror(errno)); exit(1); } memset(&addr_me, 0, sizeof(addr_me)); /* bind: try all ports in that range */ if (udp_bind(sock, port, my_address)) { fprintf(stderr, "cannot bind(): %s\n", strerror(errno)); exit(errno); } /* Done. Now receive */ while (1) { nb = recvfrom(sock, (void*)inbuf, INBUF_SIZE, 0, &addr_him, &hislen); if (nb < 1) { fprintf(stderr, "recvfrom(): %s\n", strerror(errno)); exit(1); } /* show(inbuf, nb, nn, hp, sp, ip, bp); */ status = ldns_wire2pkt(&query_pkt, inbuf, (size_t) nb); if (status != LDNS_STATUS_OK) { printf("Got bad packet: %s\n", ldns_get_errorstr_by_id(status)); } query_rr = ldns_rr_list_rr(ldns_pkt_question(query_pkt), 0); answer_qr = ldns_rr_list_new(); ldns_rr_list_push_rr(answer_qr, ldns_rr_clone(query_rr)); answer_an = get_rrset(zone, ldns_rr_owner(query_rr), ldns_rr_get_type(query_rr), ldns_rr_get_class(query_rr)); answer_pkt = ldns_pkt_new(); answer_ns = ldns_rr_list_new(); answer_ad = ldns_rr_list_new(); ldns_pkt_set_qr(answer_pkt, 1); ldns_pkt_set_aa(answer_pkt, 1); ldns_pkt_set_id(answer_pkt, ldns_pkt_id(query_pkt)); ldns_pkt_push_rr_list(answer_pkt, LDNS_SECTION_QUESTION, answer_qr); ldns_pkt_push_rr_list(answer_pkt, LDNS_SECTION_ANSWER, answer_an); ldns_pkt_push_rr_list(answer_pkt, LDNS_SECTION_AUTHORITY, answer_ns); ldns_pkt_push_rr_list(answer_pkt, LDNS_SECTION_ADDITIONAL, answer_ad); status = ldns_pkt2wire(&outbuf, answer_pkt, &answer_size); if (status != LDNS_STATUS_OK) { printf("Error creating answer: %s\n", ldns_get_errorstr_by_id(status)); } else { nb = sendto(sock, (void*)outbuf, answer_size, 0, &addr_him, hislen); } ldns_pkt_free(query_pkt); ldns_pkt_free(answer_pkt); LDNS_FREE(outbuf); ldns_rr_list_free(answer_qr); ldns_rr_list_free(answer_an); ldns_rr_list_free(answer_ns); ldns_rr_list_free(answer_ad); } ldns_rdf_deep_free(origin); ldns_zone_deep_free(zone); rp_shutdown(rp_handle); }
ldns_status ldns_dnssec_zone_create_nsec3s(ldns_dnssec_zone *zone, ldns_rr_list *new_rrs, uint8_t algorithm, uint8_t flags, uint16_t iterations, uint8_t salt_length, uint8_t *salt) { ldns_rbnode_t *first_name_node; ldns_rbnode_t *current_name_node; ldns_dnssec_name *current_name; ldns_status result = LDNS_STATUS_OK; ldns_rr *nsec_rr; ldns_rr_list *nsec3_list; uint32_t nsec_ttl; ldns_dnssec_rrsets *soa; if (!zone || !new_rrs || !zone->names) { return LDNS_STATUS_ERR; } /* the TTL of NSEC rrs should be set to the minimum TTL of * the zone SOA (RFC4035 Section 2.3) */ soa = ldns_dnssec_name_find_rrset(zone->soa, LDNS_RR_TYPE_SOA); /* did the caller actually set it? if not, * fall back to default ttl */ if (soa && soa->rrs && soa->rrs->rr) { nsec_ttl = ldns_rdf2native_int32(ldns_rr_rdf( soa->rrs->rr, 6)); } else { nsec_ttl = LDNS_DEFAULT_TTL; } nsec3_list = ldns_rr_list_new(); first_name_node = ldns_dnssec_name_node_next_nonglue( ldns_rbtree_first(zone->names)); current_name_node = first_name_node; while (current_name_node && current_name_node != LDNS_RBTREE_NULL) { current_name = (ldns_dnssec_name *) current_name_node->data; nsec_rr = ldns_dnssec_create_nsec3(current_name, NULL, zone->soa->name, algorithm, flags, iterations, salt_length, salt); /* by default, our nsec based generator adds rrsigs * remove the bitmap for empty nonterminals */ if (!current_name->rrsets) { ldns_rdf_deep_free(ldns_rr_pop_rdf(nsec_rr)); } ldns_rr_set_ttl(nsec_rr, nsec_ttl); ldns_dnssec_name_add_rr(current_name, nsec_rr); ldns_rr_list_push_rr(new_rrs, nsec_rr); ldns_rr_list_push_rr(nsec3_list, nsec_rr); current_name_node = ldns_dnssec_name_node_next_nonglue( ldns_rbtree_next(current_name_node)); } ldns_rr_list_sort_nsec3(nsec3_list); ldns_dnssec_chain_nsec3_list(nsec3_list); if (result != LDNS_STATUS_OK) { return result; } ldns_rr_list_free(nsec3_list); return result; }
ldns_status ldns_dnssec_zone_create_rrsigs(ldns_dnssec_zone *zone, ldns_rr_list *new_rrs, ldns_key_list *key_list, int (*func)(ldns_rr *, void*), void *arg) { ldns_status result = LDNS_STATUS_OK; ldns_rbnode_t *cur_node; ldns_rr_list *rr_list; ldns_dnssec_name *cur_name; ldns_dnssec_rrsets *cur_rrset; ldns_dnssec_rrs *cur_rr; ldns_rr_list *siglist; size_t i; ldns_rr_list *pubkey_list = ldns_rr_list_new(); zone = zone; new_rrs = new_rrs; key_list = key_list; for (i = 0; i<ldns_key_list_key_count(key_list); i++) { ldns_rr_list_push_rr(pubkey_list, ldns_key2rr(ldns_key_list_key(key_list, i))); } /* TODO: callback to see is list should be signed */ /* TODO: remove 'old' signatures from signature list */ cur_node = ldns_rbtree_first(zone->names); while (cur_node != LDNS_RBTREE_NULL) { cur_name = (ldns_dnssec_name *) cur_node->data; if (!cur_name->is_glue) { cur_rrset = cur_name->rrsets; while (cur_rrset) { /* reset keys to use */ ldns_key_list_set_use(key_list, true); /* walk through old sigs, remove the old, and mark which keys (not) to use) */ cur_rrset->signatures = ldns_dnssec_remove_signatures(cur_rrset->signatures, key_list, func, arg); /* TODO: just set count to zero? */ rr_list = ldns_rr_list_new(); cur_rr = cur_rrset->rrs; while (cur_rr) { ldns_rr_list_push_rr(rr_list, cur_rr->rr); cur_rr = cur_rr->next; } /* only sign non-delegation RRsets */ /* (glue should have been marked earlier) */ if ((ldns_rr_list_type(rr_list) != LDNS_RR_TYPE_NS || ldns_dname_compare(ldns_rr_list_owner(rr_list), zone->soa->name) == 0) && /* OK, there is also the possibility that the record * is glue, but at the same owner name as other records that * are not NS nor A/AAAA. Bleh, our current data structure * doesn't really support that... */ !((ldns_rr_list_type(rr_list) == LDNS_RR_TYPE_A || ldns_rr_list_type(rr_list) == LDNS_RR_TYPE_AAAA) && !ldns_dname_compare(ldns_rr_list_owner(rr_list), zone->soa->name) == 0 && ldns_dnssec_zone_find_rrset(zone, ldns_rr_list_owner(rr_list), LDNS_RR_TYPE_NS) )) { siglist = ldns_sign_public(rr_list, key_list); for (i = 0; i < ldns_rr_list_rr_count(siglist); i++) { if (cur_rrset->signatures) { ldns_dnssec_rrs_add_rr(cur_rrset->signatures, ldns_rr_list_rr(siglist, i)); } else { cur_rrset->signatures = ldns_dnssec_rrs_new(); cur_rrset->signatures->rr = ldns_rr_list_rr(siglist, i); ldns_rr_list_push_rr(new_rrs, ldns_rr_list_rr(siglist, i)); } } ldns_rr_list_free(siglist); } ldns_rr_list_free(rr_list); cur_rrset = cur_rrset->next; } /* sign the nsec */ cur_name->nsec_signatures = ldns_dnssec_remove_signatures(cur_name->nsec_signatures, key_list, func, arg); rr_list = ldns_rr_list_new(); ldns_rr_list_push_rr(rr_list, cur_name->nsec); siglist = ldns_sign_public(rr_list, key_list); for (i = 0; i < ldns_rr_list_rr_count(siglist); i++) { if (cur_name->nsec_signatures) { ldns_dnssec_rrs_add_rr(cur_name->nsec_signatures, ldns_rr_list_rr(siglist, i)); } else { cur_name->nsec_signatures = ldns_dnssec_rrs_new(); cur_name->nsec_signatures->rr = ldns_rr_list_rr(siglist, i); ldns_rr_list_push_rr(new_rrs, ldns_rr_list_rr(siglist, i)); } } ldns_rr_list_free(siglist); ldns_rr_list_free(rr_list); } cur_node = ldns_rbtree_next(cur_node); } ldns_rr_list_deep_free(pubkey_list); return result; }
static ldns_status ldns_dnssec_zone_create_nsec3s_mkmap(ldns_dnssec_zone *zone, ldns_rr_list *new_rrs, uint8_t algorithm, uint8_t flags, uint16_t iterations, uint8_t salt_length, uint8_t *salt, ldns_rbtree_t **map) { ldns_rbnode_t *first_name_node; ldns_rbnode_t *current_name_node; ldns_dnssec_name *current_name; ldns_status result = LDNS_STATUS_OK; ldns_rr *nsec_rr; ldns_rr_list *nsec3_list; uint32_t nsec_ttl; ldns_dnssec_rrsets *soa; ldns_rbnode_t *hashmap_node; if (!zone || !new_rrs || !zone->names) { return LDNS_STATUS_ERR; } /* the TTL of NSEC rrs should be set to the minimum TTL of * the zone SOA (RFC4035 Section 2.3) */ soa = ldns_dnssec_name_find_rrset(zone->soa, LDNS_RR_TYPE_SOA); /* did the caller actually set it? if not, * fall back to default ttl */ if (soa && soa->rrs && soa->rrs->rr && ldns_rr_rdf(soa->rrs->rr, 6) != NULL) { nsec_ttl = ldns_rdf2native_int32(ldns_rr_rdf(soa->rrs->rr, 6)); } else { nsec_ttl = LDNS_DEFAULT_TTL; } if (zone->hashed_names) { ldns_traverse_postorder(zone->hashed_names, ldns_hashed_names_node_free, NULL); LDNS_FREE(zone->hashed_names); } zone->hashed_names = ldns_rbtree_create(ldns_dname_compare_v); if (zone->hashed_names && map) { *map = zone->hashed_names; } first_name_node = ldns_dnssec_name_node_next_nonglue( ldns_rbtree_first(zone->names)); current_name_node = first_name_node; while (current_name_node && current_name_node != LDNS_RBTREE_NULL && result == LDNS_STATUS_OK) { current_name = (ldns_dnssec_name *) current_name_node->data; nsec_rr = ldns_dnssec_create_nsec3(current_name, NULL, zone->soa->name, algorithm, flags, iterations, salt_length, salt); /* by default, our nsec based generator adds rrsigs * remove the bitmap for empty nonterminals */ if (!current_name->rrsets) { ldns_rdf_deep_free(ldns_rr_pop_rdf(nsec_rr)); } ldns_rr_set_ttl(nsec_rr, nsec_ttl); result = ldns_dnssec_name_add_rr(current_name, nsec_rr); ldns_rr_list_push_rr(new_rrs, nsec_rr); if (ldns_rr_owner(nsec_rr)) { hashmap_node = LDNS_MALLOC(ldns_rbnode_t); if (hashmap_node == NULL) { return LDNS_STATUS_MEM_ERR; } current_name->hashed_name = ldns_dname_label(ldns_rr_owner(nsec_rr), 0); if (current_name->hashed_name == NULL) { LDNS_FREE(hashmap_node); return LDNS_STATUS_MEM_ERR; } hashmap_node->key = current_name->hashed_name; hashmap_node->data = current_name; if (! ldns_rbtree_insert(zone->hashed_names , hashmap_node)) { LDNS_FREE(hashmap_node); } } current_name_node = ldns_dnssec_name_node_next_nonglue( ldns_rbtree_next(current_name_node)); } if (result != LDNS_STATUS_OK) { return result; } /* Make sorted list of nsec3s (via zone->hashed_names) */ nsec3_list = ldns_rr_list_new(); if (nsec3_list == NULL) { return LDNS_STATUS_MEM_ERR; } for ( hashmap_node = ldns_rbtree_first(zone->hashed_names) ; hashmap_node != LDNS_RBTREE_NULL ; hashmap_node = ldns_rbtree_next(hashmap_node) ) { current_name = (ldns_dnssec_name *) hashmap_node->data; nsec_rr = ((ldns_dnssec_name *) hashmap_node->data)->nsec; if (nsec_rr) { ldns_rr_list_push_rr(nsec3_list, nsec_rr); } } result = ldns_dnssec_chain_nsec3_list(nsec3_list); ldns_rr_list_free(nsec3_list); return result; }
/** * use this function to sign with a public/private key alg * return the created signatures */ ldns_rr_list * ldns_sign_public(ldns_rr_list *rrset, ldns_key_list *keys) { ldns_rr_list *signatures; ldns_rr_list *rrset_clone; ldns_rr *current_sig; ldns_rdf *b64rdf; ldns_key *current_key; size_t key_count; uint16_t i; ldns_buffer *sign_buf; ldns_rdf *new_owner; if (!rrset || ldns_rr_list_rr_count(rrset) < 1 || !keys) { return NULL; } new_owner = NULL; key_count = 0; signatures = ldns_rr_list_new(); /* prepare a signature and add all the know data * prepare the rrset. Sign this together. */ rrset_clone = ldns_rr_list_clone(rrset); if (!rrset_clone) { return NULL; } /* make it canonical */ for(i = 0; i < ldns_rr_list_rr_count(rrset_clone); i++) { ldns_rr2canonical(ldns_rr_list_rr(rrset_clone, i)); } /* sort */ ldns_rr_list_sort(rrset_clone); for (key_count = 0; key_count < ldns_key_list_key_count(keys); key_count++) { if (!ldns_key_use(ldns_key_list_key(keys, key_count))) { continue; } sign_buf = ldns_buffer_new(LDNS_MAX_PACKETLEN); if (!sign_buf) { ldns_rr_list_free(rrset_clone); ldns_rr_list_free(signatures); ldns_rdf_free(new_owner); return NULL; } b64rdf = NULL; current_key = ldns_key_list_key(keys, key_count); /* sign all RRs with keys that have ZSKbit, !SEPbit. sign DNSKEY RRs with keys that have ZSKbit&SEPbit */ if ( ldns_key_flags(current_key) & LDNS_KEY_ZONE_KEY && (!(ldns_key_flags(current_key) & LDNS_KEY_SEP_KEY) || ldns_rr_get_type(ldns_rr_list_rr(rrset, 0)) == LDNS_RR_TYPE_DNSKEY) ) { current_sig = ldns_create_empty_rrsig(rrset_clone, current_key); /* right now, we have: a key, a semi-sig and an rrset. For * which we can create the sig and base64 encode that and * add that to the signature */ if (ldns_rrsig2buffer_wire(sign_buf, current_sig) != LDNS_STATUS_OK) { ldns_buffer_free(sign_buf); /* ERROR */ ldns_rr_list_deep_free(rrset_clone); return NULL; } /* add the rrset in sign_buf */ if (ldns_rr_list2buffer_wire(sign_buf, rrset_clone) != LDNS_STATUS_OK) { ldns_buffer_free(sign_buf); ldns_rr_list_deep_free(rrset_clone); return NULL; } b64rdf = ldns_sign_public_buffer(sign_buf, current_key); if (!b64rdf) { /* signing went wrong */ ldns_rr_list_deep_free(rrset_clone); return NULL; } ldns_rr_rrsig_set_sig(current_sig, b64rdf); /* push the signature to the signatures list */ ldns_rr_list_push_rr(signatures, current_sig); } ldns_buffer_free(sign_buf); /* restart for the next key */ } ldns_rr_list_deep_free(rrset_clone); return signatures; }
/* return a clone of the given rr list, without the glue records * rr list should be the complete zone * if present, stripped records are added to the list *glue_records */ ldns_rr_list * ldns_zone_strip_glue_rrs(const ldns_rdf *zone_name, const ldns_rr_list *rrs, ldns_rr_list *glue_rrs) { ldns_rr_list *new_list = ldns_rr_list_new(); /* when do we find glue? It means we find an IP address * (AAAA/A) for a nameserver listed in the zone * * Alg used here: * first find all the zonecuts (NS records) * find all the AAAA or A records (can be done it the * above loop). * * Check if the aaaa/a list are subdomains under the * NS domains. If yes -> glue, if no -> not glue */ ldns_rr_list *zone_cuts; ldns_rr_list *addr; ldns_rr *r, *ns, *a; ldns_rdf *dname_a, *dname_ns, *ns_owner; uint16_t i,j; zone_cuts = ldns_rr_list_new(); addr = ldns_rr_list_new(); for(i = 0; i < ldns_rr_list_rr_count(rrs); i++) { r = ldns_rr_list_rr(rrs, i); if (ldns_rr_get_type(r) == LDNS_RR_TYPE_A || ldns_rr_get_type(r) == LDNS_RR_TYPE_AAAA) { /* possibly glue */ ldns_rr_list_push_rr(addr, r); continue; } if (ldns_rr_get_type(r) == LDNS_RR_TYPE_NS) { /* multiple zones will end up here - * for now; not a problem */ /* don't add NS records for the current zone itself */ if (ldns_rdf_compare(ldns_rr_owner(r), zone_name) != 0) { ldns_rr_list_push_rr(zone_cuts, r); } continue; } } /* will sorting make it quicker ?? */ for(i = 0; i < ldns_rr_list_rr_count(zone_cuts); i++) { ns = ldns_rr_list_rr(zone_cuts, i); ns_owner = ldns_rr_owner(ns); dname_ns = ldns_rr_ns_nsdname(ns); for(j = 0; j < ldns_rr_list_rr_count(addr); j++) { a = ldns_rr_list_rr(addr, j); dname_a = ldns_rr_owner(a); if (ldns_dname_is_subdomain(dname_a, ns_owner) && ldns_rdf_compare(dname_ns, dname_a) == 0) { /* GLUE! */ if (glue_rrs) { ldns_rr_list_push_rr(glue_rrs, a); } break; } else { ldns_rr_list_push_rr(new_list, a); } } } ldns_rr_list_free(addr); ldns_rr_list_free(zone_cuts); return new_list; }
int main (int argc, char *argv[]) { int result; hsm_ctx_t *ctx; hsm_key_t **keys; hsm_key_t *key = NULL; char *id; size_t key_count = 0; size_t i; ldns_rr_list *rrset; ldns_rr *rr, *sig, *dnskey_rr; ldns_status status; hsm_sign_params_t *sign_params; int do_generate = 0; int do_sign = 0; int do_delete = 0; int do_random = 0; int res; uint32_t r32; uint64_t r64; char *config = NULL; const char *repository = "default"; int ch; progname = argv[0]; while ((ch = getopt(argc, argv, "hgsdrc:")) != -1) { switch (ch) { case 'c': config = strdup(optarg); break; case 'g': do_generate = 1; break; case 'h': usage(); exit(0); break; case 's': do_sign = 1; break; case 'd': do_delete = 1; break; case 'r': do_random = 1; break; default: usage(); exit(1); } } if (!config) { usage(); exit(1); } /* * Open HSM library */ fprintf(stdout, "Starting HSM lib test\n"); result = hsm_open(config, hsm_prompt_pin); fprintf(stdout, "hsm_open result: %d\n", result); /* * Create HSM context */ ctx = hsm_create_context(); printf("global: "); hsm_print_ctx(NULL); printf("my: "); hsm_print_ctx(ctx); /* * Generate a new key OR find any key with an ID */ if (do_generate) { key = hsm_generate_rsa_key(ctx, repository, 1024); if (key) { printf("\nCreated key!\n"); hsm_print_key(key); printf("\n"); } else { printf("Error creating key, bad token name?\n"); hsm_print_error(ctx); exit(1); } } else if (do_sign || do_delete) { keys = hsm_list_keys(ctx, &key_count); printf("I have found %u keys\n", (unsigned int) key_count); /* let's just use the very first key we find and throw away the rest */ for (i = 0; i < key_count && !key; i++) { printf("\nFound key!\n"); hsm_print_key(keys[i]); id = hsm_get_key_id(ctx, keys[i]); if (id) { printf("Using key ID: %s\n", id); if (key) hsm_key_free(key); key = hsm_find_key_by_id(ctx, id); printf("ptr: 0x%p\n", (void *) key); free(id); } else { printf("Got no key ID (broken key?), skipped...\n"); } hsm_key_free(keys[i]); } free(keys); if (!key) { printf("Failed to find useful key\n"); exit(1); } } /* * Do some signing */ if (do_sign) { printf("\nSigning with:\n"); hsm_print_key(key); printf("\n"); rrset = ldns_rr_list_new(); status = ldns_rr_new_frm_str(&rr, "regress.opendnssec.se. IN A 123.123.123.123", 0, NULL, NULL); if (status == LDNS_STATUS_OK) ldns_rr_list_push_rr(rrset, rr); status = ldns_rr_new_frm_str(&rr, "regress.opendnssec.se. IN A 124.124.124.124", 0, NULL, NULL); if (status == LDNS_STATUS_OK) ldns_rr_list_push_rr(rrset, rr); sign_params = hsm_sign_params_new(); sign_params->algorithm = LDNS_RSASHA1; sign_params->owner = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_DNAME, "opendnssec.se."); dnskey_rr = hsm_get_dnskey(ctx, key, sign_params); sign_params->keytag = ldns_calc_keytag(dnskey_rr); sig = hsm_sign_rrset(ctx, rrset, key, sign_params); if (sig) { ldns_rr_list_print(stdout, rrset); ldns_rr_print(stdout, sig); ldns_rr_print(stdout, dnskey_rr); ldns_rr_free(sig); } else { hsm_print_error(ctx); exit(-1); } /* cleanup */ ldns_rr_list_deep_free(rrset); hsm_sign_params_free(sign_params); ldns_rr_free(dnskey_rr); } /* * Delete key */ if (do_delete) { printf("\nDelete key:\n"); hsm_print_key(key); /* res = hsm_remove_key(ctx, key); */ res = hsm_remove_key(ctx, key); printf("Deleted key. Result: %d\n", res); printf("\n"); } if (key) hsm_key_free(key); /* * Test random{32,64} functions */ if (do_random) { r32 = hsm_random32(ctx); printf("random 32: %u\n", r32); r64 = hsm_random64(ctx); printf("random 64: %llu\n", (long long unsigned int)r64); } /* * Destroy HSM context */ if (ctx) { hsm_destroy_context(ctx); } /* * Close HSM library */ result = hsm_close(); fprintf(stdout, "all done! hsm_close result: %d\n", result); if (config) free(config); return 0; }
static ldns_rr_list * retrieve_dnskeys(ldns_resolver *local_res, ldns_rdf *name, ldns_rr_type t, ldns_rr_class c, ldns_rr_list *dns_root) { ldns_resolver *res; ldns_pkt *p; ldns_rr_list *new_nss_a; ldns_rr_list *new_nss_aaaa; ldns_rr_list *final_answer; ldns_rr_list *new_nss; ldns_rr_list *ns_addr; ldns_rr_list *ns_addr2; uint16_t loop_count; ldns_rdf *pop; ldns_status status; size_t i; size_t nss_i; ldns_rr_list *answer_list = NULL; ldns_rr_list *authority_list = NULL; size_t last_nameserver_count; ldns_rdf **last_nameservers; loop_count = 0; new_nss_a = NULL; new_nss_aaaa = NULL; new_nss = NULL; ns_addr = NULL; ns_addr2 = NULL; final_answer = NULL; p = ldns_pkt_new(); res = ldns_resolver_new(); if (!p || !res) { fprintf(stderr, "Memory allocation failed"); return NULL; } if (verbosity >= 2) { printf("Finding dnskey data for zone: "); ldns_rdf_print(stdout, name); printf("\n\n"); } /* transfer some properties of local_res to res, * because they were given on the commandline */ ldns_resolver_set_ip6(res, ldns_resolver_ip6(local_res)); ldns_resolver_set_port(res, ldns_resolver_port(local_res)); ldns_resolver_set_debug(res, ldns_resolver_debug(local_res)); ldns_resolver_set_dnssec(res, ldns_resolver_dnssec(local_res)); ldns_resolver_set_fail(res, ldns_resolver_fail(local_res)); ldns_resolver_set_usevc(res, ldns_resolver_usevc(local_res)); ldns_resolver_set_random(res, ldns_resolver_random(local_res)); ldns_resolver_set_recursive(res, false); /* setup the root nameserver in the new resolver */ status = ldns_resolver_push_nameserver_rr_list(res, dns_root); if (status != LDNS_STATUS_OK) { fprintf(stderr, "Error setting root nameservers in resolver: %s\n", ldns_get_errorstr_by_id(status)); return NULL; } ldns_pkt_free(p); status = ldns_resolver_send(&p, res, name, t, c, 0); if (status != LDNS_STATUS_OK) { fprintf(stderr, "Error querying root servers: %s\n", ldns_get_errorstr_by_id(status)); return NULL; } if (ldns_pkt_get_rcode(p) != LDNS_RCODE_NOERROR) { printf("Error in packet:\n"); ldns_pkt_print(stdout, p); return NULL; } if (verbosity >= 4) { ldns_pkt_print(stdout, p); printf("\n\n"); } /* from now on, use TCP */ ldns_resolver_set_usevc(res, true); while(status == LDNS_STATUS_OK && ldns_pkt_reply_type(p) == LDNS_PACKET_REFERRAL) { if (verbosity >= 3) { printf("This is a delegation!\n\n"); } if (address_family == 0 || address_family == 1) { new_nss_a = ldns_pkt_rr_list_by_type(p, LDNS_RR_TYPE_A, LDNS_SECTION_ADDITIONAL); } else { new_nss_a = ldns_rr_list_new(); } if (address_family == 0 || address_family == 2) { new_nss_aaaa = ldns_pkt_rr_list_by_type(p, LDNS_RR_TYPE_AAAA, LDNS_SECTION_ADDITIONAL); } else { new_nss_aaaa = ldns_rr_list_new(); } new_nss = ldns_pkt_rr_list_by_type(p, LDNS_RR_TYPE_NS, LDNS_SECTION_AUTHORITY); /* remove the old nameserver from the resolver */ while((pop = ldns_resolver_pop_nameserver(res))) { ldns_rdf_deep_free(pop); } /* also check for new_nss emptyness */ if (!new_nss_aaaa && !new_nss_a) { /* * no nameserver found!!! * try to resolve the names we do got */ if (verbosity >= 3) { printf("Did not get address record for nameserver, doing seperate query.\n"); } ns_addr = ldns_rr_list_new(); for(i = 0; (size_t) i < ldns_rr_list_rr_count(new_nss); i++) { /* get the name of the nameserver */ pop = ldns_rr_rdf(ldns_rr_list_rr(new_nss, i), 0); if (!pop) { break; } /* retrieve it's addresses */ ns_addr2 = ldns_get_rr_list_addr_by_name(local_res, pop, c, 0); if (!ldns_rr_list_cat(ns_addr, ns_addr2)) { fprintf(stderr, "Internal error adding nameserver address.\n"); exit(EXIT_FAILURE); } ldns_rr_list_free(ns_addr2); } if (ns_addr) { if (ldns_resolver_push_nameserver_rr_list(res, ns_addr) != LDNS_STATUS_OK) { fprintf(stderr, "Error adding new nameservers"); ldns_pkt_free(p); return NULL; } ldns_rr_list_deep_free(ns_addr); } else { ldns_rr_list_print(stdout, ns_addr); fprintf(stderr, "Could not find the nameserver ip addr; abort"); ldns_pkt_free(p); return NULL; } } /* normally, the first working ns is used, but we need all now, so do it one by one * if the answer is null, take it from the next resolver * if the answer is not, compare it to that of the next resolver * error if different, continue if the same * if answer list null and no resolvers left die. */ ldns_rr_list_deep_free(answer_list); ldns_rr_list_deep_free(authority_list); answer_list = NULL; authority_list = NULL; for (nss_i = 0; nss_i < ldns_rr_list_rr_count(new_nss_aaaa); nss_i++) { while((pop = ldns_resolver_pop_nameserver(res))) { ldns_rdf_deep_free(pop); } status = ldns_resolver_push_nameserver(res, ldns_rr_rdf(ldns_rr_list_rr(new_nss_aaaa, nss_i), 0)); if (status != LDNS_STATUS_OK) { fprintf(stderr, "Error adding nameserver to resolver: %s\n", ldns_get_errorstr_by_id(status)); } if (verbosity >= 1) { fprintf(stdout, "Querying nameserver: "); ldns_rdf_print(stdout, ldns_rr_owner(ldns_rr_list_rr(new_nss_aaaa, nss_i))); fprintf(stdout, " ("); ldns_rdf_print(stdout, ldns_rr_rdf(ldns_rr_list_rr(new_nss_aaaa, nss_i), 0)); fprintf(stdout, ")\n"); } status = ldns_resolver_push_nameserver(res, ldns_rr_rdf(ldns_rr_list_rr(new_nss_aaaa, nss_i), 0)); if (status != LDNS_STATUS_OK) { fprintf(stderr, "Error adding nameserver to resolver: %s\n", ldns_get_errorstr_by_id(status)); } ldns_pkt_free(p); status = ldns_resolver_send(&p, res, name, t, c, 0); if (status == LDNS_STATUS_OK && p) { if (ldns_pkt_get_rcode(p) != LDNS_RCODE_NOERROR) { printf("Error in packet:\n"); ldns_pkt_print(stdout, p); return NULL; } if (verbosity >= 4) { ldns_pkt_print(stdout, p); printf("\n\n"); } if (answer_list) { if (verbosity >= 2) { printf("Comparing answer list of answer to previous\n\n"); } ldns_rr_list_sort(ldns_pkt_answer(p)); ldns_rr_list_sort(answer_list); if (ldns_rr_list_compare(answer_list, ldns_pkt_answer(p)) != 0) { fprintf(stderr, "ERROR: different answer answer from nameserver\n"); fprintf(stderr, "\nI had (from previous servers):\n"); ldns_rr_list_print(stderr, answer_list); fprintf(stderr, "\nI received (from nameserver at "); ldns_rdf_print(stderr, ldns_resolver_nameservers(res)[0]); fprintf(stderr, "):\n"); ldns_rr_list_print(stderr, ldns_pkt_answer(p)); exit(EXIT_FAILURE); } } else { answer_list = ldns_rr_list_clone(ldns_pkt_answer(p)); ldns_rr_list_sort(answer_list); if (verbosity >= 2) { printf("First answer list for this set, nothing to compare with\n\n"); } } if (authority_list) { if (verbosity >= 2) { printf("Comparing authority list of answer to previous\n\n"); } ldns_rr_list_sort(ldns_pkt_authority(p)); ldns_rr_list_sort(authority_list); if (ldns_rr_list_compare(authority_list, ldns_pkt_authority(p)) != 0) { fprintf(stderr, "ERROR: different authority answer from nameserver\n"); fprintf(stderr, "\nI had (from previous servers):\n"); ldns_rr_list_print(stderr, authority_list); fprintf(stderr, "\nI received (from nameserver at "); ldns_rdf_print(stderr, ldns_resolver_nameservers(res)[0]); fprintf(stderr, "):\n"); ldns_rr_list_print(stderr, ldns_pkt_authority(p)); exit(EXIT_FAILURE); } } else { authority_list = ldns_rr_list_clone(ldns_pkt_authority(p)); ldns_rr_list_sort(authority_list); if (verbosity >= 2) { printf("First authority list for this set, nothing to compare with\n\n"); } if (verbosity >= 3) { printf("NS RRset:\n"); ldns_rr_list_print(stdout, authority_list); printf("\n"); } } } } ldns_rr_list_deep_free(answer_list); ldns_rr_list_deep_free(authority_list); answer_list = NULL; authority_list = NULL; for (nss_i = 0; nss_i < ldns_rr_list_rr_count(new_nss_a); nss_i++) { while((pop = ldns_resolver_pop_nameserver(res))) {ldns_rdf_deep_free(pop); } if (verbosity >= 1) { fprintf(stdout, "Querying nameserver: "); ldns_rdf_print(stdout, ldns_rr_owner(ldns_rr_list_rr(new_nss_a, nss_i))); fprintf(stdout, " ("); ldns_rdf_print(stdout, ldns_rr_rdf(ldns_rr_list_rr(new_nss_a, nss_i), 0)); fprintf(stdout, ")\n"); } status = ldns_resolver_push_nameserver(res, ldns_rr_rdf(ldns_rr_list_rr(new_nss_a, nss_i), 0)); if (status != LDNS_STATUS_OK) { fprintf(stderr, "Error adding nameserver to resolver: %s\n", ldns_get_errorstr_by_id(status)); } ldns_pkt_free(p); status = ldns_resolver_send(&p, res, name, t, c, 0); if (status == LDNS_STATUS_OK) { if (ldns_pkt_get_rcode(p) != LDNS_RCODE_NOERROR) { printf("Error in packet:\n"); ldns_pkt_print(stdout, p); return NULL; } if (verbosity >= 4) { ldns_pkt_print(stdout, p); printf("\n\n"); } if (answer_list) { if (verbosity >= 2) { printf("Comparing answer list of answer to previous\n\n"); } ldns_rr_list_sort(ldns_pkt_answer(p)); ldns_rr_list_sort(answer_list); if (ldns_rr_list_compare(answer_list, ldns_pkt_answer(p)) != 0) { fprintf(stderr, "ERROR: different answer answer from nameserver\n"); fprintf(stderr, "\nI had (from previous servers):\n"); ldns_rr_list_print(stderr, answer_list); fprintf(stderr, "\nI received (from nameserver at "); ldns_rdf_print(stderr, ldns_resolver_nameservers(res)[0]); fprintf(stderr, "):\n"); ldns_rr_list_print(stderr, ldns_pkt_answer(p)); exit(EXIT_FAILURE); } } else { if (verbosity >= 2) { printf("First answer list for this set, nothing to compare with\n\n"); } answer_list = ldns_rr_list_clone(ldns_pkt_answer(p)); ldns_rr_list_sort(answer_list); } if (authority_list) { if (verbosity >= 2) { printf("Comparing authority list of answer to previous\n\n"); } ldns_rr_list_sort(ldns_pkt_authority(p)); ldns_rr_list_sort(authority_list); if (ldns_rr_list_compare(authority_list, ldns_pkt_authority(p)) != 0) { fprintf(stderr, "ERROR: different authority answer from nameserver\n"); fprintf(stderr, "\nI had (from previous servers):\n"); ldns_rr_list_print(stderr, authority_list); fprintf(stderr, "\nI received (from nameserver at "); ldns_rdf_print(stderr, ldns_resolver_nameservers(res)[0]); fprintf(stderr, "):\n"); ldns_rr_list_print(stderr, ldns_pkt_authority(p)); exit(EXIT_FAILURE); } } else { if (verbosity >= 2) { printf("First authority list for this set, nothing to compare with\n\n"); } authority_list = ldns_rr_list_clone(ldns_pkt_authority(p)); ldns_rr_list_sort(authority_list); if (verbosity >= 3) { printf("NS RRset:\n"); ldns_rr_list_print(stdout, authority_list); printf("\n"); } } } } ldns_rr_list_deep_free(authority_list); authority_list = NULL; if (loop_count++ > 20) { /* unlikely that we are doing something usefull */ fprintf(stderr, "Looks like we are looping"); ldns_pkt_free(p); return NULL; } ldns_pkt_free(p); if (verbosity >= 3) { fprintf(stdout, "This level ok. Continuing to next.\n\n"); } status = ldns_resolver_send(&p, res, name, t, c, 0); if (status != LDNS_STATUS_OK) { fprintf(stderr, "Error querying root servers: %s\n", ldns_get_errorstr_by_id(status)); return NULL; } if (ldns_pkt_get_rcode(p) != LDNS_RCODE_NOERROR) { printf("Error in packet:\n"); ldns_pkt_print(stdout, p); return NULL; } if (verbosity >= 4) { ldns_pkt_print(stdout, p); printf("\n\n"); } ldns_rr_list_deep_free(new_nss_aaaa); ldns_rr_list_deep_free(new_nss_a); ldns_rr_list_deep_free(new_nss); new_nss_aaaa = NULL; new_nss_a = NULL; ns_addr = NULL; } ldns_rr_list_deep_free(answer_list); answer_list = NULL; /* clone the nameserver list, we are going to handle them one by one */ last_nameserver_count = 0; last_nameservers = LDNS_XMALLOC(ldns_rdf *, ldns_resolver_nameserver_count(res)); pop = NULL; while((pop = ldns_resolver_pop_nameserver(res))) { last_nameservers[last_nameserver_count] = pop; last_nameserver_count++; } for (nss_i = 0; nss_i < last_nameserver_count; nss_i++) { /* remove previous nameserver */ while((pop = ldns_resolver_pop_nameserver(res))) { ldns_rdf_deep_free(pop); } if (verbosity >= 1) { printf("Querying nameserver: "); ldns_rdf_print(stdout, last_nameservers[nss_i]); printf("\n"); } status = ldns_resolver_push_nameserver(res, last_nameservers[nss_i]); if (status != LDNS_STATUS_OK) { fprintf(stderr, "Error adding nameserver to resolver: %s\n", ldns_get_errorstr_by_id(status)); } ldns_pkt_free(p); status = ldns_resolver_send(&p, res, name, t, c, 0); if (!p) { fprintf(stderr, "no packet received\n"); return NULL; } if (status == LDNS_STATUS_RES_NO_NS) { fprintf(stderr, "Error: nameserver at "); ldns_rdf_print(stderr, last_nameservers[nss_i]); fprintf(stderr, " not responding. Unable to check RRset here, aborting.\n"); return NULL; } if (ldns_pkt_get_rcode(p) != LDNS_RCODE_NOERROR) { printf("Error in packet:\n"); ldns_pkt_print(stdout, p); return NULL; } if (answer_list) { if (verbosity >= 2) { printf("1Comparing answer rr list of answer to previous\n"); } ldns_rr_list_sort(ldns_pkt_answer(p)); ldns_rr_list_sort(answer_list); if (ldns_rr_list_compare(answer_list, ldns_pkt_answer(p)) != 0) { printf("ERROR: different answer section in response from nameserver\n"); fprintf(stderr, "\nI had:\n"); ldns_rr_list_print(stderr, answer_list); fprintf(stderr, "\nI received (from nameserver at "); ldns_rdf_print(stderr, ldns_resolver_nameservers(res)[0]); fprintf(stderr, "):\n"); ldns_rr_list_print(stderr, ldns_pkt_answer(p)); exit(EXIT_FAILURE); } } else { if (verbosity >= 2) { printf("First answer rr list for this set, nothing to compare with\n"); } answer_list = ldns_rr_list_clone(ldns_pkt_answer(p)); if (verbosity >= 3) { printf("DNSKEY RRset:\n"); ldns_rr_list_print(stdout, answer_list); } } } for (nss_i = 0; nss_i < last_nameserver_count; nss_i++) { ldns_rdf_deep_free(last_nameservers[nss_i]); } LDNS_FREE(last_nameservers); ldns_resolver_deep_free(res); ldns_pkt_free(p); return answer_list; }
/** * Main function of drill * parse the arguments and prepare a query */ int main(int argc, char *argv[]) { ldns_resolver *res = NULL; ldns_resolver *cmdline_res = NULL; /* only used to resolv @name names */ ldns_rr_list *cmdline_rr_list = NULL; ldns_rdf *cmdline_dname = NULL; ldns_rdf *qname, *qname_tmp; ldns_pkt *pkt; ldns_pkt *qpkt; char *serv; const char *name; char *name2; char *progname; char *query_file = NULL; char *answer_file = NULL; ldns_buffer *query_buffer = NULL; ldns_rdf *serv_rdf; ldns_rr_type type; ldns_rr_class clas; #if 0 ldns_pkt_opcode opcode = LDNS_PACKET_QUERY; #endif int i, c; int int_type; int int_clas; int PURPOSE; char *tsig_name = NULL; char *tsig_data = NULL; char *tsig_algorithm = NULL; size_t tsig_separator; size_t tsig_separator2; ldns_rr *axfr_rr; ldns_status status; char *type_str; /* list of keys used in dnssec operations */ ldns_rr_list *key_list = ldns_rr_list_new(); /* what key verify the current answer */ ldns_rr_list *key_verified; /* resolver options */ uint16_t qflags; uint16_t qbuf; uint16_t qport; uint8_t qfamily; bool qdnssec; bool qfallback; bool qds; bool qusevc; bool qrandom; char *resolv_conf_file = NULL; ldns_rdf *trace_start_name = NULL; int result = 0; #ifdef USE_WINSOCK int r; WSADATA wsa_data; #endif int_type = -1; serv = NULL; type = 0; int_clas = -1; name = NULL; clas = 0; qname = NULL; progname = strdup(argv[0]); #ifdef USE_WINSOCK r = WSAStartup(MAKEWORD(2,2), &wsa_data); if(r != 0) { printf("Failed WSAStartup: %d\n", r); result = EXIT_FAILURE; goto exit; } #endif /* USE_WINSOCK */ PURPOSE = DRILL_QUERY; qflags = LDNS_RD; qport = LDNS_PORT; verbosity = 2; qdnssec = false; qfamily = LDNS_RESOLV_INETANY; qfallback = false; qds = false; qbuf = 0; qusevc = false; qrandom = true; key_verified = NULL; ldns_init_random(NULL, 0); if (argc == 0) { usage(stdout, progname); result = EXIT_FAILURE; goto exit; } /* string from orig drill: "i:w:I46Sk:TNp:b:DsvhVcuaq:f:xr" */ /* global first, query opt next, option with parm's last * and sorted */ /* "46DITSVQf:i:w:q:achuvxzy:so:p:b:k:" */ while ((c = getopt(argc, argv, "46ab:c:d:Df:hi:Ik:o:p:q:Qr:sStTuvV:w:xy:z")) != -1) { switch(c) { /* global options */ case '4': qfamily = LDNS_RESOLV_INET; break; case '6': qfamily = LDNS_RESOLV_INET6; break; case 'D': qdnssec = true; break; case 'I': /* reserved for backward compatibility */ break; case 'T': if (PURPOSE == DRILL_CHASE) { fprintf(stderr, "-T and -S cannot be used at the same time.\n"); exit(EXIT_FAILURE); } PURPOSE = DRILL_TRACE; break; #ifdef HAVE_SSL case 'S': if (PURPOSE == DRILL_TRACE) { fprintf(stderr, "-T and -S cannot be used at the same time.\n"); exit(EXIT_FAILURE); } PURPOSE = DRILL_CHASE; break; #endif /* HAVE_SSL */ case 'V': if (strtok(optarg, "0123456789") != NULL) { fprintf(stderr, "-V expects an number as an argument.\n"); exit(EXIT_FAILURE); } verbosity = atoi(optarg); break; case 'Q': verbosity = -1; break; case 'f': query_file = optarg; break; case 'i': answer_file = optarg; PURPOSE = DRILL_AFROMFILE; break; case 'w': answer_file = optarg; break; case 'q': query_file = optarg; PURPOSE = DRILL_QTOFILE; break; case 'r': if (global_dns_root) { fprintf(stderr, "There was already a series of root servers set\n"); exit(EXIT_FAILURE); } global_dns_root = read_root_hints(optarg); if (!global_dns_root) { fprintf(stderr, "Unable to read root hints file %s, aborting\n", optarg); exit(EXIT_FAILURE); } break; /* query options */ case 'a': qfallback = true; break; case 'b': qbuf = (uint16_t)atoi(optarg); if (qbuf == 0) { error("%s", "<bufsize> could not be converted"); } break; case 'c': resolv_conf_file = optarg; break; case 't': qusevc = true; break; case 'k': status = read_key_file(optarg, key_list, false); if (status != LDNS_STATUS_OK) { error("Could not parse the key file %s: %s", optarg, ldns_get_errorstr_by_id(status)); } qdnssec = true; /* enable that too */ break; case 'o': /* only looks at the first hit: capital=ON, lowercase=OFF*/ if (strstr(optarg, "QR")) { DRILL_ON(qflags, LDNS_QR); } if (strstr(optarg, "qr")) { DRILL_OFF(qflags, LDNS_QR); } if (strstr(optarg, "AA")) { DRILL_ON(qflags, LDNS_AA); } if (strstr(optarg, "aa")) { DRILL_OFF(qflags, LDNS_AA); } if (strstr(optarg, "TC")) { DRILL_ON(qflags, LDNS_TC); } if (strstr(optarg, "tc")) { DRILL_OFF(qflags, LDNS_TC); } if (strstr(optarg, "RD")) { DRILL_ON(qflags, LDNS_RD); } if (strstr(optarg, "rd")) { DRILL_OFF(qflags, LDNS_RD); } if (strstr(optarg, "CD")) { DRILL_ON(qflags, LDNS_CD); } if (strstr(optarg, "cd")) { DRILL_OFF(qflags, LDNS_CD); } if (strstr(optarg, "RA")) { DRILL_ON(qflags, LDNS_RA); } if (strstr(optarg, "ra")) { DRILL_OFF(qflags, LDNS_RA); } if (strstr(optarg, "AD")) { DRILL_ON(qflags, LDNS_AD); } if (strstr(optarg, "ad")) { DRILL_OFF(qflags, LDNS_AD); } break; case 'p': qport = (uint16_t)atoi(optarg); if (qport == 0) { error("%s", "<port> could not be converted"); } break; case 's': qds = true; break; case 'u': qusevc = false; break; case 'v': version(stdout, progname); result = EXIT_SUCCESS; goto exit; case 'x': PURPOSE = DRILL_REVERSE; break; case 'y': #ifdef HAVE_SSL if (strchr(optarg, ':')) { tsig_separator = (size_t) (strchr(optarg, ':') - optarg); if (strchr(optarg + tsig_separator + 1, ':')) { tsig_separator2 = (size_t) (strchr(optarg + tsig_separator + 1, ':') - optarg); tsig_algorithm = xmalloc(strlen(optarg) - tsig_separator2); strncpy(tsig_algorithm, optarg + tsig_separator2 + 1, strlen(optarg) - tsig_separator2); tsig_algorithm[strlen(optarg) - tsig_separator2 - 1] = '\0'; } else { tsig_separator2 = strlen(optarg); tsig_algorithm = xmalloc(26); strncpy(tsig_algorithm, "hmac-md5.sig-alg.reg.int.", 25); tsig_algorithm[25] = '\0'; } tsig_name = xmalloc(tsig_separator + 1); tsig_data = xmalloc(tsig_separator2 - tsig_separator); strncpy(tsig_name, optarg, tsig_separator); strncpy(tsig_data, optarg + tsig_separator + 1, tsig_separator2 - tsig_separator - 1); /* strncpy does not append \0 if source is longer than n */ tsig_name[tsig_separator] = '\0'; tsig_data[ tsig_separator2 - tsig_separator - 1] = '\0'; } #else fprintf(stderr, "TSIG requested, but SSL is not supported\n"); result = EXIT_FAILURE; goto exit; #endif /* HAVE_SSL */ break; case 'z': qrandom = false; break; case 'd': trace_start_name = ldns_dname_new_frm_str(optarg); if (!trace_start_name) { fprintf(stderr, "Unable to parse argument for -%c\n", c); result = EXIT_FAILURE; goto exit; } break; case 'h': version(stdout, progname); usage(stdout, progname); result = EXIT_SUCCESS; goto exit; break; default: fprintf(stderr, "Unknown argument: -%c, use -h to see usage\n", c); result = EXIT_FAILURE; goto exit; } } argc -= optind; argv += optind; if ((PURPOSE == DRILL_CHASE || (PURPOSE == DRILL_TRACE && qdnssec)) && ldns_rr_list_rr_count(key_list) == 0) { (void) read_key_file(LDNS_TRUST_ANCHOR_FILE, key_list, true); } if (ldns_rr_list_rr_count(key_list) > 0) { printf(";; Number of trusted keys: %d\n", (int) ldns_rr_list_rr_count(key_list)); } /* do a secure trace when requested */ if (PURPOSE == DRILL_TRACE && qdnssec) { #ifdef HAVE_SSL if (ldns_rr_list_rr_count(key_list) == 0) { warning("%s", "No trusted keys were given. Will not be able to verify authenticity!"); } PURPOSE = DRILL_SECTRACE; #else fprintf(stderr, "ldns has not been compiled with OpenSSL support. Secure trace not available\n"); exit(1); #endif /* HAVE_SSL */ } /* parse the arguments, with multiple arguments, the last argument * found is used */ for(i = 0; i < argc; i++) { /* if ^@ then it's a server */ if (argv[i][0] == '@') { if (strlen(argv[i]) == 1) { warning("%s", "No nameserver given"); exit(EXIT_FAILURE); } serv = argv[i] + 1; continue; } /* if has a dot, it's a name */ if (strchr(argv[i], '.')) { name = argv[i]; continue; } /* if it matches a type, it's a type */ if (int_type == -1) { type = ldns_get_rr_type_by_name(argv[i]); if (type != 0) { int_type = 0; continue; } } /* if it matches a class, it's a class */ if (int_clas == -1) { clas = ldns_get_rr_class_by_name(argv[i]); if (clas != 0) { int_clas = 0; continue; } } /* it all fails assume it's a name */ name = argv[i]; } /* act like dig and use for . NS */ if (!name) { name = "."; int_type = 0; type = LDNS_RR_TYPE_NS; } /* defaults if not given */ if (int_clas == -1) { clas = LDNS_RR_CLASS_IN; } if (int_type == -1) { if (PURPOSE != DRILL_REVERSE) { type = LDNS_RR_TYPE_A; } else { type = LDNS_RR_TYPE_PTR; } } /* set the nameserver to use */ if (!serv) { /* no server given make a resolver from /etc/resolv.conf */ status = ldns_resolver_new_frm_file(&res, resolv_conf_file); if (status != LDNS_STATUS_OK) { warning("Could not create a resolver structure: %s (%s)\n" "Try drill @localhost if you have a resolver running on your machine.", ldns_get_errorstr_by_id(status), resolv_conf_file); result = EXIT_FAILURE; goto exit; } } else { res = ldns_resolver_new(); if (!res || strlen(serv) <= 0) { warning("Could not create a resolver structure"); result = EXIT_FAILURE; goto exit; } /* add the nameserver */ serv_rdf = ldns_rdf_new_addr_frm_str(serv); if (!serv_rdf) { /* try to resolv the name if possible */ status = ldns_resolver_new_frm_file(&cmdline_res, resolv_conf_file); if (status != LDNS_STATUS_OK) { error("%s", "@server ip could not be converted"); } ldns_resolver_set_dnssec(cmdline_res, qdnssec); ldns_resolver_set_ip6(cmdline_res, qfamily); ldns_resolver_set_fallback(cmdline_res, qfallback); ldns_resolver_set_usevc(cmdline_res, qusevc); cmdline_dname = ldns_dname_new_frm_str(serv); cmdline_rr_list = ldns_get_rr_list_addr_by_name( cmdline_res, cmdline_dname, LDNS_RR_CLASS_IN, qflags); ldns_rdf_deep_free(cmdline_dname); if (!cmdline_rr_list) { /* This error msg is not always accurate */ error("%s `%s\'", "could not find any address for the name:", serv); } else { if (ldns_resolver_push_nameserver_rr_list( res, cmdline_rr_list ) != LDNS_STATUS_OK) { error("%s", "pushing nameserver"); } } } else { if (ldns_resolver_push_nameserver(res, serv_rdf) != LDNS_STATUS_OK) { error("%s", "pushing nameserver"); } else { ldns_rdf_deep_free(serv_rdf); } } } /* set the resolver options */ ldns_resolver_set_port(res, qport); if (verbosity >= 5) { ldns_resolver_set_debug(res, true); } else { ldns_resolver_set_debug(res, false); } ldns_resolver_set_dnssec(res, qdnssec); /* ldns_resolver_set_dnssec_cd(res, qdnssec);*/ ldns_resolver_set_ip6(res, qfamily); ldns_resolver_set_fallback(res, qfallback); ldns_resolver_set_usevc(res, qusevc); ldns_resolver_set_random(res, qrandom); if (qbuf != 0) { ldns_resolver_set_edns_udp_size(res, qbuf); } if (!name && PURPOSE != DRILL_AFROMFILE && !query_file ) { usage(stdout, progname); result = EXIT_FAILURE; goto exit; } if (tsig_name && tsig_data) { ldns_resolver_set_tsig_keyname(res, tsig_name); ldns_resolver_set_tsig_keydata(res, tsig_data); ldns_resolver_set_tsig_algorithm(res, tsig_algorithm); } /* main switching part of drill */ switch(PURPOSE) { case DRILL_TRACE: /* do a trace from the root down */ if (!global_dns_root) { init_root(); } qname = ldns_dname_new_frm_str(name); if (!qname) { error("%s", "parsing query name"); } /* don't care about return packet */ (void)do_trace(res, qname, type, clas); clear_root(); break; case DRILL_SECTRACE: /* do a secure trace from the root down */ if (!global_dns_root) { init_root(); } qname = ldns_dname_new_frm_str(name); if (!qname) { error("%s", "making qname"); } /* don't care about return packet */ #ifdef HAVE_SSL result = do_secure_trace(res, qname, type, clas, key_list, trace_start_name); #endif /* HAVE_SSL */ clear_root(); break; case DRILL_CHASE: qname = ldns_dname_new_frm_str(name); if (!qname) { error("%s", "making qname"); } ldns_resolver_set_dnssec(res, true); ldns_resolver_set_dnssec_cd(res, true); /* set dnssec implies udp_size of 4096 */ ldns_resolver_set_edns_udp_size(res, 4096); pkt = ldns_resolver_query(res, qname, type, clas, qflags); if (!pkt) { error("%s", "error pkt sending"); result = EXIT_FAILURE; } else { if (verbosity >= 3) { ldns_pkt_print(stdout, pkt); } if (!ldns_pkt_answer(pkt)) { mesg("No answer in packet"); } else { #ifdef HAVE_SSL ldns_resolver_set_dnssec_anchors(res, ldns_rr_list_clone(key_list)); result = do_chase(res, qname, type, clas, key_list, pkt, qflags, NULL, verbosity); if (result == LDNS_STATUS_OK) { if (verbosity != -1) { mesg("Chase successful"); } result = 0; } else { if (verbosity != -1) { mesg("Chase failed."); } } #endif /* HAVE_SSL */ } ldns_pkt_free(pkt); } break; case DRILL_AFROMFILE: pkt = read_hex_pkt(answer_file); if (pkt) { if (verbosity != -1) { ldns_pkt_print(stdout, pkt); } ldns_pkt_free(pkt); } break; case DRILL_QTOFILE: qname = ldns_dname_new_frm_str(name); if (!qname) { error("%s", "making qname"); } status = ldns_resolver_prepare_query_pkt(&qpkt, res, qname, type, clas, qflags); if(status != LDNS_STATUS_OK) { error("%s", "making query: %s", ldns_get_errorstr_by_id(status)); } dump_hex(qpkt, query_file); ldns_pkt_free(qpkt); break; case DRILL_NSEC: break; case DRILL_REVERSE: /* ipv4 or ipv6 addr? */ if (strchr(name, ':')) { if (strchr(name, '.')) { error("Syntax error: both '.' and ':' seen in address\n"); } name2 = malloc(IP6_ARPA_MAX_LEN + 20); c = 0; for (i=0; i<(int)strlen(name); i++) { if (i >= IP6_ARPA_MAX_LEN) { error("%s", "reverse argument to long"); } if (name[i] == ':') { if (i < (int) strlen(name) && name[i + 1] == ':') { error("%s", ":: not supported (yet)"); } else { if (i + 2 == (int) strlen(name) || name[i + 2] == ':') { name2[c++] = '0'; name2[c++] = '.'; name2[c++] = '0'; name2[c++] = '.'; name2[c++] = '0'; name2[c++] = '.'; } else if (i + 3 == (int) strlen(name) || name[i + 3] == ':') { name2[c++] = '0'; name2[c++] = '.'; name2[c++] = '0'; name2[c++] = '.'; } else if (i + 4 == (int) strlen(name) || name[i + 4] == ':') { name2[c++] = '0'; name2[c++] = '.'; } } } else { name2[c++] = name[i]; name2[c++] = '.'; } } name2[c++] = '\0'; qname = ldns_dname_new_frm_str(name2); qname_tmp = ldns_dname_reverse(qname); ldns_rdf_deep_free(qname); qname = qname_tmp; qname_tmp = ldns_dname_new_frm_str("ip6.arpa."); status = ldns_dname_cat(qname, qname_tmp); if (status != LDNS_STATUS_OK) { error("%s", "could not create reverse address for ip6: %s\n", ldns_get_errorstr_by_id(status)); } ldns_rdf_deep_free(qname_tmp); free(name2); } else { qname = ldns_dname_new_frm_str(name); qname_tmp = ldns_dname_reverse(qname); ldns_rdf_deep_free(qname); qname = qname_tmp; qname_tmp = ldns_dname_new_frm_str("in-addr.arpa."); status = ldns_dname_cat(qname, qname_tmp); if (status != LDNS_STATUS_OK) { error("%s", "could not create reverse address for ip4: %s\n", ldns_get_errorstr_by_id(status)); } ldns_rdf_deep_free(qname_tmp); } if (!qname) { error("%s", "-x implies an ip address"); } /* create a packet and set the RD flag on it */ pkt = ldns_resolver_query(res, qname, type, clas, qflags); if (!pkt) { error("%s", "pkt sending"); result = EXIT_FAILURE; } else { if (verbosity != -1) { ldns_pkt_print(stdout, pkt); } ldns_pkt_free(pkt); } break; case DRILL_QUERY: default: if (query_file) { /* this old way, the query packet needed to be parseable, but we want to be able to send mangled packets, so we need to do it directly */ #if 0 qpkt = read_hex_pkt(query_file); if (qpkt) { status = ldns_resolver_send_pkt(&pkt, res, qpkt); if (status != LDNS_STATUS_OK) { printf("Error: %s\n", ldns_get_errorstr_by_id(status)); exit(1); } } else { /* qpkt was bogus, reset pkt */ pkt = NULL; } #endif query_buffer = read_hex_buffer(query_file); if (query_buffer) { status = ldns_send_buffer(&pkt, res, query_buffer, NULL); ldns_buffer_free(query_buffer); if (status != LDNS_STATUS_OK) { printf("Error: %s\n", ldns_get_errorstr_by_id(status)); exit(1); } } else { printf("NO BUFFER\n"); pkt = NULL; } } else { qname = ldns_dname_new_frm_str(name); if (!qname) { error("%s", "error in making qname"); } if (type == LDNS_RR_TYPE_AXFR) { status = ldns_axfr_start(res, qname, clas); if(status != LDNS_STATUS_OK) { error("Error starting axfr: %s", ldns_get_errorstr_by_id(status)); } axfr_rr = ldns_axfr_next(res); if(!axfr_rr) { fprintf(stderr, "AXFR failed.\n"); ldns_pkt_print(stdout, ldns_axfr_last_pkt(res)); goto exit; } while (axfr_rr) { if (verbosity != -1) { ldns_rr_print(stdout, axfr_rr); } ldns_rr_free(axfr_rr); axfr_rr = ldns_axfr_next(res); } goto exit; } else { /* create a packet and set the RD flag on it */ pkt = ldns_resolver_query(res, qname, type, clas, qflags); } } if (!pkt) { mesg("No packet received"); result = EXIT_FAILURE; } else { if (verbosity != -1) { ldns_pkt_print(stdout, pkt); if (ldns_pkt_tc(pkt)) { fprintf(stdout, "\n;; WARNING: The answer packet was truncated; you might want to\n"); fprintf(stdout, ";; query again with TCP (-t argument), or EDNS0 (-b for buffer size)\n"); } } if (qds) { if (verbosity != -1) { print_ds_of_keys(pkt); printf("\n"); } } if (ldns_rr_list_rr_count(key_list) > 0) { /* -k's were given on the cmd line */ ldns_rr_list *rrset_verified; uint16_t key_count; rrset_verified = ldns_pkt_rr_list_by_name_and_type( pkt, qname, type, LDNS_SECTION_ANY_NOQUESTION); if (type == LDNS_RR_TYPE_ANY) { /* don't verify this */ break; } if (verbosity != -1) { printf("; "); ldns_rr_list_print(stdout, rrset_verified); } /* verify */ #ifdef HAVE_SSL key_verified = ldns_rr_list_new(); result = ldns_pkt_verify(pkt, type, qname, key_list, NULL, key_verified); if (result == LDNS_STATUS_ERR) { /* is the existence denied then? */ result = ldns_verify_denial(pkt, qname, type, NULL, NULL); if (result == LDNS_STATUS_OK) { if (verbosity != -1) { printf("Existence denied for "); ldns_rdf_print(stdout, qname); type_str = ldns_rr_type2str(type); printf("\t%s\n", type_str); LDNS_FREE(type_str); } } else { if (verbosity != -1) { printf("Bad data; RR for name and " "type not found or failed to " "verify, and denial of " "existence failed.\n"); } } } else if (result == LDNS_STATUS_OK) { for(key_count = 0; key_count < ldns_rr_list_rr_count(key_verified); key_count++) { if (verbosity != -1) { printf("; VALIDATED by id = %u, owner = ", (unsigned int)ldns_calc_keytag( ldns_rr_list_rr(key_verified, key_count))); ldns_rdf_print(stdout, ldns_rr_owner( ldns_rr_list_rr(key_list, key_count))); printf("\n"); } } } else { for(key_count = 0; key_count < ldns_rr_list_rr_count(key_list); key_count++) { if (verbosity != -1) { printf("; %s for id = %u, owner = ", ldns_get_errorstr_by_id(result), (unsigned int)ldns_calc_keytag( ldns_rr_list_rr(key_list, key_count))); ldns_rdf_print(stdout, ldns_rr_owner( ldns_rr_list_rr(key_list, key_count))); printf("\n"); } } } ldns_rr_list_free(key_verified); #else (void) key_count; #endif /* HAVE_SSL */ } if (answer_file) { dump_hex(pkt, answer_file); } ldns_pkt_free(pkt); } break; } exit: ldns_rdf_deep_free(qname); ldns_resolver_deep_free(res); ldns_resolver_deep_free(cmdline_res); ldns_rr_list_deep_free(key_list); ldns_rr_list_deep_free(cmdline_rr_list); ldns_rdf_deep_free(trace_start_name); xfree(progname); xfree(tsig_name); xfree(tsig_data); xfree(tsig_algorithm); #ifdef HAVE_SSL ERR_remove_state(0); CRYPTO_cleanup_all_ex_data(); ERR_free_strings(); EVP_cleanup(); #endif #ifdef USE_WINSOCK WSACleanup(); #endif return result; }
ldns_status ldns_dnssec_zone_new_frm_fp_l(ldns_dnssec_zone** z, FILE* fp, ldns_rdf* origin, uint32_t ttl, ldns_rr_class ATTR_UNUSED(c), int* line_nr) { ldns_rr* cur_rr; size_t i; ldns_rdf *my_origin = NULL; ldns_rdf *my_prev = NULL; ldns_dnssec_zone *newzone = ldns_dnssec_zone_new(); /* when reading NSEC3s, there is a chance that we encounter nsecs for empty nonterminals, whose nonterminals we cannot derive yet because the needed information is to be read later. in that case we keep a list of those nsec3's and retry to add them later */ ldns_rr_list* todo_nsec3s = ldns_rr_list_new(); ldns_rr_list* todo_nsec3_rrsigs = ldns_rr_list_new(); ldns_status status = LDNS_STATUS_MEM_ERR; #ifdef FASTER_DNSSEC_ZONE_NEW_FRM_FP ldns_zone* zone = NULL; if (ldns_zone_new_frm_fp_l(&zone, fp, origin,ttl, c, line_nr) != LDNS_STATUS_OK) goto error; #else uint32_t my_ttl = ttl; #endif if (!newzone || !todo_nsec3s || !todo_nsec3_rrsigs ) goto error; if (origin) { if (!(my_origin = ldns_rdf_clone(origin))) goto error; if (!(my_prev = ldns_rdf_clone(origin))) goto error; } #ifdef FASTER_DNSSEC_ZONE_NEW_FRM_FP if (ldns_dnssec_zone_add_rr(newzone, ldns_zone_soa(zone)) != LDNS_STATUS_OK) goto error; for (i = 0; i < ldns_rr_list_rr_count(ldns_zone_rrs(zone)); i++) { cur_rr = ldns_rr_list_rr(ldns_zone_rrs(zone), i); status = LDNS_STATUS_OK; #else while (!feof(fp)) { status = ldns_rr_new_frm_fp_l(&cur_rr, fp, &my_ttl, &my_origin, &my_prev, line_nr); #endif switch (status) { case LDNS_STATUS_OK: status = ldns_dnssec_zone_add_rr(newzone, cur_rr); if (status == LDNS_STATUS_DNSSEC_NSEC3_ORIGINAL_NOT_FOUND) { if (rr_is_rrsig_covering(cur_rr, LDNS_RR_TYPE_NSEC3)){ ldns_rr_list_push_rr(todo_nsec3_rrsigs, cur_rr); } else { ldns_rr_list_push_rr(todo_nsec3s, cur_rr); } status = LDNS_STATUS_OK; } else if (status != LDNS_STATUS_OK) goto error; break; case LDNS_STATUS_SYNTAX_EMPTY: /* empty line was seen */ case LDNS_STATUS_SYNTAX_TTL: /* the ttl was set*/ case LDNS_STATUS_SYNTAX_ORIGIN: /* the origin was set*/ status = LDNS_STATUS_OK; break; case LDNS_STATUS_SYNTAX_INCLUDE:/* $include not implemented */ status = LDNS_STATUS_SYNTAX_INCLUDE_ERR_NOTIMPL; break; default: goto error; } } if (ldns_rr_list_rr_count(todo_nsec3s) > 0) { (void) ldns_dnssec_zone_add_empty_nonterminals(newzone); for (i = 0; status == LDNS_STATUS_OK && i < ldns_rr_list_rr_count(todo_nsec3s); i++) { cur_rr = ldns_rr_list_rr(todo_nsec3s, i); status = ldns_dnssec_zone_add_rr(newzone, cur_rr); } } if (ldns_rr_list_rr_count(todo_nsec3_rrsigs) > 0) { for (i = 0; status == LDNS_STATUS_OK && i < ldns_rr_list_rr_count(todo_nsec3_rrsigs); i++){ cur_rr = ldns_rr_list_rr(todo_nsec3_rrsigs, i); status = ldns_dnssec_zone_add_rr(newzone, cur_rr); } } if (z) { *z = newzone; newzone = NULL; } else { ldns_dnssec_zone_free(newzone); } error: #ifdef FASTER_DNSSEC_ZONE_NEW_FRM_FP if (zone) { ldns_zone_free(zone); } #endif ldns_rr_list_free(todo_nsec3_rrsigs); ldns_rr_list_free(todo_nsec3s); if (my_origin) { ldns_rdf_deep_free(my_origin); } if (my_prev) { ldns_rdf_deep_free(my_prev); } if (newzone) { ldns_dnssec_zone_free(newzone); } return status; } ldns_status ldns_dnssec_zone_new_frm_fp(ldns_dnssec_zone** z, FILE* fp, ldns_rdf* origin, uint32_t ttl, ldns_rr_class ATTR_UNUSED(c)) { return ldns_dnssec_zone_new_frm_fp_l(z, fp, origin, ttl, c, NULL); } static void ldns_dnssec_name_node_free(ldns_rbnode_t *node, void *arg) { (void) arg; ldns_dnssec_name_free((ldns_dnssec_name *)node->data); LDNS_FREE(node); }