void
drill_pkt_print(FILE *fd, ldns_resolver *r, ldns_pkt *p)
{
ldns_rr_list *new_nss;
ldns_rr_list *hostnames;
if (verbosity < 5) {
return;
}
hostnames = ldns_get_rr_list_name_by_addr(r, ldns_pkt_answerfrom(p), 0, 0);
new_nss = ldns_pkt_rr_list_by_type(p,
LDNS_RR_TYPE_NS, LDNS_SECTION_ANSWER);
ldns_rr_list_print(fd, new_nss);
/* new_nss can be empty.... */
fprintf(fd, ";; Received %d bytes from %s#%d(",
(int) ldns_pkt_size(p),
ldns_rdf2str(ldns_pkt_answerfrom(p)),
(int) ldns_resolver_port(r));
/* if we can resolve this print it, other print the ip again */
if (hostnames) {
ldns_rdf_print(fd,
ldns_rr_rdf(ldns_rr_list_rr(hostnames, 0), 0));
ldns_rr_list_deep_free(hostnames);
} else {
fprintf(fd, "%s", ldns_rdf2str(ldns_pkt_answerfrom(p)));
}
fprintf(fd, ") in %u ms\n\n", (unsigned int)ldns_pkt_querytime(p));
}
/** test if type is present in returned packet */
static int
check_type_in_answer(ldns_pkt* p, int t)
{
ldns_rr_list *l = ldns_pkt_rr_list_by_type(p, t, LDNS_SECTION_ANSWER);
if(!l) {
char* s = ldns_rr_type2str(t);
if(verb) printf("no DNSSEC %s\n", s?s:"(out of memory)");
LDNS_FREE(s);
return 0;
}
ldns_rr_list_deep_free(l);
return 1;
}
ldns_rr_list *mrb_getname_rr_list(mrb_state *mrb, ldns_resolver *resolver,char *addr)
{
char *rev = NULL,
*query = NULL;
const char *arpa = "in-addr.arpa";
ldns_rdf *domain = NULL ;
ldns_pkt *pkt = NULL;
ldns_rr_list *records = NULL;
rev = reverse_addr(addr);
if(!rev)
{
return NULL;
}
query = (char *)malloc( strlen(rev) + strlen(arpa) + sizeof(char) * 4);
strcpy(query, rev);
strcat(query,".");
strcat(query,arpa);
domain = ldns_dname_new_frm_str(query);
free(query);
if(!domain)
{
return NULL;
}
pkt = ldns_resolver_query(resolver,
domain,
LDNS_RR_TYPE_PTR,
LDNS_RR_CLASS_IN,
LDNS_RD);
ldns_rdf_deep_free(domain);
if(!pkt)
{
return NULL;
}
records = ldns_pkt_rr_list_by_type(pkt, LDNS_RR_TYPE_PTR, LDNS_RR_CLASS_IN);
ldns_pkt_free(pkt);
if(!records)
{
return NULL;
}
return records;
}
/* get rr_type from a server from a server */
ldns_rr_list *
get_rr(ldns_resolver *res, ldns_rdf *zname, ldns_rr_type t, ldns_rr_class c)
{
/* query, retrieve, extract and return */
ldns_pkt *p;
ldns_rr_list *found;
p = ldns_pkt_new();
found = NULL;
if (ldns_resolver_send(&p, res, zname, t, c, 0) != LDNS_STATUS_OK) {
/* oops */
return NULL;
} else {
found = ldns_pkt_rr_list_by_type(p, t, LDNS_SECTION_ANY_NOQUESTION);
}
return found;
}
switch_status_t ldns_lookup(const char *number, const char *root, char *server_name[ENUM_MAXNAMESERVERS] , enum_record_t **results)
{
ldns_resolver *res = NULL;
ldns_rdf *domain = NULL;
ldns_pkt *p = NULL;
ldns_rr_list *naptr = NULL;
ldns_status s = LDNS_STATUS_ERR;
ldns_rdf *serv_rdf;
switch_status_t status = SWITCH_STATUS_FALSE;
char *name = NULL;
struct timeval to = { 0, 0};
int inameserver = 0;
int added_server = 0;
if (!(name = reverse_number(number, root))) {
switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_DEBUG, "Parse Error!\n");
goto end;
}
if (!(domain = ldns_dname_new_frm_str(name))) {
goto end;
}
if (server_name) {
res = ldns_resolver_new();
switch_assert(res);
for(inameserver=0; inameserver<ENUM_MAXNAMESERVERS; inameserver++) {
if ( server_name[inameserver] != NULL ) {
switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_DEBUG, "Adding Nameserver [%s]\n", server_name[inameserver]);
if ((serv_rdf = ldns_rdf_new_addr_frm_str( server_name[inameserver] ))) {
s = ldns_resolver_push_nameserver(res, serv_rdf);
ldns_rdf_deep_free(serv_rdf);
added_server = 1;
}
}
}
}
if (!added_server) {
switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_DEBUG, "No Nameservers specified, using host default\n");
/* create a new resolver from /etc/resolv.conf */
s = ldns_resolver_new_frm_file(&res, NULL);
}
if (s != LDNS_STATUS_OK) {
goto end;
}
to.tv_sec = globals.timeout / 1000;
to.tv_usec = (globals.timeout % 1000) * 1000;
ldns_resolver_set_timeout(res, to);
ldns_resolver_set_retry(res, (uint8_t)globals.retries);
ldns_resolver_set_random(res, globals.random);
if ((p = ldns_resolver_query(res,
domain,
LDNS_RR_TYPE_NAPTR,
LDNS_RR_CLASS_IN,
LDNS_RD))) {
/* retrieve the NAPTR records from the answer section of that
* packet
*/
if ((naptr = ldns_pkt_rr_list_by_type(p, LDNS_RR_TYPE_NAPTR, LDNS_SECTION_ANSWER))) {
size_t i;
ldns_rr_list_sort(naptr);
for (i = 0; i < ldns_rr_list_rr_count(naptr); i++) {
parse_naptr(ldns_rr_list_rr(naptr, i), number, results);
}
//ldns_rr_list_print(stdout, naptr);
ldns_rr_list_deep_free(naptr);
status = SWITCH_STATUS_SUCCESS;
}
}
end:
switch_safe_free(name);
if (domain) {
ldns_rdf_deep_free(domain);
}
if (p) {
ldns_pkt_free(p);
}
if (res) {
ldns_resolver_deep_free(res);
}
return status;
}
int
main(int argc, char *argv[])
{
ldns_resolver *res;
ldns_rdf *name;
ldns_rdf *version, *id;
ldns_pkt *p;
ldns_rr_list *addr;
ldns_rr_list *info;
ldns_status s;
ldns_rdf *pop;
size_t i;
if (argc != 2) {
usage(stdout, argv[0]);
exit(EXIT_FAILURE);
} else {
/* create a rdf from the command line arg */
name = ldns_dname_new_frm_str(argv[1]);
if (!name) {
usage(stdout, argv[0]);
exit(EXIT_FAILURE);
}
}
/* create rdf for what we are going to ask */
version = ldns_dname_new_frm_str("version.bind");
id = ldns_dname_new_frm_str("hostname.bind");
/* create a new resolver from /etc/resolv.conf */
s = ldns_resolver_new_frm_file(&res, NULL);
if (s != LDNS_STATUS_OK) {
ldns_rdf_deep_free(name);
exit(EXIT_FAILURE);
}
ldns_resolver_set_retry(res, 1); /* don't want to wait too long */
/* use the resolver to send it a query for the a/aaaa of name */
addr = ldns_get_rr_list_addr_by_name(res, name, LDNS_RR_CLASS_IN, LDNS_RD);
if (!addr) {
fprintf(stderr, " *** could not get an address for %s\n", argv[1]);
ldns_rdf_deep_free(name);
ldns_resolver_deep_free(res);
exit(EXIT_FAILURE);
}
/* remove current list of nameservers from resolver */
while((pop = ldns_resolver_pop_nameserver(res))) { ldns_rdf_deep_free(pop); }
/* can be multihomed */
for(i = 0; i < ldns_rr_list_rr_count(addr); i++) {
if (i > 0) {
fprintf(stdout, "\n");
}
if (ldns_resolver_push_nameserver_rr(res,
ldns_rr_list_rr(addr, i)) != LDNS_STATUS_OK) {
printf("Error adding nameserver to resolver\n");
}
ldns_rr_print(stdout, ldns_rr_list_rr(addr, i));
fprintf(stdout, "\n");
p = ldns_resolver_query(res, version, LDNS_RR_TYPE_TXT,
LDNS_RR_CLASS_CH, LDNS_RD);
if (p) {
ldns_pkt_print(stdout, p);
info = ldns_pkt_rr_list_by_type(p,
LDNS_RR_TYPE_TXT, LDNS_SECTION_ANSWER);
if (info) {
ldns_rr_list_print(stdout, info);
ldns_rr_list_deep_free(info);
} else {
printf(" *** version retrieval failed\n");
}
ldns_pkt_free(p);
} else {
printf(" *** query failed\n");
}
p = ldns_resolver_query(res, id, LDNS_RR_TYPE_TXT,
LDNS_RR_CLASS_CH, LDNS_RD);
if (p) {
info = ldns_pkt_rr_list_by_type(p,
LDNS_RR_TYPE_TXT, LDNS_SECTION_ANSWER);
if (info) {
ldns_rr_list_print(stdout, info);
ldns_rr_list_deep_free(info);
} else {
printf(" *** id retrieval failed\n");
}
ldns_pkt_free(p);
} else {
printf(" *** query failed for\n");
}
ldns_rdf_deep_free(ldns_resolver_pop_nameserver(res));
}
ldns_rdf_deep_free(name);
ldns_resolver_deep_free(res);
exit(EXIT_SUCCESS);
}
/*
Simple interface to provide DNS MX record resolution.
@param Pointer to the c string hostname you would like resolved to an MX record.
@param Pointer to the struct you would like the results written out to.
@return Return is of type int and is just the mx family type in the variable ohana. Ohana is hawaiian for family.
*/
int resolve_server(char * hostname, struct sockaddr_storage * result)
{
pthread_mutex_lock(&dns_lock);
res_init();
int error = 0;
int ohana = 0;
ns_msg msg;
ns_rr rr;
struct addrinfo * addr_res;
int res_length = 0;
unsigned char dns_answer[4096] = {0};
char display_buffer[4096] = {0};
//ldns variables
ldns_resolver *ldns_resolv;
ldns_rdf *ldns_domain;
ldns_pkt *ldns_packet;
ldns_rr_list *ldns_mx_records;
ldns_status s;
//Setup ldns to query for the mx record
s = ldns_resolver_new_frm_file(&ldns_resolv, NULL);
ldns_domain = ldns_dname_new_frm_str(hostname);
//Use ldns to query
ldns_packet = ldns_resolver_query(ldns_resolv, ldns_domain, LDNS_RR_TYPE_MX, LDNS_RR_CLASS_IN, LDNS_RD);
//parse ldns query results
ldns_mx_records = ldns_pkt_rr_list_by_type(ldns_packet, LDNS_RR_TYPE_MX, LDNS_SECTION_ANSWER);
//Sort and print mx records
ldns_rr_list_sort(ldns_mx_records);
ldns_rr_list_print(stdout, ldns_mx_records);
for (int i = 0; i < ldns_mx_records->_rr_count; i++)
{
printf("^_^ i= %d\n", i);
printf(">_> %s",ldns_rr2str(ldns_rr_list_rr(ldns_mx_records, i)));
printf(">.> %s\n", last_str_split(ldns_rr2str(ldns_rr_list_rr(ldns_mx_records, i)), " "));
}
/////////////////Old code below/////////////////////
res_length = res_query(hostname, C_IN, T_MX, dns_answer, sizeof(dns_answer));
if (ns_initparse(dns_answer, res_length, &msg)<0)
{
printf("hostname = %s\n", hostname);
printf("res_length = %d\n", res_length);
perror("DNS has gone wrong!");
print_to_log("DNS resource query has failed", LOG_ERR);
}
else
{
res_length = ns_msg_count(msg, ns_s_an);
for (int i = 0; i < res_length; i++)
{
//printf("DNS loop level = %d\n", i);
ns_parserr(&msg, ns_s_an, i, &rr);
ns_sprintrr(&msg, &rr, NULL, NULL, display_buffer, sizeof(display_buffer));
if (ns_rr_type(rr) == ns_t_mx)
{
//String parsing solution for rr. Requires creation of display_buffer above
error = getaddrinfo(last_str_split(display_buffer, " "), NULL, NULL, &addr_res);
if (error != 0)
{
printf("error = %d\n", error);
printf("display_buffer = %s\n", display_buffer);
printf("last_str_split = %s\n", last_str_split(display_buffer, " "));
perror("getaddrinfo");
}
if (addr_res->ai_family==AF_INET)
{
//printf("IPv4 mode is go\n");
struct sockaddr_in* temp_addr = (struct sockaddr_in*)addr_res->ai_addr;
memcpy(result, temp_addr, sizeof(*temp_addr));
//printf("ai_addr hostname -> %s\n", inet_ntoa(temp_addr->sin_addr));
ohana = addr_res->ai_family;
}
else if (addr_res->ai_family==AF_INET6)
{
//printf("v6 mode engaged\n");
struct sockaddr_in6 * temp_addr = (struct sockaddr_in6 *) addr_res->ai_addr;
memcpy(result, temp_addr, sizeof(*temp_addr));
ohana = addr_res->ai_family;
}
}
freeaddrinfo(addr_res);
}
}
pthread_mutex_unlock(&dns_lock);
return ohana;
}
int
main(int argc, char *argv[])
{
ldns_resolver *res;
ldns_rdf *ns;
ldns_rdf *domain;
ldns_rr_list *l = NULL;
ldns_rr_list *dns_root = NULL;
const char *root_file = "/etc/named.root";
ldns_status status;
int i;
char *domain_str;
char *outputfile_str;
ldns_buffer *outputfile_buffer;
FILE *outputfile;
ldns_rr *k;
bool insecure = false;
ldns_pkt *pkt;
domain = NULL;
res = NULL;
if (argc < 2) {
usage(stdout, argv[0]);
exit(EXIT_FAILURE);
} else {
for (i = 1; i < argc; i++) {
if (strncmp("-4", argv[i], 3) == 0) {
if (address_family != 0) {
fprintf(stderr, "Options -4 and -6 cannot be specified at the same time\n");
exit(EXIT_FAILURE);
}
address_family = 1;
} else if (strncmp("-6", argv[i], 3) == 0) {
if (address_family != 0) {
fprintf(stderr, "Options -4 and -6 cannot be specified at the same time\n");
exit(EXIT_FAILURE);
}
address_family = 2;
} else if (strncmp("-h", argv[i], 3) == 0) {
usage(stdout, argv[0]);
exit(EXIT_SUCCESS);
} else if (strncmp("-i", argv[i], 2) == 0) {
insecure = true;
} else if (strncmp("-r", argv[i], 2) == 0) {
if (strlen(argv[i]) > 2) {
root_file = argv[i]+2;
} else if (i+1 >= argc) {
usage(stdout, argv[0]);
exit(EXIT_FAILURE);
} else {
root_file = argv[i+1];
i++;
}
} else if (strncmp("-s", argv[i], 3) == 0) {
store_in_file = true;
} else if (strncmp("-v", argv[i], 2) == 0) {
if (strlen(argv[i]) > 2) {
verbosity = atoi(argv[i]+2);
} else if (i+1 > argc) {
usage(stdout, argv[0]);
exit(EXIT_FAILURE);
} else {
verbosity = atoi(argv[i+1]);
i++;
}
} else {
/* create a rdf from the command line arg */
if (domain) {
fprintf(stdout, "You can only specify one domain at a time\n");
exit(EXIT_FAILURE);
}
domain = ldns_dname_new_frm_str(argv[i]);
}
}
if (!domain) {
usage(stdout, argv[0]);
exit(EXIT_FAILURE);
}
}
dns_root = read_root_hints(root_file);
if (!dns_root) {
fprintf(stderr, "cannot read the root hints file\n");
exit(EXIT_FAILURE);
}
/* create a new resolver from /etc/resolv.conf */
status = ldns_resolver_new_frm_file(&res, NULL);
if (status != LDNS_STATUS_OK) {
fprintf(stderr, "Warning: Unable to create stub resolver from /etc/resolv.conf:\n");
fprintf(stderr, "%s\n", ldns_get_errorstr_by_id(status));
fprintf(stderr, "defaulting to nameserver at 127.0.0.1 for separate nameserver name lookups\n");
res = ldns_resolver_new();
ns = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_A, "127.0.0.1");
status = ldns_resolver_push_nameserver(res, ns);
if (status != LDNS_STATUS_OK) {
fprintf(stderr, "Unable to create stub resolver: %s\n", ldns_get_errorstr_by_id(status));
exit(EXIT_FAILURE);
}
ldns_rdf_deep_free(ns);
}
ldns_resolver_set_ip6(res, address_family);
if (insecure) {
pkt = ldns_resolver_query(res, domain, LDNS_RR_TYPE_DNSKEY, LDNS_RR_CLASS_IN, LDNS_RD);
if (pkt) {
l = ldns_pkt_rr_list_by_type(pkt, LDNS_RR_TYPE_DNSKEY, LDNS_SECTION_ANY_NOQUESTION);
}
} else {
l = retrieve_dnskeys(res, domain, LDNS_RR_TYPE_DNSKEY, LDNS_RR_CLASS_IN, dns_root);
}
/* separator for result data and verbosity data */
if (verbosity > 0) {
fprintf(stdout, "; ---------------------------\n");
fprintf(stdout, "; Got the following keys:\n");
}
if (l) {
if (store_in_file) {
/* create filename:
* K<domain>.+<alg>.+<id>.key
*/
for (i = 0; (size_t) i < ldns_rr_list_rr_count(l); i++) {
k = ldns_rr_list_rr(l, (size_t) i);
outputfile_buffer = ldns_buffer_new(300);
domain_str = ldns_rdf2str(ldns_rr_owner(k));
ldns_buffer_printf(outputfile_buffer, "K%s+%03u+%05u.key", domain_str, ldns_rdf2native_int8(ldns_rr_rdf(k, 2)),
(unsigned int) ldns_calc_keytag(k));
outputfile_str = ldns_buffer_export(outputfile_buffer);
if (verbosity >= 1) {
fprintf(stdout, "Writing key to file %s\n", outputfile_str);
}
outputfile = fopen(outputfile_str, "w");
if (!outputfile) {
fprintf(stderr, "Error writing key to file %s: %s\n", outputfile_str, strerror(errno));
} else {
ldns_rr_print(outputfile, k);
fclose(outputfile);
}
LDNS_FREE(domain_str);
LDNS_FREE(outputfile_str);
LDNS_FREE(outputfile_buffer);
}
} else {
ldns_rr_list_print(stdout, l);
}
} else {
fprintf(stderr, "no answer packet received, stub resolver config:\n");
ldns_resolver_print(stderr, res);
}
printf("\n");
ldns_rdf_deep_free(domain);
ldns_resolver_deep_free(res);
ldns_rr_list_deep_free(l);
ldns_rr_list_deep_free(dns_root);
return EXIT_SUCCESS;
}
static ldns_rr_list *
retrieve_dnskeys(ldns_resolver *local_res, ldns_rdf *name, ldns_rr_type t,
ldns_rr_class c, ldns_rr_list *dns_root)
{
ldns_resolver *res;
ldns_pkt *p;
ldns_rr_list *new_nss_a;
ldns_rr_list *new_nss_aaaa;
ldns_rr_list *final_answer;
ldns_rr_list *new_nss;
ldns_rr_list *ns_addr;
ldns_rr_list *ns_addr2;
uint16_t loop_count;
ldns_rdf *pop;
ldns_status status;
size_t i;
size_t nss_i;
ldns_rr_list *answer_list = NULL;
ldns_rr_list *authority_list = NULL;
size_t last_nameserver_count;
ldns_rdf **last_nameservers;
loop_count = 0;
new_nss_a = NULL;
new_nss_aaaa = NULL;
new_nss = NULL;
ns_addr = NULL;
ns_addr2 = NULL;
final_answer = NULL;
p = ldns_pkt_new();
res = ldns_resolver_new();
if (!p || !res) {
fprintf(stderr, "Memory allocation failed");
return NULL;
}
if (verbosity >= 2) {
printf("Finding dnskey data for zone: ");
ldns_rdf_print(stdout, name);
printf("\n\n");
}
/* transfer some properties of local_res to res,
* because they were given on the commandline */
ldns_resolver_set_ip6(res,
ldns_resolver_ip6(local_res));
ldns_resolver_set_port(res,
ldns_resolver_port(local_res));
ldns_resolver_set_debug(res,
ldns_resolver_debug(local_res));
ldns_resolver_set_dnssec(res,
ldns_resolver_dnssec(local_res));
ldns_resolver_set_fail(res,
ldns_resolver_fail(local_res));
ldns_resolver_set_usevc(res,
ldns_resolver_usevc(local_res));
ldns_resolver_set_random(res,
ldns_resolver_random(local_res));
ldns_resolver_set_recursive(res, false);
/* setup the root nameserver in the new resolver */
status = ldns_resolver_push_nameserver_rr_list(res, dns_root);
if (status != LDNS_STATUS_OK) {
fprintf(stderr, "Error setting root nameservers in resolver: %s\n", ldns_get_errorstr_by_id(status));
return NULL;
}
ldns_pkt_free(p);
status = ldns_resolver_send(&p, res, name, t, c, 0);
if (status != LDNS_STATUS_OK) {
fprintf(stderr, "Error querying root servers: %s\n", ldns_get_errorstr_by_id(status));
return NULL;
}
if (ldns_pkt_get_rcode(p) != LDNS_RCODE_NOERROR) {
printf("Error in packet:\n");
ldns_pkt_print(stdout, p);
return NULL;
}
if (verbosity >= 4) {
ldns_pkt_print(stdout, p);
printf("\n\n");
}
/* from now on, use TCP */
ldns_resolver_set_usevc(res, true);
while(status == LDNS_STATUS_OK &&
ldns_pkt_reply_type(p) == LDNS_PACKET_REFERRAL) {
if (verbosity >= 3) {
printf("This is a delegation!\n\n");
}
if (address_family == 0 || address_family == 1) {
new_nss_a = ldns_pkt_rr_list_by_type(p,
LDNS_RR_TYPE_A, LDNS_SECTION_ADDITIONAL);
} else {
new_nss_a = ldns_rr_list_new();
}
if (address_family == 0 || address_family == 2) {
new_nss_aaaa = ldns_pkt_rr_list_by_type(p,
LDNS_RR_TYPE_AAAA, LDNS_SECTION_ADDITIONAL);
} else {
new_nss_aaaa = ldns_rr_list_new();
}
new_nss = ldns_pkt_rr_list_by_type(p,
LDNS_RR_TYPE_NS, LDNS_SECTION_AUTHORITY);
/* remove the old nameserver from the resolver */
while((pop = ldns_resolver_pop_nameserver(res))) { ldns_rdf_deep_free(pop); }
/* also check for new_nss emptyness */
if (!new_nss_aaaa && !new_nss_a) {
/*
* no nameserver found!!!
* try to resolve the names we do got
*/
if (verbosity >= 3) {
printf("Did not get address record for nameserver, doing seperate query.\n");
}
ns_addr = ldns_rr_list_new();
for(i = 0; (size_t) i < ldns_rr_list_rr_count(new_nss); i++) {
/* get the name of the nameserver */
pop = ldns_rr_rdf(ldns_rr_list_rr(new_nss, i), 0);
if (!pop) {
break;
}
/* retrieve it's addresses */
ns_addr2 = ldns_get_rr_list_addr_by_name(local_res, pop, c, 0);
if (!ldns_rr_list_cat(ns_addr, ns_addr2)) {
fprintf(stderr, "Internal error adding nameserver address.\n");
exit(EXIT_FAILURE);
}
ldns_rr_list_free(ns_addr2);
}
if (ns_addr) {
if (ldns_resolver_push_nameserver_rr_list(res, ns_addr) !=
LDNS_STATUS_OK) {
fprintf(stderr, "Error adding new nameservers");
ldns_pkt_free(p);
return NULL;
}
ldns_rr_list_deep_free(ns_addr);
} else {
ldns_rr_list_print(stdout, ns_addr);
fprintf(stderr, "Could not find the nameserver ip addr; abort");
ldns_pkt_free(p);
return NULL;
}
}
/* normally, the first working ns is used, but we need all now, so do it one by one
* if the answer is null, take it from the next resolver
* if the answer is not, compare it to that of the next resolver
* error if different, continue if the same
* if answer list null and no resolvers left die.
*/
ldns_rr_list_deep_free(answer_list);
ldns_rr_list_deep_free(authority_list);
answer_list = NULL;
authority_list = NULL;
for (nss_i = 0; nss_i < ldns_rr_list_rr_count(new_nss_aaaa); nss_i++) {
while((pop = ldns_resolver_pop_nameserver(res))) { ldns_rdf_deep_free(pop); }
status = ldns_resolver_push_nameserver(res, ldns_rr_rdf(ldns_rr_list_rr(new_nss_aaaa, nss_i), 0));
if (status != LDNS_STATUS_OK) {
fprintf(stderr, "Error adding nameserver to resolver: %s\n", ldns_get_errorstr_by_id(status));
}
if (verbosity >= 1) {
fprintf(stdout, "Querying nameserver: ");
ldns_rdf_print(stdout, ldns_rr_owner(ldns_rr_list_rr(new_nss_aaaa, nss_i)));
fprintf(stdout, " (");
ldns_rdf_print(stdout, ldns_rr_rdf(ldns_rr_list_rr(new_nss_aaaa, nss_i), 0));
fprintf(stdout, ")\n");
}
status = ldns_resolver_push_nameserver(res, ldns_rr_rdf(ldns_rr_list_rr(new_nss_aaaa, nss_i), 0));
if (status != LDNS_STATUS_OK) {
fprintf(stderr, "Error adding nameserver to resolver: %s\n", ldns_get_errorstr_by_id(status));
}
ldns_pkt_free(p);
status = ldns_resolver_send(&p, res, name, t, c, 0);
if (status == LDNS_STATUS_OK && p) {
if (ldns_pkt_get_rcode(p) != LDNS_RCODE_NOERROR) {
printf("Error in packet:\n");
ldns_pkt_print(stdout, p);
return NULL;
}
if (verbosity >= 4) {
ldns_pkt_print(stdout, p);
printf("\n\n");
}
if (answer_list) {
if (verbosity >= 2) {
printf("Comparing answer list of answer to previous\n\n");
}
ldns_rr_list_sort(ldns_pkt_answer(p));
ldns_rr_list_sort(answer_list);
if (ldns_rr_list_compare(answer_list, ldns_pkt_answer(p)) != 0) {
fprintf(stderr, "ERROR: different answer answer from nameserver\n");
fprintf(stderr, "\nI had (from previous servers):\n");
ldns_rr_list_print(stderr, answer_list);
fprintf(stderr, "\nI received (from nameserver at ");
ldns_rdf_print(stderr, ldns_resolver_nameservers(res)[0]);
fprintf(stderr, "):\n");
ldns_rr_list_print(stderr, ldns_pkt_answer(p));
exit(EXIT_FAILURE);
}
} else {
answer_list = ldns_rr_list_clone(ldns_pkt_answer(p));
ldns_rr_list_sort(answer_list);
if (verbosity >= 2) {
printf("First answer list for this set, nothing to compare with\n\n");
}
}
if (authority_list) {
if (verbosity >= 2) {
printf("Comparing authority list of answer to previous\n\n");
}
ldns_rr_list_sort(ldns_pkt_authority(p));
ldns_rr_list_sort(authority_list);
if (ldns_rr_list_compare(authority_list, ldns_pkt_authority(p)) != 0) {
fprintf(stderr, "ERROR: different authority answer from nameserver\n");
fprintf(stderr, "\nI had (from previous servers):\n");
ldns_rr_list_print(stderr, authority_list);
fprintf(stderr, "\nI received (from nameserver at ");
ldns_rdf_print(stderr, ldns_resolver_nameservers(res)[0]);
fprintf(stderr, "):\n");
ldns_rr_list_print(stderr, ldns_pkt_authority(p));
exit(EXIT_FAILURE);
}
} else {
authority_list = ldns_rr_list_clone(ldns_pkt_authority(p));
ldns_rr_list_sort(authority_list);
if (verbosity >= 2) {
printf("First authority list for this set, nothing to compare with\n\n");
}
if (verbosity >= 3) {
printf("NS RRset:\n");
ldns_rr_list_print(stdout, authority_list);
printf("\n");
}
}
}
}
ldns_rr_list_deep_free(answer_list);
ldns_rr_list_deep_free(authority_list);
answer_list = NULL;
authority_list = NULL;
for (nss_i = 0; nss_i < ldns_rr_list_rr_count(new_nss_a); nss_i++) {
while((pop = ldns_resolver_pop_nameserver(res))) {ldns_rdf_deep_free(pop); }
if (verbosity >= 1) {
fprintf(stdout, "Querying nameserver: ");
ldns_rdf_print(stdout, ldns_rr_owner(ldns_rr_list_rr(new_nss_a, nss_i)));
fprintf(stdout, " (");
ldns_rdf_print(stdout, ldns_rr_rdf(ldns_rr_list_rr(new_nss_a, nss_i), 0));
fprintf(stdout, ")\n");
}
status = ldns_resolver_push_nameserver(res, ldns_rr_rdf(ldns_rr_list_rr(new_nss_a, nss_i), 0));
if (status != LDNS_STATUS_OK) {
fprintf(stderr, "Error adding nameserver to resolver: %s\n", ldns_get_errorstr_by_id(status));
}
ldns_pkt_free(p);
status = ldns_resolver_send(&p, res, name, t, c, 0);
if (status == LDNS_STATUS_OK) {
if (ldns_pkt_get_rcode(p) != LDNS_RCODE_NOERROR) {
printf("Error in packet:\n");
ldns_pkt_print(stdout, p);
return NULL;
}
if (verbosity >= 4) {
ldns_pkt_print(stdout, p);
printf("\n\n");
}
if (answer_list) {
if (verbosity >= 2) {
printf("Comparing answer list of answer to previous\n\n");
}
ldns_rr_list_sort(ldns_pkt_answer(p));
ldns_rr_list_sort(answer_list);
if (ldns_rr_list_compare(answer_list, ldns_pkt_answer(p)) != 0) {
fprintf(stderr, "ERROR: different answer answer from nameserver\n");
fprintf(stderr, "\nI had (from previous servers):\n");
ldns_rr_list_print(stderr, answer_list);
fprintf(stderr, "\nI received (from nameserver at ");
ldns_rdf_print(stderr, ldns_resolver_nameservers(res)[0]);
fprintf(stderr, "):\n");
ldns_rr_list_print(stderr, ldns_pkt_answer(p));
exit(EXIT_FAILURE);
}
} else {
if (verbosity >= 2) {
printf("First answer list for this set, nothing to compare with\n\n");
}
answer_list = ldns_rr_list_clone(ldns_pkt_answer(p));
ldns_rr_list_sort(answer_list);
}
if (authority_list) {
if (verbosity >= 2) {
printf("Comparing authority list of answer to previous\n\n");
}
ldns_rr_list_sort(ldns_pkt_authority(p));
ldns_rr_list_sort(authority_list);
if (ldns_rr_list_compare(authority_list, ldns_pkt_authority(p)) != 0) {
fprintf(stderr, "ERROR: different authority answer from nameserver\n");
fprintf(stderr, "\nI had (from previous servers):\n");
ldns_rr_list_print(stderr, authority_list);
fprintf(stderr, "\nI received (from nameserver at ");
ldns_rdf_print(stderr, ldns_resolver_nameservers(res)[0]);
fprintf(stderr, "):\n");
ldns_rr_list_print(stderr, ldns_pkt_authority(p));
exit(EXIT_FAILURE);
}
} else {
if (verbosity >= 2) {
printf("First authority list for this set, nothing to compare with\n\n");
}
authority_list = ldns_rr_list_clone(ldns_pkt_authority(p));
ldns_rr_list_sort(authority_list);
if (verbosity >= 3) {
printf("NS RRset:\n");
ldns_rr_list_print(stdout, authority_list);
printf("\n");
}
}
}
}
ldns_rr_list_deep_free(authority_list);
authority_list = NULL;
if (loop_count++ > 20) {
/* unlikely that we are doing something usefull */
fprintf(stderr, "Looks like we are looping");
ldns_pkt_free(p);
return NULL;
}
ldns_pkt_free(p);
if (verbosity >= 3) {
fprintf(stdout, "This level ok. Continuing to next.\n\n");
}
status = ldns_resolver_send(&p, res, name, t, c, 0);
if (status != LDNS_STATUS_OK) {
fprintf(stderr, "Error querying root servers: %s\n", ldns_get_errorstr_by_id(status));
return NULL;
}
if (ldns_pkt_get_rcode(p) != LDNS_RCODE_NOERROR) {
printf("Error in packet:\n");
ldns_pkt_print(stdout, p);
return NULL;
}
if (verbosity >= 4) {
ldns_pkt_print(stdout, p);
printf("\n\n");
}
ldns_rr_list_deep_free(new_nss_aaaa);
ldns_rr_list_deep_free(new_nss_a);
ldns_rr_list_deep_free(new_nss);
new_nss_aaaa = NULL;
new_nss_a = NULL;
ns_addr = NULL;
}
ldns_rr_list_deep_free(answer_list);
answer_list = NULL;
/* clone the nameserver list, we are going to handle them one by one */
last_nameserver_count = 0;
last_nameservers = LDNS_XMALLOC(ldns_rdf *, ldns_resolver_nameserver_count(res));
pop = NULL;
while((pop = ldns_resolver_pop_nameserver(res))) {
last_nameservers[last_nameserver_count] = pop;
last_nameserver_count++;
}
for (nss_i = 0; nss_i < last_nameserver_count; nss_i++) {
/* remove previous nameserver */
while((pop = ldns_resolver_pop_nameserver(res))) { ldns_rdf_deep_free(pop); }
if (verbosity >= 1) {
printf("Querying nameserver: ");
ldns_rdf_print(stdout, last_nameservers[nss_i]);
printf("\n");
}
status = ldns_resolver_push_nameserver(res, last_nameservers[nss_i]);
if (status != LDNS_STATUS_OK) {
fprintf(stderr, "Error adding nameserver to resolver: %s\n", ldns_get_errorstr_by_id(status));
}
ldns_pkt_free(p);
status = ldns_resolver_send(&p, res, name, t, c, 0);
if (!p) {
fprintf(stderr, "no packet received\n");
return NULL;
}
if (status == LDNS_STATUS_RES_NO_NS) {
fprintf(stderr, "Error: nameserver at ");
ldns_rdf_print(stderr, last_nameservers[nss_i]);
fprintf(stderr, " not responding. Unable to check RRset here, aborting.\n");
return NULL;
}
if (ldns_pkt_get_rcode(p) != LDNS_RCODE_NOERROR) {
printf("Error in packet:\n");
ldns_pkt_print(stdout, p);
return NULL;
}
if (answer_list) {
if (verbosity >= 2) {
printf("1Comparing answer rr list of answer to previous\n");
}
ldns_rr_list_sort(ldns_pkt_answer(p));
ldns_rr_list_sort(answer_list);
if (ldns_rr_list_compare(answer_list, ldns_pkt_answer(p)) != 0) {
printf("ERROR: different answer section in response from nameserver\n");
fprintf(stderr, "\nI had:\n");
ldns_rr_list_print(stderr, answer_list);
fprintf(stderr, "\nI received (from nameserver at ");
ldns_rdf_print(stderr, ldns_resolver_nameservers(res)[0]);
fprintf(stderr, "):\n");
ldns_rr_list_print(stderr, ldns_pkt_answer(p));
exit(EXIT_FAILURE);
}
} else {
if (verbosity >= 2) {
printf("First answer rr list for this set, nothing to compare with\n");
}
answer_list = ldns_rr_list_clone(ldns_pkt_answer(p));
if (verbosity >= 3) {
printf("DNSKEY RRset:\n");
ldns_rr_list_print(stdout, answer_list);
}
}
}
for (nss_i = 0; nss_i < last_nameserver_count; nss_i++) {
ldns_rdf_deep_free(last_nameservers[nss_i]);
}
LDNS_FREE(last_nameservers);
ldns_resolver_deep_free(res);
ldns_pkt_free(p);
return answer_list;
}
int
getrrsetbyname(const char *hostname, unsigned int rdclass,
unsigned int rdtype, unsigned int flags,
struct rrsetinfo **res)
{
int result;
unsigned int i, j, index_ans, index_sig;
struct rrsetinfo *rrset = NULL;
struct rdatainfo *rdata;
size_t len;
ldns_resolver *ldns_res;
ldns_rdf *domain = NULL;
ldns_pkt *pkt = NULL;
ldns_rr_list *rrsigs = NULL, *rrdata = NULL;
ldns_status err;
ldns_rr *rr;
/* check for invalid class and type */
if (rdclass > 0xffff || rdtype > 0xffff) {
result = ERRSET_INVAL;
goto fail;
}
/* don't allow queries of class or type ANY */
if (rdclass == 0xff || rdtype == 0xff) {
result = ERRSET_INVAL;
goto fail;
}
/* don't allow flags yet, unimplemented */
if (flags) {
result = ERRSET_INVAL;
goto fail;
}
/* Initialize resolver from resolv.conf */
domain = ldns_dname_new_frm_str(hostname);
if ((err = ldns_resolver_new_frm_file(&ldns_res, NULL)) != \
LDNS_STATUS_OK) {
result = ERRSET_FAIL;
goto fail;
}
#ifdef LDNS_DEBUG
ldns_resolver_set_debug(ldns_res, true);
#endif /* LDNS_DEBUG */
ldns_resolver_set_dnssec(ldns_res, true); /* Use DNSSEC */
/* make query */
pkt = ldns_resolver_query(ldns_res, domain, rdtype, rdclass, LDNS_RD);
/*** TODO: finer errcodes -- see original **/
if (!pkt || ldns_pkt_ancount(pkt) < 1) {
result = ERRSET_FAIL;
goto fail;
}
/* initialize rrset */
rrset = calloc(1, sizeof(struct rrsetinfo));
if (rrset == NULL) {
result = ERRSET_NOMEMORY;
goto fail;
}
rrdata = ldns_pkt_rr_list_by_type(pkt, rdtype, LDNS_SECTION_ANSWER);
rrset->rri_nrdatas = ldns_rr_list_rr_count(rrdata);
if (!rrset->rri_nrdatas) {
result = ERRSET_NODATA;
goto fail;
}
/* copy name from answer section */
len = ldns_rdf_size(ldns_rr_owner(ldns_rr_list_rr(rrdata, 0)));
if ((rrset->rri_name = malloc(len)) == NULL) {
result = ERRSET_NOMEMORY;
goto fail;
}
memcpy(rrset->rri_name,
ldns_rdf_data(ldns_rr_owner(ldns_rr_list_rr(rrdata, 0))), len);
rrset->rri_rdclass = ldns_rr_get_class(ldns_rr_list_rr(rrdata, 0));
rrset->rri_rdtype = ldns_rr_get_type(ldns_rr_list_rr(rrdata, 0));
rrset->rri_ttl = ldns_rr_ttl(ldns_rr_list_rr(rrdata, 0));
debug2("ldns: got %u answers from DNS", rrset->rri_nrdatas);
/* Check for authenticated data */
if (ldns_pkt_ad(pkt)) {
rrset->rri_flags |= RRSET_VALIDATED;
} else { /* AD is not set, try autonomous validation */
ldns_rr_list * trusted_keys = ldns_rr_list_new();
debug2("ldns: trying to validate RRset");
/* Get eventual sigs */
rrsigs = ldns_pkt_rr_list_by_type(pkt, LDNS_RR_TYPE_RRSIG,
LDNS_SECTION_ANSWER);
rrset->rri_nsigs = ldns_rr_list_rr_count(rrsigs);
debug2("ldns: got %u signature(s) (RRTYPE %u) from DNS",
rrset->rri_nsigs, LDNS_RR_TYPE_RRSIG);
if ((err = ldns_verify_trusted(ldns_res, rrdata, rrsigs,
trusted_keys)) == LDNS_STATUS_OK) {
rrset->rri_flags |= RRSET_VALIDATED;
debug2("ldns: RRset is signed with a valid key");
} else {
debug2("ldns: RRset validation failed: %s",
ldns_get_errorstr_by_id(err));
}
ldns_rr_list_deep_free(trusted_keys);
}
/* allocate memory for answers */
rrset->rri_rdatas = calloc(rrset->rri_nrdatas,
sizeof(struct rdatainfo));
if (rrset->rri_rdatas == NULL) {
result = ERRSET_NOMEMORY;
goto fail;
}
/* allocate memory for signatures */
if (rrset->rri_nsigs > 0) {
rrset->rri_sigs = calloc(rrset->rri_nsigs,
sizeof(struct rdatainfo));
if (rrset->rri_sigs == NULL) {
result = ERRSET_NOMEMORY;
goto fail;
}
}
/* copy answers & signatures */
for (i=0, index_ans=0, index_sig=0; i< pkt->_header->_ancount; i++) {
rdata = NULL;
rr = ldns_rr_list_rr(ldns_pkt_answer(pkt), i);
if (ldns_rr_get_class(rr) == rrset->rri_rdclass &&
ldns_rr_get_type(rr) == rrset->rri_rdtype) {
rdata = &rrset->rri_rdatas[index_ans++];
}
if (rr->_rr_class == rrset->rri_rdclass &&
rr->_rr_type == LDNS_RR_TYPE_RRSIG &&
rrset->rri_sigs) {
rdata = &rrset->rri_sigs[index_sig++];
}
if (rdata) {
size_t rdata_offset = 0;
rdata->rdi_length = 0;
for (j=0; j< rr->_rd_count; j++) {
rdata->rdi_length +=
ldns_rdf_size(ldns_rr_rdf(rr, j));
}
rdata->rdi_data = malloc(rdata->rdi_length);
if (rdata->rdi_data == NULL) {
result = ERRSET_NOMEMORY;
goto fail;
}
/* Re-create the raw DNS RDATA */
for (j=0; j< rr->_rd_count; j++) {
len = ldns_rdf_size(ldns_rr_rdf(rr, j));
memcpy(rdata->rdi_data + rdata_offset,
ldns_rdf_data(ldns_rr_rdf(rr, j)), len);
rdata_offset += len;
}
}
}
*res = rrset;
result = ERRSET_SUCCESS;
fail:
/* freerrset(rrset); */
ldns_rdf_deep_free(domain);
ldns_pkt_free(pkt);
ldns_rr_list_deep_free(rrsigs);
ldns_rr_list_deep_free(rrdata);
ldns_resolver_deep_free(ldns_res);
return result;
}
/* same naive method as in drill0.9
* We resolver _ALL_ the names, which is ofcourse not needed
* We _do_ use the local resolver to do that, so it still is
* fast, but it can be made to run much faster
*/
ldns_pkt *
do_trace(ldns_resolver *local_res, ldns_rdf *name, ldns_rr_type t,
ldns_rr_class c)
{
ldns_resolver *res;
ldns_pkt *p;
ldns_rr_list *new_nss_a;
ldns_rr_list *new_nss_aaaa;
ldns_rr_list *final_answer;
ldns_rr_list *new_nss;
ldns_rr_list *ns_addr;
uint16_t loop_count;
ldns_rdf *pop;
ldns_status status;
size_t i;
loop_count = 0;
new_nss_a = NULL;
new_nss_aaaa = NULL;
new_nss = NULL;
ns_addr = NULL;
final_answer = NULL;
p = ldns_pkt_new();
res = ldns_resolver_new();
if (!p) {
if (res) {
ldns_resolver_free(res);
}
error("Memory allocation failed");
return NULL;
}
if (!res) {
ldns_pkt_free(p);
error("Memory allocation failed");
return NULL;
}
/* transfer some properties of local_res to res,
* because they were given on the commandline */
ldns_resolver_set_ip6(res,
ldns_resolver_ip6(local_res));
ldns_resolver_set_port(res,
ldns_resolver_port(local_res));
ldns_resolver_set_debug(res,
ldns_resolver_debug(local_res));
ldns_resolver_set_dnssec(res,
ldns_resolver_dnssec(local_res));
ldns_resolver_set_fail(res,
ldns_resolver_fail(local_res));
ldns_resolver_set_usevc(res,
ldns_resolver_usevc(local_res));
ldns_resolver_set_random(res,
ldns_resolver_random(local_res));
ldns_resolver_set_recursive(res, false);
/* setup the root nameserver in the new resolver */
status = ldns_resolver_push_nameserver_rr_list(res, global_dns_root);
if (status != LDNS_STATUS_OK) {
fprintf(stderr, "Error adding root servers to resolver: %s\n", ldns_get_errorstr_by_id(status));
ldns_rr_list_print(stdout, global_dns_root);
ldns_resolver_free(res);
ldns_pkt_free(p);
return NULL;
}
/* this must be a real query to local_res */
status = ldns_resolver_send(&p, res, ldns_dname_new_frm_str("."), LDNS_RR_TYPE_NS, c, 0);
/* p can still be NULL */
if (ldns_pkt_empty(p)) {
warning("No root server information received");
}
if (status == LDNS_STATUS_OK) {
if (!ldns_pkt_empty(p)) {
drill_pkt_print(stdout, local_res, p);
}
} else {
error("cannot use local resolver");
return NULL;
}
status = ldns_resolver_send(&p, res, name, t, c, 0);
while(status == LDNS_STATUS_OK &&
ldns_pkt_reply_type(p) == LDNS_PACKET_REFERRAL) {
if (!p) {
/* some error occurred, bail out */
return NULL;
}
new_nss_a = ldns_pkt_rr_list_by_type(p,
LDNS_RR_TYPE_A, LDNS_SECTION_ADDITIONAL);
new_nss_aaaa = ldns_pkt_rr_list_by_type(p,
LDNS_RR_TYPE_AAAA, LDNS_SECTION_ADDITIONAL);
new_nss = ldns_pkt_rr_list_by_type(p,
LDNS_RR_TYPE_NS, LDNS_SECTION_AUTHORITY);
if (verbosity != -1) {
ldns_rr_list_print(stdout, new_nss);
}
/* checks itself for verbosity */
drill_pkt_print_footer(stdout, local_res, p);
/* remove the old nameserver from the resolver */
while(ldns_resolver_pop_nameserver(res)) { /* do it */ }
/* also check for new_nss emptyness */
if (!new_nss_aaaa && !new_nss_a) {
/*
* no nameserver found!!!
* try to resolve the names we do got
*/
for(i = 0; i < ldns_rr_list_rr_count(new_nss); i++) {
/* get the name of the nameserver */
pop = ldns_rr_rdf(ldns_rr_list_rr(new_nss, i), 0);
if (!pop) {
break;
}
ldns_rr_list_print(stdout, new_nss);
ldns_rdf_print(stdout, pop);
/* retrieve it's addresses */
ns_addr = ldns_rr_list_cat_clone(ns_addr,
ldns_get_rr_list_addr_by_name(local_res, pop, c, 0));
}
if (ns_addr) {
if (ldns_resolver_push_nameserver_rr_list(res, ns_addr) !=
LDNS_STATUS_OK) {
error("Error adding new nameservers");
ldns_pkt_free(p);
return NULL;
}
ldns_rr_list_free(ns_addr);
} else {
ldns_rr_list_print(stdout, ns_addr);
error("Could not find the nameserver ip addr; abort");
ldns_pkt_free(p);
return NULL;
}
}
/* add the new ones */
if (new_nss_aaaa) {
if (ldns_resolver_push_nameserver_rr_list(res, new_nss_aaaa) !=
LDNS_STATUS_OK) {
error("adding new nameservers");
ldns_pkt_free(p);
return NULL;
}
}
if (new_nss_a) {
if (ldns_resolver_push_nameserver_rr_list(res, new_nss_a) !=
LDNS_STATUS_OK) {
error("adding new nameservers");
ldns_pkt_free(p);
return NULL;
}
}
if (loop_count++ > 20) {
/* unlikely that we are doing something usefull */
error("Looks like we are looping");
ldns_pkt_free(p);
return NULL;
}
status = ldns_resolver_send(&p, res, name, t, c, 0);
new_nss_aaaa = NULL;
new_nss_a = NULL;
ns_addr = NULL;
}
status = ldns_resolver_send(&p, res, name, t, c, 0);
if (!p) {
return NULL;
}
new_nss = ldns_pkt_authority(p);
final_answer = ldns_pkt_answer(p);
if (verbosity != -1) {
ldns_rr_list_print(stdout, final_answer);
ldns_rr_list_print(stdout, new_nss);
}
drill_pkt_print_footer(stdout, local_res, p);
ldns_pkt_free(p);
return NULL;
}
ldns_status
ldns_verify_denial(ldns_pkt *pkt, ldns_rdf *name, ldns_rr_type type, ldns_rr_list **nsec_rrs, ldns_rr_list **nsec_rr_sigs)
{
uint16_t nsec_i;
ldns_rr_list *nsecs;
ldns_status result;
if (verbosity >= 5) {
printf("VERIFY DENIAL FROM:\n");
ldns_pkt_print(stdout, pkt);
}
result = LDNS_STATUS_CRYPTO_NO_RRSIG;
/* Try to see if there are NSECS in the packet */
nsecs = ldns_pkt_rr_list_by_type(pkt, LDNS_RR_TYPE_NSEC, LDNS_SECTION_ANY_NOQUESTION);
if (nsecs) {
for (nsec_i = 0; nsec_i < ldns_rr_list_rr_count(nsecs); nsec_i++) {
/* there are four options:
* - name equals ownername and is covered by the type bitmap
* - name equals ownername but is not covered by the type bitmap
* - name falls within nsec coverage but is not equal to the owner name
* - name falls outside of nsec coverage
*/
if (ldns_dname_compare(ldns_rr_owner(ldns_rr_list_rr(nsecs, nsec_i)), name) == 0) {
/*
printf("CHECKING NSEC:\n");
ldns_rr_print(stdout, ldns_rr_list_rr(nsecs, nsec_i));
printf("DAWASEM\n");
*/
if (ldns_nsec_bitmap_covers_type(
ldns_nsec_get_bitmap(ldns_rr_list_rr(nsecs,
nsec_i)),
type)) {
/* Error, according to the nsec this rrset is signed */
result = LDNS_STATUS_CRYPTO_NO_RRSIG;
} else {
/* ok nsec denies existence */
if (verbosity >= 3) {
printf(";; Existence of data set with this type denied by NSEC\n");
}
/*printf(";; Verifiably insecure.\n");*/
if (nsec_rrs && nsec_rr_sigs) {
(void) get_dnssec_rr(pkt, ldns_rr_owner(ldns_rr_list_rr(nsecs, nsec_i)), LDNS_RR_TYPE_NSEC, nsec_rrs, nsec_rr_sigs);
}
ldns_rr_list_deep_free(nsecs);
return LDNS_STATUS_OK;
}
} else if (ldns_nsec_covers_name(ldns_rr_list_rr(nsecs, nsec_i), name)) {
if (verbosity >= 3) {
printf(";; Existence of data set with this name denied by NSEC\n");
}
if (nsec_rrs && nsec_rr_sigs) {
(void) get_dnssec_rr(pkt, ldns_rr_owner(ldns_rr_list_rr(nsecs, nsec_i)), LDNS_RR_TYPE_NSEC, nsec_rrs, nsec_rr_sigs);
}
ldns_rr_list_deep_free(nsecs);
return LDNS_STATUS_OK;
} else {
/* nsec has nothing to do with this data */
}
}
ldns_rr_list_deep_free(nsecs);
} else if( (nsecs = ldns_pkt_rr_list_by_type(pkt, LDNS_RR_TYPE_NSEC3, LDNS_SECTION_ANY_NOQUESTION)) ) {
ldns_rr_list* sigs = ldns_pkt_rr_list_by_type(pkt, LDNS_RR_TYPE_RRSIG, LDNS_SECTION_ANY_NOQUESTION);
ldns_rr* q = ldns_rr_new();
if(!sigs) return LDNS_STATUS_MEM_ERR;
if(!q) return LDNS_STATUS_MEM_ERR;
ldns_rr_set_question(q, 1);
ldns_rr_set_ttl(q, 0);
ldns_rr_set_owner(q, ldns_rdf_clone(name));
if(!ldns_rr_owner(q)) return LDNS_STATUS_MEM_ERR;
ldns_rr_set_type(q, type);
result = ldns_dnssec_verify_denial_nsec3(q, nsecs, sigs, ldns_pkt_get_rcode(pkt), type, ldns_pkt_ancount(pkt) == 0);
ldns_rr_free(q);
ldns_rr_list_deep_free(nsecs);
ldns_rr_list_deep_free(sigs);
}
return result;
}
