2 * Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC")
3 * Copyright (C) 2000-2003 Internet Software Consortium.
5 * Permission to use, copy, modify, and/or distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
9 * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
10 * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
11 * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
12 * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
13 * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
14 * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
15 * PERFORMANCE OF THIS SOFTWARE.
18 /* $Id: dighost.c,v 1.311.70.21 2011-03-11 10:49:49 marka Exp $ */
22 * Notice to programmers: Do not use this code as an example of how to
23 * use the ISC library to perform DNS lookups. Dig and Host both operate
24 * on the request level, since they allow fine-tuning of output and are
25 * intended as debugging tools. As a result, they perform many of the
26 * functions which could be better handled using the dns_resolver
27 * functions in most applications.
41 #include <idn/result.h>
43 #include <idn/resconf.h>
47 #include <dns/byaddr.h>
49 #include <dns/dnssec.h>
52 #include <isc/random.h>
55 #include <dns/fixedname.h>
56 #include <dns/message.h>
58 #include <dns/rdata.h>
59 #include <dns/rdataclass.h>
60 #include <dns/rdatalist.h>
61 #include <dns/rdataset.h>
62 #include <dns/rdatastruct.h>
63 #include <dns/rdatatype.h>
64 #include <dns/result.h>
70 #include <isc/base64.h>
71 #include <isc/entropy.h>
74 #include <isc/netaddr.h>
76 #include <isc/netdb.h>
78 #include <isc/print.h>
79 #include <isc/random.h>
80 #include <isc/result.h>
81 #include <isc/string.h>
83 #include <isc/timer.h>
84 #include <isc/types.h>
87 #include <lwres/lwres.h>
88 #include <lwres/net.h>
90 #include <bind9/getaddresses.h>
94 #if ! defined(NS_INADDRSZ)
98 #if ! defined(NS_IN6ADDRSZ)
99 #define NS_IN6ADDRSZ 16
102 static lwres_context_t *lwctx = NULL;
103 static lwres_conf_t *lwconf;
105 dig_lookuplist_t lookup_list;
106 dig_serverlist_t server_list;
107 dig_searchlistlist_t search_list;
110 check_ra = ISC_FALSE,
111 have_ipv4 = ISC_FALSE,
112 have_ipv6 = ISC_FALSE,
113 specified_source = ISC_FALSE,
114 free_now = ISC_FALSE,
115 cancel_now = ISC_FALSE,
116 usesearch = ISC_FALSE,
117 showsearch = ISC_FALSE,
119 is_dst_up = ISC_FALSE;
121 unsigned int timeout = 0;
122 unsigned int extrabytes;
123 isc_mem_t *mctx = NULL;
124 isc_taskmgr_t *taskmgr = NULL;
125 isc_task_t *global_task = NULL;
126 isc_timermgr_t *timermgr = NULL;
127 isc_socketmgr_t *socketmgr = NULL;
128 isc_sockaddr_t bind_address;
129 isc_sockaddr_t bind_any;
135 int lookup_counter = 0;
138 static void initialize_idn(void);
139 static isc_result_t output_filter(isc_buffer_t *buffer,
140 unsigned int used_org,
141 isc_boolean_t absolute);
142 static idn_result_t append_textname(char *name, const char *origin,
144 static void idn_check_result(idn_result_t r, const char *msg);
153 *\li 0 Everything went well, including things like NXDOMAIN
155 *\li 7 Got too many RR's or Names
156 *\li 8 Couldn't open batch file
157 *\li 9 No reply from server
158 *\li 10 Internal error
162 char keynametext[MXNAME];
163 char keyfile[MXNAME] = "";
164 char keysecret[MXNAME] = "";
165 dns_name_t *hmacname = NULL;
166 unsigned int digestbits = 0;
167 isc_buffer_t *namebuf = NULL;
168 dns_tsigkey_t *key = NULL;
169 isc_boolean_t validated = ISC_TRUE;
170 isc_entropy_t *entp = NULL;
171 isc_mempool_t *commctx = NULL;
172 isc_boolean_t debugging = ISC_FALSE;
173 isc_boolean_t memdebugging = ISC_FALSE;
174 char *progname = NULL;
175 isc_mutex_t lookup_lock;
176 dig_lookup_t *current_lookup = NULL;
180 isc_result_t get_trusted_key(isc_mem_t *mctx);
181 dns_rdataset_t * sigchase_scanname(dns_rdatatype_t type,
182 dns_rdatatype_t covers,
183 isc_boolean_t *lookedup,
184 dns_name_t *rdata_name);
185 dns_rdataset_t * chase_scanname_section(dns_message_t *msg,
187 dns_rdatatype_t type,
188 dns_rdatatype_t covers,
190 isc_result_t advanced_rrsearch(dns_rdataset_t **rdataset,
192 dns_rdatatype_t type,
193 dns_rdatatype_t covers,
194 isc_boolean_t *lookedup);
195 isc_result_t sigchase_verify_sig_key(dns_name_t *name,
196 dns_rdataset_t *rdataset,
197 dst_key_t* dnsseckey,
198 dns_rdataset_t *sigrdataset,
200 isc_result_t sigchase_verify_sig(dns_name_t *name,
201 dns_rdataset_t *rdataset,
202 dns_rdataset_t *keyrdataset,
203 dns_rdataset_t *sigrdataset,
205 isc_result_t sigchase_verify_ds(dns_name_t *name,
206 dns_rdataset_t *keyrdataset,
207 dns_rdataset_t *dsrdataset,
209 void sigchase(dns_message_t *msg);
210 void print_rdata(dns_rdata_t *rdata, isc_mem_t *mctx);
211 void print_rdataset(dns_name_t *name,
212 dns_rdataset_t *rdataset, isc_mem_t *mctx);
213 void dup_name(dns_name_t *source, dns_name_t* target,
215 void free_name(dns_name_t *name, isc_mem_t *mctx);
216 void dump_database(void);
217 void dump_database_section(dns_message_t *msg, int section);
218 dns_rdataset_t * search_type(dns_name_t *name, dns_rdatatype_t type,
219 dns_rdatatype_t covers);
220 isc_result_t contains_trusted_key(dns_name_t *name,
221 dns_rdataset_t *rdataset,
222 dns_rdataset_t *sigrdataset,
224 void print_type(dns_rdatatype_t type);
225 isc_result_t prove_nx_domain(dns_message_t * msg,
227 dns_name_t * rdata_name,
228 dns_rdataset_t ** rdataset,
229 dns_rdataset_t ** sigrdataset);
230 isc_result_t prove_nx_type(dns_message_t * msg, dns_name_t *name,
231 dns_rdataset_t *nsec,
232 dns_rdataclass_t class,
233 dns_rdatatype_t type,
234 dns_name_t * rdata_name,
235 dns_rdataset_t ** rdataset,
236 dns_rdataset_t ** sigrdataset);
237 isc_result_t prove_nx(dns_message_t * msg, dns_name_t * name,
238 dns_rdataclass_t class,
239 dns_rdatatype_t type,
240 dns_name_t * rdata_name,
241 dns_rdataset_t ** rdataset,
242 dns_rdataset_t ** sigrdataset);
243 static void nameFromString(const char *str, dns_name_t *p_ret);
244 int inf_name(dns_name_t * name1, dns_name_t * name2);
245 isc_result_t opentmpkey(isc_mem_t *mctx, const char *file,
246 char **tempp, FILE **fp);
247 isc_result_t removetmpkey(isc_mem_t *mctx, const char *file);
248 void clean_trustedkey(void);
249 void insert_trustedkey(dst_key_t **key);
251 isc_result_t getneededrr(dns_message_t *msg);
252 void sigchase_bottom_up(dns_message_t *msg);
253 void sigchase_bu(dns_message_t *msg);
256 isc_result_t initialization(dns_name_t *name);
257 isc_result_t prepare_lookup(dns_name_t *name);
258 isc_result_t grandfather_pb_test(dns_name_t * zone_name,
259 dns_rdataset_t *sigrdataset);
260 isc_result_t child_of_zone(dns_name_t *name,
261 dns_name_t *zone_name,
262 dns_name_t *child_name);
263 void sigchase_td(dns_message_t *msg);
265 char trustedkey[MXNAME] = "";
267 dns_rdataset_t *chase_rdataset = NULL;
268 dns_rdataset_t *chase_sigrdataset = NULL;
269 dns_rdataset_t *chase_dsrdataset = NULL;
270 dns_rdataset_t *chase_sigdsrdataset = NULL;
271 dns_rdataset_t *chase_keyrdataset = NULL;
272 dns_rdataset_t *chase_sigkeyrdataset = NULL;
273 dns_rdataset_t *chase_nsrdataset = NULL;
275 dns_name_t chase_name; /* the query name */
278 * the current name is the parent name when we follow delegation
280 dns_name_t chase_current_name;
282 * the child name is used for delegation (NS DS responses in AUTHORITY section)
284 dns_name_t chase_authority_name;
287 dns_name_t chase_signame;
291 isc_boolean_t chase_siglookedup = ISC_FALSE;
292 isc_boolean_t chase_keylookedup = ISC_FALSE;
293 isc_boolean_t chase_sigkeylookedup = ISC_FALSE;
294 isc_boolean_t chase_dslookedup = ISC_FALSE;
295 isc_boolean_t chase_sigdslookedup = ISC_FALSE;
297 isc_boolean_t chase_nslookedup = ISC_FALSE;
298 isc_boolean_t chase_lookedup = ISC_FALSE;
301 isc_boolean_t delegation_follow = ISC_FALSE;
302 isc_boolean_t grandfather_pb = ISC_FALSE;
303 isc_boolean_t have_response = ISC_FALSE;
304 isc_boolean_t have_delegation_ns = ISC_FALSE;
305 dns_message_t * error_message = NULL;
308 isc_boolean_t dsvalidating = ISC_FALSE;
309 isc_boolean_t chase_name_dup = ISC_FALSE;
311 ISC_LIST(dig_message_t) chase_message_list;
312 ISC_LIST(dig_message_t) chase_message_list2;
315 #define MAX_TRUSTED_KEY 5
316 typedef struct struct_trusted_key_list {
317 dst_key_t * key[MAX_TRUSTED_KEY];
321 struct_tk_list tk_list = { {NULL, NULL, NULL, NULL, NULL}, 0};
325 #define DIG_MAX_ADDRESSES 20
328 * Apply and clear locks at the event level in global task.
329 * Can I get rid of these using shutdown events? XXX
331 #define LOCK_LOOKUP {\
332 debug("lock_lookup %s:%d", __FILE__, __LINE__);\
333 check_result(isc_mutex_lock((&lookup_lock)), "isc_mutex_lock");\
336 #define UNLOCK_LOOKUP {\
337 debug("unlock_lookup %s:%d", __FILE__, __LINE__);\
338 check_result(isc_mutex_unlock((&lookup_lock)),\
339 "isc_mutex_unlock");\
343 cancel_lookup(dig_lookup_t *lookup);
346 recv_done(isc_task_t *task, isc_event_t *event);
349 send_udp(dig_query_t *query);
352 connect_timeout(isc_task_t *task, isc_event_t *event);
355 launch_next_query(dig_query_t *query, isc_boolean_t include_question);
359 mem_alloc(void *arg, size_t size) {
360 return (isc_mem_get(arg, size));
364 mem_free(void *arg, void *mem, size_t size) {
365 isc_mem_put(arg, mem, size);
369 next_token(char **stringp, const char *delim) {
373 res = strsep(stringp, delim);
376 } while (*res == '\0');
381 count_dots(char *string) {
395 hex_dump(isc_buffer_t *b) {
399 isc_buffer_usedregion(b, &r);
401 printf("%d bytes\n", r.length);
402 for (len = 0; len < r.length; len++) {
403 printf("%02x ", r.base[len]);
412 * Append 'len' bytes of 'text' at '*p', failing with
413 * ISC_R_NOSPACE if that would advance p past 'end'.
416 append(const char *text, int len, char **p, char *end) {
418 return (ISC_R_NOSPACE);
419 memcpy(*p, text, len);
421 return (ISC_R_SUCCESS);
425 reverse_octets(const char *in, char **p, char *end) {
426 char *dot = strchr(in, '.');
430 result = reverse_octets(dot + 1, p, end);
431 if (result != ISC_R_SUCCESS)
433 result = append(".", 1, p, end);
434 if (result != ISC_R_SUCCESS)
440 return (append(in, len, p, end));
444 get_reverse(char *reverse, size_t len, char *value, isc_boolean_t ip6_int,
445 isc_boolean_t strict)
451 addr.family = AF_INET6;
452 r = inet_pton(AF_INET6, value, &addr.type.in6);
454 /* This is a valid IPv6 address. */
455 dns_fixedname_t fname;
457 unsigned int options = 0;
460 options |= DNS_BYADDROPT_IPV6INT;
461 dns_fixedname_init(&fname);
462 name = dns_fixedname_name(&fname);
463 result = dns_byaddr_createptrname2(&addr, options, name);
464 if (result != ISC_R_SUCCESS)
466 dns_name_format(name, reverse, len);
467 return (ISC_R_SUCCESS);
470 * Not a valid IPv6 address. Assume IPv4.
471 * If 'strict' is not set, construct the
472 * in-addr.arpa name by blindly reversing
473 * octets whether or not they look like integers,
474 * so that this can be used for RFC2317 names
478 char *end = reverse + len;
479 if (strict && inet_pton(AF_INET, value, &addr.type.in) != 1)
480 return (DNS_R_BADDOTTEDQUAD);
481 result = reverse_octets(value, &p, end);
482 if (result != ISC_R_SUCCESS)
484 /* Append .in-addr.arpa. and a terminating NUL. */
485 result = append(".in-addr.arpa.", 15, &p, end);
486 if (result != ISC_R_SUCCESS)
488 return (ISC_R_SUCCESS);
493 fatal(const char *format, ...) {
497 fprintf(stderr, "%s: ", progname);
498 va_start(args, format);
499 vfprintf(stderr, format, args);
501 fprintf(stderr, "\n");
505 exitcode = fatalexit;
510 debug(const char *format, ...) {
515 va_start(args, format);
516 vfprintf(stderr, format, args);
518 fprintf(stderr, "\n");
523 check_result(isc_result_t result, const char *msg) {
524 if (result != ISC_R_SUCCESS) {
525 fatal("%s: %s", msg, isc_result_totext(result));
530 * Create a server structure, which is part of the lookup structure.
531 * This is little more than a linked list of servers to query in hopes
532 * of finding the answer the user is looking for
535 make_server(const char *servname, const char *userarg) {
538 REQUIRE(servname != NULL);
540 debug("make_server(%s)", servname);
541 srv = isc_mem_allocate(mctx, sizeof(struct dig_server));
543 fatal("memory allocation failure in %s:%d",
545 strlcpy(srv->servername, servname, MXNAME);
546 strlcpy(srv->userarg, userarg, MXNAME);
547 ISC_LINK_INIT(srv, link);
552 addr2af(int lwresaddrtype)
556 switch (lwresaddrtype) {
557 case LWRES_ADDRTYPE_V4:
561 case LWRES_ADDRTYPE_V6:
570 * Create a copy of the server list from the lwres configuration structure.
571 * The dest list must have already had ISC_LIST_INIT applied.
574 copy_server_list(lwres_conf_t *confdata, dig_serverlist_t *dest) {
575 dig_server_t *newsrv;
576 char tmp[sizeof("ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255")];
580 debug("copy_server_list()");
581 for (i = 0; i < confdata->nsnext; i++) {
582 af = addr2af(confdata->nameservers[i].family);
584 if (af == AF_INET && !have_ipv4)
586 if (af == AF_INET6 && !have_ipv6)
589 lwres_net_ntop(af, confdata->nameservers[i].address,
591 newsrv = make_server(tmp, tmp);
592 ISC_LINK_INIT(newsrv, link);
593 ISC_LIST_ENQUEUE(*dest, newsrv, link);
598 flush_server_list(void) {
599 dig_server_t *s, *ps;
601 debug("flush_server_list()");
602 s = ISC_LIST_HEAD(server_list);
605 s = ISC_LIST_NEXT(s, link);
606 ISC_LIST_DEQUEUE(server_list, ps, link);
607 isc_mem_free(mctx, ps);
612 set_nameserver(char *opt) {
614 isc_sockaddr_t sockaddrs[DIG_MAX_ADDRESSES];
615 isc_netaddr_t netaddr;
618 char tmp[ISC_NETADDR_FORMATSIZE];
623 result = bind9_getaddresses(opt, 0, sockaddrs,
624 DIG_MAX_ADDRESSES, &count);
625 if (result != ISC_R_SUCCESS)
626 fatal("couldn't get address for '%s': %s",
627 opt, isc_result_totext(result));
631 for (i = 0; i < count; i++) {
632 isc_netaddr_fromsockaddr(&netaddr, &sockaddrs[i]);
633 isc_netaddr_format(&netaddr, tmp, sizeof(tmp));
634 srv = make_server(tmp, opt);
636 fatal("memory allocation failure");
637 ISC_LIST_APPEND(server_list, srv, link);
642 add_nameserver(lwres_conf_t *confdata, const char *addr, int af) {
644 int i = confdata->nsnext;
646 if (confdata->nsnext >= LWRES_CONFMAXNAMESERVERS)
647 return (ISC_R_FAILURE);
651 confdata->nameservers[i].family = LWRES_ADDRTYPE_V4;
652 confdata->nameservers[i].length = NS_INADDRSZ;
655 confdata->nameservers[i].family = LWRES_ADDRTYPE_V6;
656 confdata->nameservers[i].length = NS_IN6ADDRSZ;
659 return (ISC_R_FAILURE);
662 if (lwres_net_pton(af, addr, &confdata->nameservers[i].address) == 1) {
664 return (ISC_R_SUCCESS);
666 return (ISC_R_FAILURE);
670 * Produce a cloned server list. The dest list must have already had
671 * ISC_LIST_INIT applied.
674 clone_server_list(dig_serverlist_t src, dig_serverlist_t *dest) {
675 dig_server_t *srv, *newsrv;
677 debug("clone_server_list()");
678 srv = ISC_LIST_HEAD(src);
679 while (srv != NULL) {
680 newsrv = make_server(srv->servername, srv->userarg);
681 ISC_LINK_INIT(newsrv, link);
682 ISC_LIST_ENQUEUE(*dest, newsrv, link);
683 srv = ISC_LIST_NEXT(srv, link);
688 * Create an empty lookup structure, which holds all the information needed
689 * to get an answer to a user's question. This structure contains two
690 * linked lists: the server list (servers to query) and the query list
691 * (outstanding queries which have been made to the listed servers).
694 make_empty_lookup(void) {
695 dig_lookup_t *looknew;
697 debug("make_empty_lookup()");
701 looknew = isc_mem_allocate(mctx, sizeof(struct dig_lookup));
703 fatal("memory allocation failure in %s:%d",
705 looknew->pending = ISC_TRUE;
706 looknew->textname[0] = 0;
707 looknew->cmdline[0] = 0;
708 looknew->rdtype = dns_rdatatype_a;
709 looknew->qrdtype = dns_rdatatype_a;
710 looknew->rdclass = dns_rdataclass_in;
711 looknew->rdtypeset = ISC_FALSE;
712 looknew->rdclassset = ISC_FALSE;
713 looknew->sendspace = NULL;
714 looknew->sendmsg = NULL;
715 looknew->name = NULL;
716 looknew->oname = NULL;
717 looknew->timer = NULL;
718 looknew->xfr_q = NULL;
719 looknew->current_query = NULL;
720 looknew->doing_xfr = ISC_FALSE;
721 looknew->ixfr_serial = ISC_FALSE;
722 looknew->trace = ISC_FALSE;
723 looknew->trace_root = ISC_FALSE;
724 looknew->identify = ISC_FALSE;
725 looknew->identify_previous_line = ISC_FALSE;
726 looknew->ignore = ISC_FALSE;
727 looknew->servfail_stops = ISC_TRUE;
728 looknew->besteffort = ISC_TRUE;
729 looknew->dnssec = ISC_FALSE;
730 looknew->nsid = ISC_FALSE;
732 looknew->sigchase = ISC_FALSE;
734 looknew->do_topdown = ISC_FALSE;
735 looknew->trace_root_sigchase = ISC_FALSE;
736 looknew->rdtype_sigchaseset = ISC_FALSE;
737 looknew->rdtype_sigchase = dns_rdatatype_any;
738 looknew->qrdtype_sigchase = dns_rdatatype_any;
739 looknew->rdclass_sigchase = dns_rdataclass_in;
740 looknew->rdclass_sigchaseset = ISC_FALSE;
743 looknew->udpsize = 0;
745 looknew->recurse = ISC_TRUE;
746 looknew->aaonly = ISC_FALSE;
747 looknew->adflag = ISC_FALSE;
748 looknew->cdflag = ISC_FALSE;
749 looknew->ns_search_only = ISC_FALSE;
750 looknew->origin = NULL;
751 looknew->tsigctx = NULL;
752 looknew->querysig = NULL;
753 looknew->retries = tries;
754 looknew->nsfound = 0;
755 looknew->tcp_mode = ISC_FALSE;
756 looknew->ip6_int = ISC_FALSE;
757 looknew->comments = ISC_TRUE;
758 looknew->stats = ISC_TRUE;
759 looknew->section_question = ISC_TRUE;
760 looknew->section_answer = ISC_TRUE;
761 looknew->section_authority = ISC_TRUE;
762 looknew->section_additional = ISC_TRUE;
763 looknew->new_search = ISC_FALSE;
764 looknew->done_as_is = ISC_FALSE;
765 looknew->need_search = ISC_FALSE;
766 ISC_LINK_INIT(looknew, link);
767 ISC_LIST_INIT(looknew->q);
768 ISC_LIST_INIT(looknew->my_server_list);
773 * Clone a lookup, perhaps copying the server list. This does not clone
774 * the query list, since it will be regenerated by the setup_lookup()
775 * function, nor does it queue up the new lookup for processing.
776 * Caution: If you don't clone the servers, you MUST clone the server
777 * list separately from somewhere else, or construct it by hand.
780 clone_lookup(dig_lookup_t *lookold, isc_boolean_t servers) {
781 dig_lookup_t *looknew;
783 debug("clone_lookup()");
787 looknew = make_empty_lookup();
788 INSIST(looknew != NULL);
789 strncpy(looknew->textname, lookold->textname, MXNAME);
791 strncpy(looknew->textnamesigchase, lookold->textnamesigchase, MXNAME);
793 strncpy(looknew->cmdline, lookold->cmdline, MXNAME);
794 looknew->textname[MXNAME-1] = 0;
795 looknew->rdtype = lookold->rdtype;
796 looknew->qrdtype = lookold->qrdtype;
797 looknew->rdclass = lookold->rdclass;
798 looknew->rdtypeset = lookold->rdtypeset;
799 looknew->rdclassset = lookold->rdclassset;
800 looknew->doing_xfr = lookold->doing_xfr;
801 looknew->ixfr_serial = lookold->ixfr_serial;
802 looknew->trace = lookold->trace;
803 looknew->trace_root = lookold->trace_root;
804 looknew->identify = lookold->identify;
805 looknew->identify_previous_line = lookold->identify_previous_line;
806 looknew->ignore = lookold->ignore;
807 looknew->servfail_stops = lookold->servfail_stops;
808 looknew->besteffort = lookold->besteffort;
809 looknew->dnssec = lookold->dnssec;
810 looknew->nsid = lookold->nsid;
812 looknew->sigchase = lookold->sigchase;
814 looknew->do_topdown = lookold->do_topdown;
815 looknew->trace_root_sigchase = lookold->trace_root_sigchase;
816 looknew->rdtype_sigchaseset = lookold->rdtype_sigchaseset;
817 looknew->rdtype_sigchase = lookold->rdtype_sigchase;
818 looknew->qrdtype_sigchase = lookold->qrdtype_sigchase;
819 looknew->rdclass_sigchase = lookold->rdclass_sigchase;
820 looknew->rdclass_sigchaseset = lookold->rdclass_sigchaseset;
823 looknew->udpsize = lookold->udpsize;
824 looknew->edns = lookold->edns;
825 looknew->recurse = lookold->recurse;
826 looknew->aaonly = lookold->aaonly;
827 looknew->adflag = lookold->adflag;
828 looknew->cdflag = lookold->cdflag;
829 looknew->ns_search_only = lookold->ns_search_only;
830 looknew->tcp_mode = lookold->tcp_mode;
831 looknew->comments = lookold->comments;
832 looknew->stats = lookold->stats;
833 looknew->section_question = lookold->section_question;
834 looknew->section_answer = lookold->section_answer;
835 looknew->section_authority = lookold->section_authority;
836 looknew->section_additional = lookold->section_additional;
837 looknew->retries = lookold->retries;
838 looknew->tsigctx = NULL;
839 looknew->need_search = lookold->need_search;
840 looknew->done_as_is = lookold->done_as_is;
843 clone_server_list(lookold->my_server_list,
844 &looknew->my_server_list);
849 * Requeue a lookup for further processing, perhaps copying the server
850 * list. The new lookup structure is returned to the caller, and is
851 * queued for processing. If servers are not cloned in the requeue, they
852 * must be added before allowing the current event to complete, since the
853 * completion of the event may result in the next entry on the lookup
857 requeue_lookup(dig_lookup_t *lookold, isc_boolean_t servers) {
858 dig_lookup_t *looknew;
860 debug("requeue_lookup()");
863 if (lookup_counter > LOOKUP_LIMIT)
864 fatal("too many lookups");
866 looknew = clone_lookup(lookold, servers);
867 INSIST(looknew != NULL);
869 debug("before insertion, init@%p -> %p, new@%p -> %p",
870 lookold, lookold->link.next, looknew, looknew->link.next);
871 ISC_LIST_PREPEND(lookup_list, looknew, link);
872 debug("after insertion, init -> %p, new = %p, new -> %p",
873 lookold, looknew, looknew->link.next);
879 setup_text_key(void) {
882 isc_buffer_t secretbuf;
884 unsigned char *secretstore;
886 debug("setup_text_key()");
887 result = isc_buffer_allocate(mctx, &namebuf, MXNAME);
888 check_result(result, "isc_buffer_allocate");
889 dns_name_init(&keyname, NULL);
890 check_result(result, "dns_name_init");
891 isc_buffer_putstr(namebuf, keynametext);
892 secretsize = strlen(keysecret) * 3 / 4;
893 secretstore = isc_mem_allocate(mctx, secretsize);
894 if (secretstore == NULL)
895 fatal("memory allocation failure in %s:%d",
897 isc_buffer_init(&secretbuf, secretstore, secretsize);
898 result = isc_base64_decodestring(keysecret, &secretbuf);
899 if (result != ISC_R_SUCCESS)
902 secretsize = isc_buffer_usedlength(&secretbuf);
904 result = dns_name_fromtext(&keyname, namebuf,
905 dns_rootname, ISC_FALSE,
907 if (result != ISC_R_SUCCESS)
910 result = dns_tsigkey_create(&keyname, hmacname, secretstore,
911 secretsize, ISC_FALSE, NULL, 0, 0, mctx,
914 if (result != ISC_R_SUCCESS)
915 printf(";; Couldn't create key %s: %s\n",
916 keynametext, isc_result_totext(result));
918 dst_key_setbits(key->key, digestbits);
920 isc_mem_free(mctx, secretstore);
921 dns_name_invalidate(&keyname);
922 isc_buffer_free(&namebuf);
926 setup_file_key(void) {
928 dst_key_t *dstkey = NULL;
930 debug("setup_file_key()");
931 result = dst_key_fromnamedfile(keyfile, DST_TYPE_PRIVATE | DST_TYPE_KEY,
933 if (result != ISC_R_SUCCESS) {
934 fprintf(stderr, "Couldn't read key from %s: %s\n",
935 keyfile, isc_result_totext(result));
939 switch (dst_key_alg(dstkey)) {
940 case DST_ALG_HMACMD5:
941 hmacname = DNS_TSIG_HMACMD5_NAME;
943 case DST_ALG_HMACSHA1:
944 hmacname = DNS_TSIG_HMACSHA1_NAME;
946 case DST_ALG_HMACSHA224:
947 hmacname = DNS_TSIG_HMACSHA224_NAME;
949 case DST_ALG_HMACSHA256:
950 hmacname = DNS_TSIG_HMACSHA256_NAME;
952 case DST_ALG_HMACSHA384:
953 hmacname = DNS_TSIG_HMACSHA384_NAME;
955 case DST_ALG_HMACSHA512:
956 hmacname = DNS_TSIG_HMACSHA512_NAME;
959 printf(";; Couldn't create key %s: bad algorithm\n",
963 result = dns_tsigkey_createfromkey(dst_key_name(dstkey), hmacname,
964 dstkey, ISC_FALSE, NULL, 0, 0,
966 if (result != ISC_R_SUCCESS) {
967 printf(";; Couldn't create key %s: %s\n",
968 keynametext, isc_result_totext(result));
973 dst_key_free(&dstkey);
976 static dig_searchlist_t *
977 make_searchlist_entry(char *domain) {
978 dig_searchlist_t *search;
979 search = isc_mem_allocate(mctx, sizeof(*search));
981 fatal("memory allocation failure in %s:%d",
983 strncpy(search->origin, domain, MXNAME);
984 search->origin[MXNAME-1] = 0;
985 ISC_LINK_INIT(search, link);
990 clear_searchlist(void) {
991 dig_searchlist_t *search;
992 while ((search = ISC_LIST_HEAD(search_list)) != NULL) {
993 ISC_LIST_UNLINK(search_list, search, link);
994 isc_mem_free(mctx, search);
999 create_search_list(lwres_conf_t *confdata) {
1001 dig_searchlist_t *search;
1003 debug("create_search_list()");
1006 for (i = 0; i < confdata->searchnxt; i++) {
1007 search = make_searchlist_entry(confdata->search[i]);
1008 ISC_LIST_APPEND(search_list, search, link);
1013 * Setup the system as a whole, reading key information and resolv.conf
1017 setup_system(void) {
1018 dig_searchlist_t *domain = NULL;
1019 lwres_result_t lwresult;
1020 unsigned int lwresflags;
1022 debug("setup_system()");
1024 lwresflags = LWRES_CONTEXT_SERVERMODE;
1026 lwresflags |= LWRES_CONTEXT_USEIPV4;
1028 lwresflags |= LWRES_CONTEXT_USEIPV6;
1030 lwresult = lwres_context_create(&lwctx, mctx, mem_alloc, mem_free,
1032 if (lwresult != LWRES_R_SUCCESS)
1033 fatal("lwres_context_create failed");
1035 lwresult = lwres_conf_parse(lwctx, RESOLV_CONF);
1036 if (lwresult != LWRES_R_SUCCESS && lwresult != LWRES_R_NOTFOUND)
1037 fatal("parse of %s failed", RESOLV_CONF);
1039 lwconf = lwres_conf_get(lwctx);
1041 /* Make the search list */
1042 if (lwconf->searchnxt > 0)
1043 create_search_list(lwconf);
1044 else { /* No search list. Use the domain name if any */
1045 if (lwconf->domainname != NULL) {
1046 domain = make_searchlist_entry(lwconf->domainname);
1047 ISC_LIST_APPEND(search_list, domain, link);
1053 ndots = lwconf->ndots;
1054 debug("ndots is %d.", ndots);
1057 /* If user doesn't specify server use nameservers from resolv.conf. */
1058 if (ISC_LIST_EMPTY(server_list))
1059 copy_server_list(lwconf, &server_list);
1061 /* If we don't find a nameserver fall back to localhost */
1062 if (ISC_LIST_EMPTY(server_list)) {
1064 lwresult = add_nameserver(lwconf, "127.0.0.1", AF_INET);
1065 if (lwresult != ISC_R_SUCCESS)
1066 fatal("add_nameserver failed");
1069 lwresult = add_nameserver(lwconf, "::1", AF_INET6);
1070 if (lwresult != ISC_R_SUCCESS)
1071 fatal("add_nameserver failed");
1074 copy_server_list(lwconf, &server_list);
1081 if (keyfile[0] != 0)
1083 else if (keysecret[0] != 0)
1086 /* Setup the list of messages for +sigchase */
1087 ISC_LIST_INIT(chase_message_list);
1088 ISC_LIST_INIT(chase_message_list2);
1089 dns_name_init(&chase_name, NULL);
1091 dns_name_init(&chase_current_name, NULL);
1092 dns_name_init(&chase_authority_name, NULL);
1095 dns_name_init(&chase_signame, NULL);
1103 * Override the search list derived from resolv.conf by 'domain'.
1106 set_search_domain(char *domain) {
1107 dig_searchlist_t *search;
1110 search = make_searchlist_entry(domain);
1111 ISC_LIST_APPEND(search_list, search, link);
1115 * Setup the ISC and DNS libraries for use by the system.
1119 isc_result_t result;
1121 debug("setup_libs()");
1123 result = isc_net_probeipv4();
1124 if (result == ISC_R_SUCCESS)
1125 have_ipv4 = ISC_TRUE;
1127 result = isc_net_probeipv6();
1128 if (result == ISC_R_SUCCESS)
1129 have_ipv6 = ISC_TRUE;
1130 if (!have_ipv6 && !have_ipv4)
1131 fatal("can't find either v4 or v6 networking");
1133 result = isc_mem_create(0, 0, &mctx);
1134 check_result(result, "isc_mem_create");
1136 result = isc_taskmgr_create(mctx, 1, 0, &taskmgr);
1137 check_result(result, "isc_taskmgr_create");
1139 result = isc_task_create(taskmgr, 0, &global_task);
1140 check_result(result, "isc_task_create");
1142 result = isc_timermgr_create(mctx, &timermgr);
1143 check_result(result, "isc_timermgr_create");
1145 result = isc_socketmgr_create(mctx, &socketmgr);
1146 check_result(result, "isc_socketmgr_create");
1148 result = isc_entropy_create(mctx, &entp);
1149 check_result(result, "isc_entropy_create");
1151 result = dst_lib_init(mctx, entp, 0);
1152 check_result(result, "dst_lib_init");
1153 is_dst_up = ISC_TRUE;
1155 result = isc_mempool_create(mctx, COMMSIZE, &commctx);
1156 check_result(result, "isc_mempool_create");
1157 isc_mempool_setname(commctx, "COMMPOOL");
1159 * 6 and 2 set as reasonable parameters for 3 or 4 nameserver
1162 isc_mempool_setfreemax(commctx, 6);
1163 isc_mempool_setfillcount(commctx, 2);
1165 result = isc_mutex_init(&lookup_lock);
1166 check_result(result, "isc_mutex_init");
1168 dns_result_register();
1172 * Add EDNS0 option record to a message. Currently, the only supported
1173 * options are UDP buffer size, the DO bit, and NSID request.
1176 add_opt(dns_message_t *msg, isc_uint16_t udpsize, isc_uint16_t edns,
1177 isc_boolean_t dnssec, isc_boolean_t nsid)
1179 dns_rdataset_t *rdataset = NULL;
1180 dns_rdatalist_t *rdatalist = NULL;
1181 dns_rdata_t *rdata = NULL;
1182 isc_result_t result;
1185 result = dns_message_gettemprdataset(msg, &rdataset);
1186 check_result(result, "dns_message_gettemprdataset");
1187 dns_rdataset_init(rdataset);
1188 result = dns_message_gettemprdatalist(msg, &rdatalist);
1189 check_result(result, "dns_message_gettemprdatalist");
1190 result = dns_message_gettemprdata(msg, &rdata);
1191 check_result(result, "dns_message_gettemprdata");
1193 debug("setting udp size of %d", udpsize);
1194 rdatalist->type = dns_rdatatype_opt;
1195 rdatalist->covers = 0;
1196 rdatalist->rdclass = udpsize;
1197 rdatalist->ttl = edns << 16;
1199 rdatalist->ttl |= DNS_MESSAGEEXTFLAG_DO;
1201 isc_buffer_t *b = NULL;
1203 result = isc_buffer_allocate(mctx, &b, 4);
1204 check_result(result, "isc_buffer_allocate");
1205 isc_buffer_putuint16(b, DNS_OPT_NSID);
1206 isc_buffer_putuint16(b, 0);
1207 rdata->data = isc_buffer_base(b);
1208 rdata->length = isc_buffer_usedlength(b);
1209 dns_message_takebuffer(msg, &b);
1214 ISC_LIST_INIT(rdatalist->rdata);
1215 ISC_LIST_APPEND(rdatalist->rdata, rdata, link);
1216 dns_rdatalist_tordataset(rdatalist, rdataset);
1217 result = dns_message_setopt(msg, rdataset);
1218 check_result(result, "dns_message_setopt");
1222 * Add a question section to a message, asking for the specified name,
1226 add_question(dns_message_t *message, dns_name_t *name,
1227 dns_rdataclass_t rdclass, dns_rdatatype_t rdtype)
1229 dns_rdataset_t *rdataset;
1230 isc_result_t result;
1232 debug("add_question()");
1234 result = dns_message_gettemprdataset(message, &rdataset);
1235 check_result(result, "dns_message_gettemprdataset()");
1236 dns_rdataset_init(rdataset);
1237 dns_rdataset_makequestion(rdataset, rdclass, rdtype);
1238 ISC_LIST_APPEND(name->list, rdataset, link);
1242 * Check if we're done with all the queued lookups, which is true iff
1243 * all sockets, sends, and recvs are accounted for (counters == 0),
1244 * and the lookup list is empty.
1245 * If we are done, pass control back out to dighost_shutdown() (which is
1246 * part of dig.c, host.c, or nslookup.c) to either shutdown the system as
1247 * a whole or reseed the lookup list.
1250 check_if_done(void) {
1251 debug("check_if_done()");
1252 debug("list %s", ISC_LIST_EMPTY(lookup_list) ? "empty" : "full");
1253 if (ISC_LIST_EMPTY(lookup_list) && current_lookup == NULL &&
1255 INSIST(sockcount == 0);
1256 INSIST(recvcount == 0);
1257 debug("shutting down");
1263 * Clear out a query when we're done with it. WARNING: This routine
1264 * WILL invalidate the query pointer.
1267 clear_query(dig_query_t *query) {
1268 dig_lookup_t *lookup;
1270 REQUIRE(query != NULL);
1272 debug("clear_query(%p)", query);
1274 lookup = query->lookup;
1276 if (lookup->current_query == query)
1277 lookup->current_query = NULL;
1279 ISC_LIST_UNLINK(lookup->q, query, link);
1280 if (ISC_LINK_LINKED(&query->recvbuf, link))
1281 ISC_LIST_DEQUEUE(query->recvlist, &query->recvbuf,
1283 if (ISC_LINK_LINKED(&query->lengthbuf, link))
1284 ISC_LIST_DEQUEUE(query->lengthlist, &query->lengthbuf,
1286 INSIST(query->recvspace != NULL);
1287 if (query->sock != NULL) {
1288 isc_socket_detach(&query->sock);
1290 debug("sockcount=%d", sockcount);
1292 isc_mempool_put(commctx, query->recvspace);
1293 isc_buffer_invalidate(&query->recvbuf);
1294 isc_buffer_invalidate(&query->lengthbuf);
1295 if (query->waiting_senddone)
1296 query->pending_free = ISC_TRUE;
1298 isc_mem_free(mctx, query);
1302 * Try and clear out a lookup if we're done with it. Return ISC_TRUE if
1303 * the lookup was successfully cleared. If ISC_TRUE is returned, the
1304 * lookup pointer has been invalidated.
1306 static isc_boolean_t
1307 try_clear_lookup(dig_lookup_t *lookup) {
1310 REQUIRE(lookup != NULL);
1312 debug("try_clear_lookup(%p)", lookup);
1314 if (ISC_LIST_HEAD(lookup->q) != NULL) {
1316 q = ISC_LIST_HEAD(lookup->q);
1318 debug("query to %s still pending", q->servname);
1319 q = ISC_LIST_NEXT(q, link);
1326 * At this point, we know there are no queries on the lookup,
1327 * so can make it go away also.
1329 destroy_lookup(lookup);
1334 destroy_lookup(dig_lookup_t *lookup) {
1339 s = ISC_LIST_HEAD(lookup->my_server_list);
1341 debug("freeing server %p belonging to %p", s, lookup);
1343 s = ISC_LIST_NEXT(s, link);
1344 ISC_LIST_DEQUEUE(lookup->my_server_list,
1345 (dig_server_t *)ptr, link);
1346 isc_mem_free(mctx, ptr);
1348 if (lookup->sendmsg != NULL)
1349 dns_message_destroy(&lookup->sendmsg);
1350 if (lookup->querysig != NULL) {
1351 debug("freeing buffer %p", lookup->querysig);
1352 isc_buffer_free(&lookup->querysig);
1354 if (lookup->timer != NULL)
1355 isc_timer_detach(&lookup->timer);
1356 if (lookup->sendspace != NULL)
1357 isc_mempool_put(commctx, lookup->sendspace);
1359 if (lookup->tsigctx != NULL)
1360 dst_context_destroy(&lookup->tsigctx);
1362 isc_mem_free(mctx, lookup);
1366 * If we can, start the next lookup in the queue running.
1367 * This assumes that the lookup on the head of the queue hasn't been
1368 * started yet. It also removes the lookup from the head of the queue,
1369 * setting the current_lookup pointer pointing to it.
1372 start_lookup(void) {
1373 debug("start_lookup()");
1378 * If there's a current lookup running, we really shouldn't get
1381 INSIST(current_lookup == NULL);
1383 current_lookup = ISC_LIST_HEAD(lookup_list);
1385 * Put the current lookup somewhere so cancel_all can find it
1387 if (current_lookup != NULL) {
1388 ISC_LIST_DEQUEUE(lookup_list, current_lookup, link);
1390 if (current_lookup->do_topdown &&
1391 !current_lookup->rdtype_sigchaseset) {
1392 dst_key_t *trustedkey = NULL;
1393 isc_buffer_t *b = NULL;
1395 isc_result_t result;
1396 dns_name_t query_name;
1397 dns_name_t *key_name;
1400 result = get_trusted_key(mctx);
1401 if (result != ISC_R_SUCCESS) {
1402 printf("\n;; No trusted key, "
1403 "+sigchase option is disabled\n");
1404 current_lookup->sigchase = ISC_FALSE;
1407 dns_name_init(&query_name, NULL);
1408 nameFromString(current_lookup->textname, &query_name);
1410 for (i = 0; i < tk_list.nb_tk; i++) {
1411 key_name = dst_key_name(tk_list.key[i]);
1413 if (dns_name_issubdomain(&query_name,
1414 key_name) == ISC_TRUE)
1415 trustedkey = tk_list.key[i];
1417 * Verify temp is really the lowest
1421 if (trustedkey == NULL) {
1422 printf("\n;; The queried zone: ");
1423 dns_name_print(&query_name, stdout);
1424 printf(" isn't a subdomain of any Trusted Keys"
1425 ": +sigchase option is disable\n");
1426 current_lookup->sigchase = ISC_FALSE;
1427 free_name(&query_name, mctx);
1430 free_name(&query_name, mctx);
1432 current_lookup->rdtype_sigchase
1433 = current_lookup->rdtype;
1434 current_lookup->rdtype_sigchaseset
1435 = current_lookup->rdtypeset;
1436 current_lookup->rdtype = dns_rdatatype_ns;
1438 current_lookup->qrdtype_sigchase
1439 = current_lookup->qrdtype;
1440 current_lookup->qrdtype = dns_rdatatype_ns;
1442 current_lookup->rdclass_sigchase
1443 = current_lookup->rdclass;
1444 current_lookup->rdclass_sigchaseset
1445 = current_lookup->rdclassset;
1446 current_lookup->rdclass = dns_rdataclass_in;
1448 strncpy(current_lookup->textnamesigchase,
1449 current_lookup->textname, MXNAME);
1451 current_lookup->trace_root_sigchase = ISC_TRUE;
1453 result = isc_buffer_allocate(mctx, &b, BUFSIZE);
1454 check_result(result, "isc_buffer_allocate");
1455 result = dns_name_totext(dst_key_name(trustedkey),
1457 check_result(result, "dns_name_totext");
1458 isc_buffer_usedregion(b, &r);
1459 r.base[r.length] = '\0';
1460 strncpy(current_lookup->textname, (char*)r.base,
1462 isc_buffer_free(&b);
1464 nameFromString(current_lookup->textnamesigchase,
1467 dns_name_init(&chase_authority_name, NULL);
1471 setup_lookup(current_lookup);
1472 do_lookup(current_lookup);
1479 * If we can, clear the current lookup and start the next one running.
1480 * This calls try_clear_lookup, so may invalidate the lookup pointer.
1483 check_next_lookup(dig_lookup_t *lookup) {
1487 debug("check_next_lookup(%p)", lookup);
1489 if (ISC_LIST_HEAD(lookup->q) != NULL) {
1490 debug("still have a worker");
1493 if (try_clear_lookup(lookup)) {
1494 current_lookup = NULL;
1500 * Create and queue a new lookup as a followup to the current lookup,
1501 * based on the supplied message and section. This is used in trace and
1502 * name server search modes to start a new lookup using servers from
1503 * NS records in a reply. Returns the number of followup lookups made.
1506 followup_lookup(dns_message_t *msg, dig_query_t *query, dns_section_t section)
1508 dig_lookup_t *lookup = NULL;
1509 dig_server_t *srv = NULL;
1510 dns_rdataset_t *rdataset = NULL;
1511 dns_rdata_t rdata = DNS_RDATA_INIT;
1512 dns_name_t *name = NULL;
1513 isc_result_t result;
1514 isc_boolean_t success = ISC_FALSE;
1517 isc_boolean_t horizontal = ISC_FALSE, bad = ISC_FALSE;
1521 debug("following up %s", query->lookup->textname);
1523 for (result = dns_message_firstname(msg, section);
1524 result == ISC_R_SUCCESS;
1525 result = dns_message_nextname(msg, section)) {
1527 dns_message_currentname(msg, section, &name);
1529 if (section == DNS_SECTION_AUTHORITY) {
1531 result = dns_message_findtype(name, dns_rdatatype_soa,
1533 if (result == ISC_R_SUCCESS)
1537 result = dns_message_findtype(name, dns_rdatatype_ns, 0,
1539 if (result != ISC_R_SUCCESS)
1542 debug("found NS set");
1544 if (query->lookup->trace && !query->lookup->trace_root) {
1545 dns_namereln_t namereln;
1546 unsigned int nlabels;
1549 domain = dns_fixedname_name(&query->lookup->fdomain);
1550 namereln = dns_name_fullcompare(name, domain,
1552 if (namereln == dns_namereln_equal) {
1554 printf(";; BAD (HORIZONTAL) REFERRAL\n");
1555 horizontal = ISC_TRUE;
1556 } else if (namereln != dns_namereln_subdomain) {
1558 printf(";; BAD REFERRAL\n");
1564 for (result = dns_rdataset_first(rdataset);
1565 result == ISC_R_SUCCESS;
1566 result = dns_rdataset_next(rdataset)) {
1567 char namestr[DNS_NAME_FORMATSIZE];
1570 if (query->lookup->trace_root &&
1571 query->lookup->nsfound >= MXSERV)
1574 dns_rdataset_current(rdataset, &rdata);
1576 query->lookup->nsfound++;
1577 result = dns_rdata_tostruct(&rdata, &ns, NULL);
1578 check_result(result, "dns_rdata_tostruct");
1579 dns_name_format(&ns.name, namestr, sizeof(namestr));
1580 dns_rdata_freestruct(&ns);
1582 /* Initialize lookup if we've not yet */
1583 debug("found NS %s", namestr);
1587 lookup = requeue_lookup(query->lookup,
1589 cancel_lookup(query->lookup);
1590 lookup->doing_xfr = ISC_FALSE;
1591 if (!lookup->trace_root &&
1592 section == DNS_SECTION_ANSWER)
1593 lookup->trace = ISC_FALSE;
1595 lookup->trace = query->lookup->trace;
1596 lookup->ns_search_only =
1597 query->lookup->ns_search_only;
1598 lookup->trace_root = ISC_FALSE;
1599 if (lookup->ns_search_only)
1600 lookup->recurse = ISC_FALSE;
1601 dns_fixedname_init(&lookup->fdomain);
1602 domain = dns_fixedname_name(&lookup->fdomain);
1603 dns_name_copy(name, domain, NULL);
1605 debug("adding server %s", namestr);
1606 numLookups += getaddresses(lookup, namestr);
1607 dns_rdata_reset(&rdata);
1611 if (lookup == NULL &&
1612 section == DNS_SECTION_ANSWER &&
1613 (query->lookup->trace || query->lookup->ns_search_only))
1614 return (followup_lookup(msg, query, DNS_SECTION_AUTHORITY));
1617 * Randomize the order the nameserver will be tried.
1619 if (numLookups > 1) {
1621 dig_serverlist_t my_server_list;
1624 ISC_LIST_INIT(my_server_list);
1627 for (srv = ISC_LIST_HEAD(lookup->my_server_list);
1629 srv = ISC_LIST_HEAD(lookup->my_server_list)) {
1633 next = ISC_LIST_NEXT(srv, link);
1634 while (j-- > 0 && next != NULL) {
1636 next = ISC_LIST_NEXT(srv, link);
1638 ISC_LIST_DEQUEUE(lookup->my_server_list, srv, link);
1639 ISC_LIST_APPEND(my_server_list, srv, link);
1642 ISC_LIST_APPENDLIST(lookup->my_server_list,
1643 my_server_list, link);
1646 return (numLookups);
1650 * Create and queue a new lookup using the next origin from the search
1651 * list, read in setup_system().
1653 * Return ISC_TRUE iff there was another searchlist entry.
1655 static isc_boolean_t
1656 next_origin(dns_message_t *msg, dig_query_t *query) {
1657 dig_lookup_t *lookup;
1658 dig_searchlist_t *search;
1664 debug("next_origin()");
1665 debug("following up %s", query->lookup->textname);
1669 * We're not using a search list, so don't even think
1670 * about finding the next entry.
1673 if (query->lookup->origin == NULL && !query->lookup->need_search)
1675 * Then we just did rootorg; there's nothing left.
1678 if (query->lookup->origin == NULL && query->lookup->need_search) {
1679 lookup = requeue_lookup(query->lookup, ISC_TRUE);
1680 lookup->origin = ISC_LIST_HEAD(search_list);
1681 lookup->need_search = ISC_FALSE;
1683 search = ISC_LIST_NEXT(query->lookup->origin, link);
1684 if (search == NULL && query->lookup->done_as_is)
1686 lookup = requeue_lookup(query->lookup, ISC_TRUE);
1687 lookup->origin = search;
1689 cancel_lookup(query->lookup);
1694 * Insert an SOA record into the sendmessage in a lookup. Used for
1695 * creating IXFR queries.
1698 insert_soa(dig_lookup_t *lookup) {
1699 isc_result_t result;
1700 dns_rdata_soa_t soa;
1701 dns_rdata_t *rdata = NULL;
1702 dns_rdatalist_t *rdatalist = NULL;
1703 dns_rdataset_t *rdataset = NULL;
1704 dns_name_t *soaname = NULL;
1706 debug("insert_soa()");
1708 soa.serial = lookup->ixfr_serial;
1713 soa.common.rdclass = lookup->rdclass;
1714 soa.common.rdtype = dns_rdatatype_soa;
1716 dns_name_init(&soa.origin, NULL);
1717 dns_name_init(&soa.contact, NULL);
1719 dns_name_clone(dns_rootname, &soa.origin);
1720 dns_name_clone(dns_rootname, &soa.contact);
1722 isc_buffer_init(&lookup->rdatabuf, lookup->rdatastore,
1723 sizeof(lookup->rdatastore));
1725 result = dns_message_gettemprdata(lookup->sendmsg, &rdata);
1726 check_result(result, "dns_message_gettemprdata");
1728 result = dns_rdata_fromstruct(rdata, lookup->rdclass,
1729 dns_rdatatype_soa, &soa,
1731 check_result(result, "isc_rdata_fromstruct");
1733 result = dns_message_gettemprdatalist(lookup->sendmsg, &rdatalist);
1734 check_result(result, "dns_message_gettemprdatalist");
1736 result = dns_message_gettemprdataset(lookup->sendmsg, &rdataset);
1737 check_result(result, "dns_message_gettemprdataset");
1739 dns_rdatalist_init(rdatalist);
1740 rdatalist->type = dns_rdatatype_soa;
1741 rdatalist->rdclass = lookup->rdclass;
1742 rdatalist->covers = 0;
1744 ISC_LIST_INIT(rdatalist->rdata);
1745 ISC_LIST_APPEND(rdatalist->rdata, rdata, link);
1747 dns_rdataset_init(rdataset);
1748 dns_rdatalist_tordataset(rdatalist, rdataset);
1750 result = dns_message_gettempname(lookup->sendmsg, &soaname);
1751 check_result(result, "dns_message_gettempname");
1752 dns_name_init(soaname, NULL);
1753 dns_name_clone(lookup->name, soaname);
1754 ISC_LIST_INIT(soaname->list);
1755 ISC_LIST_APPEND(soaname->list, rdataset, link);
1756 dns_message_addname(lookup->sendmsg, soaname, DNS_SECTION_AUTHORITY);
1760 * Setup the supplied lookup structure, making it ready to start sending
1761 * queries to servers. Create and initialize the message to be sent as
1762 * well as the query structures and buffer space for the replies. If the
1763 * server list is empty, clone it from the system default list.
1766 setup_lookup(dig_lookup_t *lookup) {
1767 isc_result_t result;
1773 dns_compress_t cctx;
1777 char utf8_textname[MXNAME], utf8_origin[MXNAME], idn_textname[MXNAME];
1781 result = dns_name_settotextfilter(output_filter);
1782 check_result(result, "dns_name_settotextfilter");
1785 REQUIRE(lookup != NULL);
1788 debug("setup_lookup(%p)", lookup);
1790 result = dns_message_create(mctx, DNS_MESSAGE_INTENTRENDER,
1792 check_result(result, "dns_message_create");
1794 if (lookup->new_search) {
1795 debug("resetting lookup counter.");
1799 if (ISC_LIST_EMPTY(lookup->my_server_list)) {
1800 debug("cloning server list");
1801 clone_server_list(server_list, &lookup->my_server_list);
1803 result = dns_message_gettempname(lookup->sendmsg, &lookup->name);
1804 check_result(result, "dns_message_gettempname");
1805 dns_name_init(lookup->name, NULL);
1807 isc_buffer_init(&lookup->namebuf, lookup->namespace,
1808 sizeof(lookup->namespace));
1809 isc_buffer_init(&lookup->onamebuf, lookup->onamespace,
1810 sizeof(lookup->onamespace));
1814 * We cannot convert `textname' and `origin' separately.
1815 * `textname' doesn't contain TLD, but local mapping needs
1818 mr = idn_encodename(IDN_LOCALCONV | IDN_DELIMMAP, lookup->textname,
1819 utf8_textname, sizeof(utf8_textname));
1820 idn_check_result(mr, "convert textname to UTF-8");
1824 * If the name has too many dots, force the origin to be NULL
1825 * (which produces an absolute lookup). Otherwise, take the origin
1826 * we have if there's one in the struct already. If it's NULL,
1827 * take the first entry in the searchlist iff either usesearch
1828 * is TRUE or we got a domain line in the resolv.conf file.
1830 if (lookup->new_search) {
1832 if ((count_dots(utf8_textname) >= ndots) || !usesearch) {
1833 lookup->origin = NULL; /* Force abs lookup */
1834 lookup->done_as_is = ISC_TRUE;
1835 lookup->need_search = usesearch;
1836 } else if (lookup->origin == NULL && usesearch) {
1837 lookup->origin = ISC_LIST_HEAD(search_list);
1838 lookup->need_search = ISC_FALSE;
1841 if ((count_dots(lookup->textname) >= ndots) || !usesearch) {
1842 lookup->origin = NULL; /* Force abs lookup */
1843 lookup->done_as_is = ISC_TRUE;
1844 lookup->need_search = usesearch;
1845 } else if (lookup->origin == NULL && usesearch) {
1846 lookup->origin = ISC_LIST_HEAD(search_list);
1847 lookup->need_search = ISC_FALSE;
1853 if (lookup->origin != NULL) {
1854 mr = idn_encodename(IDN_LOCALCONV | IDN_DELIMMAP,
1855 lookup->origin->origin, utf8_origin,
1856 sizeof(utf8_origin));
1857 idn_check_result(mr, "convert origin to UTF-8");
1858 mr = append_textname(utf8_textname, utf8_origin,
1859 sizeof(utf8_textname));
1860 idn_check_result(mr, "append origin to textname");
1862 mr = idn_encodename(idnoptions | IDN_LOCALMAP | IDN_NAMEPREP |
1863 IDN_IDNCONV | IDN_LENCHECK, utf8_textname,
1864 idn_textname, sizeof(idn_textname));
1865 idn_check_result(mr, "convert UTF-8 textname to IDN encoding");
1867 if (lookup->origin != NULL) {
1868 debug("trying origin %s", lookup->origin->origin);
1869 result = dns_message_gettempname(lookup->sendmsg,
1871 check_result(result, "dns_message_gettempname");
1872 dns_name_init(lookup->oname, NULL);
1873 /* XXX Helper funct to conv char* to name? */
1874 len = strlen(lookup->origin->origin);
1875 isc_buffer_init(&b, lookup->origin->origin, len);
1876 isc_buffer_add(&b, len);
1877 result = dns_name_fromtext(lookup->oname, &b, dns_rootname,
1878 ISC_FALSE, &lookup->onamebuf);
1879 if (result != ISC_R_SUCCESS) {
1880 dns_message_puttempname(lookup->sendmsg,
1882 dns_message_puttempname(lookup->sendmsg,
1884 fatal("'%s' is not in legal name syntax (%s)",
1885 lookup->origin->origin,
1886 isc_result_totext(result));
1888 if (lookup->trace && lookup->trace_root) {
1889 dns_name_clone(dns_rootname, lookup->name);
1891 len = strlen(lookup->textname);
1892 isc_buffer_init(&b, lookup->textname, len);
1893 isc_buffer_add(&b, len);
1894 result = dns_name_fromtext(lookup->name, &b,
1895 lookup->oname, ISC_FALSE,
1898 if (result != ISC_R_SUCCESS) {
1899 dns_message_puttempname(lookup->sendmsg,
1901 dns_message_puttempname(lookup->sendmsg,
1903 fatal("'%s' is not in legal name syntax (%s)",
1904 lookup->textname, isc_result_totext(result));
1906 dns_message_puttempname(lookup->sendmsg, &lookup->oname);
1910 debug("using root origin");
1911 if (lookup->trace && lookup->trace_root)
1912 dns_name_clone(dns_rootname, lookup->name);
1915 len = strlen(idn_textname);
1916 isc_buffer_init(&b, idn_textname, len);
1917 isc_buffer_add(&b, len);
1918 result = dns_name_fromtext(lookup->name, &b,
1923 len = strlen(lookup->textname);
1924 isc_buffer_init(&b, lookup->textname, len);
1925 isc_buffer_add(&b, len);
1926 result = dns_name_fromtext(lookup->name, &b,
1932 if (result != ISC_R_SUCCESS) {
1933 dns_message_puttempname(lookup->sendmsg,
1935 isc_buffer_init(&b, store, MXNAME);
1936 fatal("'%s' is not a legal name "
1937 "(%s)", lookup->textname,
1938 isc_result_totext(result));
1941 dns_name_format(lookup->name, store, sizeof(store));
1942 trying(store, lookup);
1943 INSIST(dns_name_isabsolute(lookup->name));
1945 isc_random_get(&id);
1946 lookup->sendmsg->id = (unsigned short)id & 0xFFFF;
1947 lookup->sendmsg->opcode = dns_opcode_query;
1948 lookup->msgcounter = 0;
1950 * If this is a trace request, completely disallow recursion, since
1951 * it's meaningless for traces.
1953 if (lookup->trace || (lookup->ns_search_only && !lookup->trace_root))
1954 lookup->recurse = ISC_FALSE;
1956 if (lookup->recurse &&
1957 lookup->rdtype != dns_rdatatype_axfr &&
1958 lookup->rdtype != dns_rdatatype_ixfr) {
1959 debug("recursive query");
1960 lookup->sendmsg->flags |= DNS_MESSAGEFLAG_RD;
1964 if (lookup->aaonly) {
1966 lookup->sendmsg->flags |= DNS_MESSAGEFLAG_AA;
1969 if (lookup->adflag) {
1971 lookup->sendmsg->flags |= DNS_MESSAGEFLAG_AD;
1974 if (lookup->cdflag) {
1976 lookup->sendmsg->flags |= DNS_MESSAGEFLAG_CD;
1979 dns_message_addname(lookup->sendmsg, lookup->name,
1980 DNS_SECTION_QUESTION);
1982 if (lookup->trace && lookup->trace_root) {
1983 lookup->qrdtype = lookup->rdtype;
1984 lookup->rdtype = dns_rdatatype_ns;
1987 if ((lookup->rdtype == dns_rdatatype_axfr) ||
1988 (lookup->rdtype == dns_rdatatype_ixfr)) {
1990 * Force TCP mode if we're doing an axfr.
1992 if (lookup->rdtype == dns_rdatatype_axfr) {
1993 lookup->doing_xfr = ISC_TRUE;
1994 lookup->tcp_mode = ISC_TRUE;
1995 } else if (lookup->tcp_mode) {
1996 lookup->doing_xfr = ISC_TRUE;
2000 add_question(lookup->sendmsg, lookup->name, lookup->rdclass,
2004 if (lookup->rdtype == dns_rdatatype_ixfr)
2007 /* XXX Insist this? */
2008 lookup->tsigctx = NULL;
2009 lookup->querysig = NULL;
2011 debug("initializing keys");
2012 result = dns_message_settsigkey(lookup->sendmsg, key);
2013 check_result(result, "dns_message_settsigkey");
2016 lookup->sendspace = isc_mempool_get(commctx);
2017 if (lookup->sendspace == NULL)
2018 fatal("memory allocation failure");
2020 result = dns_compress_init(&cctx, -1, mctx);
2021 check_result(result, "dns_compress_init");
2023 debug("starting to render the message");
2024 isc_buffer_init(&lookup->renderbuf, lookup->sendspace, COMMSIZE);
2025 result = dns_message_renderbegin(lookup->sendmsg, &cctx,
2026 &lookup->renderbuf);
2027 check_result(result, "dns_message_renderbegin");
2028 if (lookup->udpsize > 0 || lookup->dnssec || lookup->edns > -1) {
2029 if (lookup->udpsize == 0)
2030 lookup->udpsize = 4096;
2031 if (lookup->edns < 0)
2033 add_opt(lookup->sendmsg, lookup->udpsize,
2034 lookup->edns, lookup->dnssec, lookup->nsid);
2037 result = dns_message_rendersection(lookup->sendmsg,
2038 DNS_SECTION_QUESTION, 0);
2039 check_result(result, "dns_message_rendersection");
2040 result = dns_message_rendersection(lookup->sendmsg,
2041 DNS_SECTION_AUTHORITY, 0);
2042 check_result(result, "dns_message_rendersection");
2043 result = dns_message_renderend(lookup->sendmsg);
2044 check_result(result, "dns_message_renderend");
2045 debug("done rendering");
2047 dns_compress_invalidate(&cctx);
2050 * Force TCP mode if the request is larger than 512 bytes.
2052 if (isc_buffer_usedlength(&lookup->renderbuf) > 512)
2053 lookup->tcp_mode = ISC_TRUE;
2055 lookup->pending = ISC_FALSE;
2057 for (serv = ISC_LIST_HEAD(lookup->my_server_list);
2059 serv = ISC_LIST_NEXT(serv, link)) {
2060 query = isc_mem_allocate(mctx, sizeof(dig_query_t));
2062 fatal("memory allocation failure in %s:%d",
2063 __FILE__, __LINE__);
2064 debug("create query %p linked to lookup %p",
2066 query->lookup = lookup;
2067 query->waiting_connect = ISC_FALSE;
2068 query->waiting_senddone = ISC_FALSE;
2069 query->pending_free = ISC_FALSE;
2070 query->recv_made = ISC_FALSE;
2071 query->first_pass = ISC_TRUE;
2072 query->first_soa_rcvd = ISC_FALSE;
2073 query->second_rr_rcvd = ISC_FALSE;
2074 query->first_repeat_rcvd = ISC_FALSE;
2075 query->warn_id = ISC_TRUE;
2076 query->first_rr_serial = 0;
2077 query->second_rr_serial = 0;
2078 query->servname = serv->servername;
2079 query->userarg = serv->userarg;
2080 query->rr_count = 0;
2081 query->msg_count = 0;
2082 query->byte_count = 0;
2083 ISC_LINK_INIT(query, link);
2084 ISC_LIST_INIT(query->recvlist);
2085 ISC_LIST_INIT(query->lengthlist);
2087 query->recvspace = isc_mempool_get(commctx);
2088 if (query->recvspace == NULL)
2089 fatal("memory allocation failure");
2091 isc_buffer_init(&query->recvbuf, query->recvspace, COMMSIZE);
2092 isc_buffer_init(&query->lengthbuf, query->lengthspace, 2);
2093 isc_buffer_init(&query->slbuf, query->slspace, 2);
2094 query->sendbuf = lookup->renderbuf;
2096 ISC_LINK_INIT(query, link);
2097 ISC_LIST_ENQUEUE(lookup->q, query, link);
2099 /* XXX qrflag, print_query, etc... */
2100 if (!ISC_LIST_EMPTY(lookup->q) && qr) {
2102 printmessage(ISC_LIST_HEAD(lookup->q), lookup->sendmsg,
2108 * Event handler for send completion. Track send counter, and clear out
2109 * the query if the send was canceled.
2112 send_done(isc_task_t *_task, isc_event_t *event) {
2113 isc_socketevent_t *sevent = (isc_socketevent_t *)event;
2114 isc_buffer_t *b = NULL;
2115 dig_query_t *query, *next;
2118 REQUIRE(event->ev_type == ISC_SOCKEVENT_SENDDONE);
2124 debug("send_done()");
2126 debug("sendcount=%d", sendcount);
2127 INSIST(sendcount >= 0);
2129 for (b = ISC_LIST_HEAD(sevent->bufferlist);
2131 b = ISC_LIST_HEAD(sevent->bufferlist))
2132 ISC_LIST_DEQUEUE(sevent->bufferlist, b, link);
2134 query = event->ev_arg;
2135 query->waiting_senddone = ISC_FALSE;
2138 if (l->ns_search_only && !l->trace_root) {
2139 debug("sending next, since searching");
2140 next = ISC_LIST_NEXT(query, link);
2145 isc_event_free(&event);
2147 if (query->pending_free)
2148 isc_mem_free(mctx, query);
2155 * Cancel a lookup, sending isc_socket_cancel() requests to all outstanding
2156 * IO sockets. The cancel handlers should take care of cleaning up the
2157 * query and lookup structures
2160 cancel_lookup(dig_lookup_t *lookup) {
2161 dig_query_t *query, *next;
2163 debug("cancel_lookup()");
2164 query = ISC_LIST_HEAD(lookup->q);
2165 while (query != NULL) {
2166 next = ISC_LIST_NEXT(query, link);
2167 if (query->sock != NULL) {
2168 isc_socket_cancel(query->sock, global_task,
2169 ISC_SOCKCANCEL_ALL);
2176 if (lookup->timer != NULL)
2177 isc_timer_detach(&lookup->timer);
2178 lookup->pending = ISC_FALSE;
2179 lookup->retries = 0;
2183 bringup_timer(dig_query_t *query, unsigned int default_timeout) {
2185 unsigned int local_timeout;
2186 isc_result_t result;
2188 debug("bringup_timer()");
2190 * If the timer already exists, that means we're calling this
2191 * a second time (for a retry). Don't need to recreate it,
2195 if (ISC_LIST_NEXT(query, link) != NULL)
2196 local_timeout = SERVER_TIMEOUT;
2199 local_timeout = default_timeout;
2201 local_timeout = timeout;
2203 debug("have local timeout of %d", local_timeout);
2204 isc_interval_set(&l->interval, local_timeout, 0);
2205 if (l->timer != NULL)
2206 isc_timer_detach(&l->timer);
2207 result = isc_timer_create(timermgr, isc_timertype_once, NULL,
2208 &l->interval, global_task, connect_timeout,
2210 check_result(result, "isc_timer_create");
2214 force_timeout(dig_lookup_t *l, dig_query_t *query) {
2217 event = isc_event_allocate(mctx, query, ISC_TIMEREVENT_IDLE,
2219 sizeof(isc_event_t));
2220 if (event == NULL) {
2221 fatal("isc_event_allocate: %s",
2222 isc_result_totext(ISC_R_NOMEMORY));
2224 isc_task_send(global_task, &event);
2227 * The timer may have expired if, for example, get_address() takes
2228 * long time and the timer was running on a different thread.
2229 * We need to cancel the possible timeout event not to confuse
2230 * ourselves due to the duplicate events.
2232 if (l->timer != NULL)
2233 isc_timer_detach(&l->timer);
2238 connect_done(isc_task_t *task, isc_event_t *event);
2241 * Unlike send_udp, this can't be called multiple times with the same
2242 * query. When we retry TCP, we requeue the whole lookup, which should
2246 send_tcp_connect(dig_query_t *query) {
2247 isc_result_t result;
2251 debug("send_tcp_connect(%p)", query);
2254 query->waiting_connect = ISC_TRUE;
2255 query->lookup->current_query = query;
2256 result = get_address(query->servname, port, &query->sockaddr);
2257 if (result != ISC_R_SUCCESS) {
2259 * This servname doesn't have an address. Try the next server
2260 * by triggering an immediate 'timeout' (we lie, but the effect
2263 force_timeout(l, query);
2267 if (specified_source &&
2268 (isc_sockaddr_pf(&query->sockaddr) !=
2269 isc_sockaddr_pf(&bind_address))) {
2270 printf(";; Skipping server %s, incompatible "
2271 "address family\n", query->servname);
2272 query->waiting_connect = ISC_FALSE;
2273 next = ISC_LIST_NEXT(query, link);
2277 printf(";; No acceptable nameservers\n");
2278 check_next_lookup(l);
2281 send_tcp_connect(next);
2284 INSIST(query->sock == NULL);
2285 result = isc_socket_create(socketmgr,
2286 isc_sockaddr_pf(&query->sockaddr),
2287 isc_sockettype_tcp, &query->sock);
2288 check_result(result, "isc_socket_create");
2290 debug("sockcount=%d", sockcount);
2291 if (specified_source)
2292 result = isc_socket_bind(query->sock, &bind_address,
2293 ISC_SOCKET_REUSEADDRESS);
2295 if ((isc_sockaddr_pf(&query->sockaddr) == AF_INET) &&
2297 isc_sockaddr_any(&bind_any);
2299 isc_sockaddr_any6(&bind_any);
2300 result = isc_socket_bind(query->sock, &bind_any, 0);
2302 check_result(result, "isc_socket_bind");
2303 bringup_timer(query, TCP_TIMEOUT);
2304 result = isc_socket_connect(query->sock, &query->sockaddr,
2305 global_task, connect_done, query);
2306 check_result(result, "isc_socket_connect");
2308 * If we're at the endgame of a nameserver search, we need to
2309 * immediately bring up all the queries. Do it here.
2311 if (l->ns_search_only && !l->trace_root) {
2312 debug("sending next, since searching");
2313 next = ISC_LIST_NEXT(query, link);
2315 send_tcp_connect(next);
2320 * Send a UDP packet to the remote nameserver, possible starting the
2321 * recv action as well. Also make sure that the timer is running and
2322 * is properly reset.
2325 send_udp(dig_query_t *query) {
2326 dig_lookup_t *l = NULL;
2327 isc_result_t result;
2329 debug("send_udp(%p)", query);
2332 bringup_timer(query, UDP_TIMEOUT);
2333 l->current_query = query;
2334 debug("working on lookup %p, query %p", query->lookup, query);
2335 if (!query->recv_made) {
2336 /* XXX Check the sense of this, need assertion? */
2337 query->waiting_connect = ISC_FALSE;
2338 result = get_address(query->servname, port, &query->sockaddr);
2339 if (result != ISC_R_SUCCESS) {
2340 /* This servname doesn't have an address. */
2341 force_timeout(l, query);
2345 result = isc_socket_create(socketmgr,
2346 isc_sockaddr_pf(&query->sockaddr),
2347 isc_sockettype_udp, &query->sock);
2348 check_result(result, "isc_socket_create");
2350 debug("sockcount=%d", sockcount);
2351 if (specified_source) {
2352 result = isc_socket_bind(query->sock, &bind_address,
2353 ISC_SOCKET_REUSEADDRESS);
2355 isc_sockaddr_anyofpf(&bind_any,
2356 isc_sockaddr_pf(&query->sockaddr));
2357 result = isc_socket_bind(query->sock, &bind_any, 0);
2359 check_result(result, "isc_socket_bind");
2361 query->recv_made = ISC_TRUE;
2362 ISC_LINK_INIT(&query->recvbuf, link);
2363 ISC_LIST_ENQUEUE(query->recvlist, &query->recvbuf,
2365 debug("recving with lookup=%p, query=%p, sock=%p",
2366 query->lookup, query, query->sock);
2367 result = isc_socket_recvv(query->sock, &query->recvlist, 1,
2368 global_task, recv_done, query);
2369 check_result(result, "isc_socket_recvv");
2371 debug("recvcount=%d", recvcount);
2373 ISC_LIST_INIT(query->sendlist);
2374 ISC_LIST_ENQUEUE(query->sendlist, &query->sendbuf, link);
2375 debug("sending a request");
2376 TIME_NOW(&query->time_sent);
2377 INSIST(query->sock != NULL);
2378 query->waiting_senddone = ISC_TRUE;
2379 result = isc_socket_sendtov(query->sock, &query->sendlist,
2380 global_task, send_done, query,
2381 &query->sockaddr, NULL);
2382 check_result(result, "isc_socket_sendtov");
2387 * IO timeout handler, used for both connect and recv timeouts. If
2388 * retries are still allowed, either resend the UDP packet or queue a
2389 * new TCP lookup. Otherwise, cancel the lookup.
2392 connect_timeout(isc_task_t *task, isc_event_t *event) {
2393 dig_lookup_t *l = NULL;
2394 dig_query_t *query = NULL, *cq;
2397 REQUIRE(event->ev_type == ISC_TIMEREVENT_IDLE);
2399 debug("connect_timeout()");
2403 query = l->current_query;
2404 isc_event_free(&event);
2408 if ((query != NULL) && (query->lookup->current_query != NULL) &&
2409 (ISC_LIST_NEXT(query->lookup->current_query, link) != NULL)) {
2410 debug("trying next server...");
2411 cq = query->lookup->current_query;
2413 send_udp(ISC_LIST_NEXT(cq, link));
2415 if (query->sock != NULL)
2416 isc_socket_cancel(query->sock, NULL,
2417 ISC_SOCKCANCEL_ALL);
2418 send_tcp_connect(ISC_LIST_NEXT(cq, link));
2424 if (l->retries > 1) {
2427 debug("resending UDP request to first server");
2428 send_udp(ISC_LIST_HEAD(l->q));
2430 debug("making new TCP request, %d tries left",
2433 requeue_lookup(l, ISC_TRUE);
2435 check_next_lookup(l);
2438 fputs(l->cmdline, stdout);
2439 printf(";; connection timed out; no servers could be "
2442 check_next_lookup(l);
2450 * Event handler for the TCP recv which gets the length header of TCP
2451 * packets. Start the next recv of length bytes.
2454 tcp_length_done(isc_task_t *task, isc_event_t *event) {
2455 isc_socketevent_t *sevent;
2456 isc_buffer_t *b = NULL;
2457 isc_result_t result;
2458 dig_query_t *query = NULL;
2460 isc_uint16_t length;
2462 REQUIRE(event->ev_type == ISC_SOCKEVENT_RECVDONE);
2467 debug("tcp_length_done()");
2470 sevent = (isc_socketevent_t *)event;
2471 query = event->ev_arg;
2474 INSIST(recvcount >= 0);
2476 b = ISC_LIST_HEAD(sevent->bufferlist);
2477 INSIST(b == &query->lengthbuf);
2478 ISC_LIST_DEQUEUE(sevent->bufferlist, b, link);
2480 if (sevent->result == ISC_R_CANCELED) {
2481 isc_event_free(&event);
2484 check_next_lookup(l);
2488 if (sevent->result != ISC_R_SUCCESS) {
2489 char sockstr[ISC_SOCKADDR_FORMATSIZE];
2490 isc_sockaddr_format(&query->sockaddr, sockstr,
2492 printf(";; communications error to %s: %s\n",
2493 sockstr, isc_result_totext(sevent->result));
2495 isc_socket_detach(&query->sock);
2497 debug("sockcount=%d", sockcount);
2498 INSIST(sockcount >= 0);
2499 isc_event_free(&event);
2501 check_next_lookup(l);
2505 length = isc_buffer_getuint16(b);
2507 isc_event_free(&event);
2508 launch_next_query(query, ISC_FALSE);
2514 * Even though the buffer was already init'ed, we need
2515 * to redo it now, to force the length we want.
2517 isc_buffer_invalidate(&query->recvbuf);
2518 isc_buffer_init(&query->recvbuf, query->recvspace, length);
2519 ENSURE(ISC_LIST_EMPTY(query->recvlist));
2520 ISC_LINK_INIT(&query->recvbuf, link);
2521 ISC_LIST_ENQUEUE(query->recvlist, &query->recvbuf, link);
2522 debug("recving with lookup=%p, query=%p", query->lookup, query);
2523 result = isc_socket_recvv(query->sock, &query->recvlist, length, task,
2525 check_result(result, "isc_socket_recvv");
2527 debug("resubmitted recv request with length %d, recvcount=%d",
2529 isc_event_free(&event);
2534 * For transfers that involve multiple recvs (XFR's in particular),
2535 * launch the next recv.
2538 launch_next_query(dig_query_t *query, isc_boolean_t include_question) {
2539 isc_result_t result;
2544 debug("launch_next_query()");
2546 if (!query->lookup->pending) {
2547 debug("ignoring launch_next_query because !pending");
2548 isc_socket_detach(&query->sock);
2550 debug("sockcount=%d", sockcount);
2551 INSIST(sockcount >= 0);
2552 query->waiting_connect = ISC_FALSE;
2555 check_next_lookup(l);
2559 isc_buffer_clear(&query->slbuf);
2560 isc_buffer_clear(&query->lengthbuf);
2561 isc_buffer_putuint16(&query->slbuf, (isc_uint16_t) query->sendbuf.used);
2562 ISC_LIST_INIT(query->sendlist);
2563 ISC_LINK_INIT(&query->slbuf, link);
2564 ISC_LIST_ENQUEUE(query->sendlist, &query->slbuf, link);
2565 if (include_question)
2566 ISC_LIST_ENQUEUE(query->sendlist, &query->sendbuf, link);
2567 ISC_LINK_INIT(&query->lengthbuf, link);
2568 ISC_LIST_ENQUEUE(query->lengthlist, &query->lengthbuf, link);
2570 result = isc_socket_recvv(query->sock, &query->lengthlist, 0,
2571 global_task, tcp_length_done, query);
2572 check_result(result, "isc_socket_recvv");
2574 debug("recvcount=%d", recvcount);
2575 if (!query->first_soa_rcvd) {
2576 debug("sending a request in launch_next_query");
2577 TIME_NOW(&query->time_sent);
2578 query->waiting_senddone = ISC_TRUE;
2579 result = isc_socket_sendv(query->sock, &query->sendlist,
2580 global_task, send_done, query);
2581 check_result(result, "isc_socket_sendv");
2583 debug("sendcount=%d", sendcount);
2585 query->waiting_connect = ISC_FALSE;
2587 check_next_lookup(query->lookup);
2593 * Event handler for TCP connect complete. Make sure the connection was
2594 * successful, then pass into launch_next_query to actually send the
2598 connect_done(isc_task_t *task, isc_event_t *event) {
2599 isc_socketevent_t *sevent = NULL;
2600 dig_query_t *query = NULL, *next;
2605 REQUIRE(event->ev_type == ISC_SOCKEVENT_CONNECT);
2608 debug("connect_done()");
2611 sevent = (isc_socketevent_t *)event;
2612 query = sevent->ev_arg;
2614 INSIST(query->waiting_connect);
2616 query->waiting_connect = ISC_FALSE;
2618 if (sevent->result == ISC_R_CANCELED) {
2619 debug("in cancel handler");
2620 isc_socket_detach(&query->sock);
2621 INSIST(sockcount > 0);
2623 debug("sockcount=%d", sockcount);
2624 query->waiting_connect = ISC_FALSE;
2625 isc_event_free(&event);
2628 check_next_lookup(l);
2632 if (sevent->result != ISC_R_SUCCESS) {
2633 char sockstr[ISC_SOCKADDR_FORMATSIZE];
2635 debug("unsuccessful connection: %s",
2636 isc_result_totext(sevent->result));
2637 isc_sockaddr_format(&query->sockaddr, sockstr, sizeof(sockstr));
2638 if (sevent->result != ISC_R_CANCELED)
2639 printf(";; Connection to %s(%s) for %s failed: "
2641 query->servname, query->lookup->textname,
2642 isc_result_totext(sevent->result));
2643 isc_socket_detach(&query->sock);
2645 INSIST(sockcount >= 0);
2646 /* XXX Clean up exitcodes */
2649 debug("sockcount=%d", sockcount);
2650 query->waiting_connect = ISC_FALSE;
2651 isc_event_free(&event);
2653 if (l->current_query != NULL)
2654 next = ISC_LIST_NEXT(l->current_query, link);
2659 bringup_timer(next, TCP_TIMEOUT);
2660 send_tcp_connect(next);
2662 check_next_lookup(l);
2667 launch_next_query(query, ISC_TRUE);
2668 isc_event_free(&event);
2673 * Check if the ongoing XFR needs more data before it's complete, using
2674 * the semantics of IXFR and AXFR protocols. Much of the complexity of
2675 * this routine comes from determining when an IXFR is complete.
2676 * ISC_FALSE means more data is on the way, and the recv has been issued.
2678 static isc_boolean_t
2679 check_for_more_data(dig_query_t *query, dns_message_t *msg,
2680 isc_socketevent_t *sevent)
2682 dns_rdataset_t *rdataset = NULL;
2683 dns_rdata_t rdata = DNS_RDATA_INIT;
2684 dns_rdata_soa_t soa;
2685 isc_uint32_t serial;
2686 isc_result_t result;
2688 debug("check_for_more_data()");
2691 * By the time we're in this routine, we know we're doing
2692 * either an AXFR or IXFR. If there's no second_rr_type,
2693 * then we don't yet know which kind of answer we got back
2694 * from the server. Here, we're going to walk through the
2695 * rr's in the message, acting as necessary whenever we hit
2700 query->byte_count += sevent->n;
2701 result = dns_message_firstname(msg, DNS_SECTION_ANSWER);
2702 if (result != ISC_R_SUCCESS) {
2703 puts("; Transfer failed.");
2709 dns_message_currentname(msg, DNS_SECTION_ANSWER,
2711 for (rdataset = ISC_LIST_HEAD(name->list);
2713 rdataset = ISC_LIST_NEXT(rdataset, link)) {
2714 result = dns_rdataset_first(rdataset);
2715 if (result != ISC_R_SUCCESS)
2719 dns_rdata_reset(&rdata);
2720 dns_rdataset_current(rdataset, &rdata);
2722 * If this is the first rr, make sure
2725 if ((!query->first_soa_rcvd) &&
2726 (rdata.type != dns_rdatatype_soa)) {
2727 puts("; Transfer failed. "
2728 "Didn't start with SOA answer.");
2731 if ((!query->second_rr_rcvd) &&
2732 (rdata.type != dns_rdatatype_soa)) {
2733 query->second_rr_rcvd = ISC_TRUE;
2734 query->second_rr_serial = 0;
2735 debug("got the second rr as nonsoa");
2740 * If the record is anything except an SOA
2741 * now, just continue on...
2743 if (rdata.type != dns_rdatatype_soa)
2745 /* Now we have an SOA. Work with it. */
2746 debug("got an SOA");
2747 result = dns_rdata_tostruct(&rdata, &soa, NULL);
2748 check_result(result, "dns_rdata_tostruct");
2749 serial = soa.serial;
2750 dns_rdata_freestruct(&soa);
2751 if (!query->first_soa_rcvd) {
2752 query->first_soa_rcvd = ISC_TRUE;
2753 query->first_rr_serial = serial;
2754 debug("this is the first %d",
2755 query->lookup->ixfr_serial);
2756 if (query->lookup->ixfr_serial >=
2761 if (query->lookup->rdtype ==
2762 dns_rdatatype_axfr) {
2763 debug("doing axfr, got second SOA");
2766 if (!query->second_rr_rcvd) {
2767 if (query->first_rr_serial == serial) {
2768 debug("doing ixfr, got "
2772 debug("this is the second %d",
2773 query->lookup->ixfr_serial);
2774 query->second_rr_rcvd = ISC_TRUE;
2775 query->second_rr_serial = serial;
2778 if (query->second_rr_serial == 0) {
2780 * If the second RR was a non-SOA
2781 * record, and we're getting any
2782 * other SOA, then this is an
2783 * AXFR, and we're done.
2785 debug("done, since axfr");
2789 * If we get to this point, we're doing an
2790 * IXFR and have to start really looking
2791 * at serial numbers.
2793 if (query->first_rr_serial == serial) {
2794 debug("got a match for ixfr");
2795 if (!query->first_repeat_rcvd) {
2796 query->first_repeat_rcvd =
2800 debug("done with ixfr");
2803 debug("meaningless soa %d", serial);
2805 result = dns_rdataset_next(rdataset);
2806 } while (result == ISC_R_SUCCESS);
2808 result = dns_message_nextname(msg, DNS_SECTION_ANSWER);
2809 } while (result == ISC_R_SUCCESS);
2810 launch_next_query(query, ISC_FALSE);
2813 received(sevent->n, &sevent->address, query);
2818 * Event handler for recv complete. Perform whatever actions are necessary,
2819 * based on the specifics of the user's request.
2822 recv_done(isc_task_t *task, isc_event_t *event) {
2823 isc_socketevent_t *sevent = NULL;
2824 dig_query_t *query = NULL;
2825 isc_buffer_t *b = NULL;
2826 dns_message_t *msg = NULL;
2828 dig_message_t *chase_msg = NULL;
2829 dig_message_t *chase_msg2 = NULL;
2831 isc_result_t result;
2832 dig_lookup_t *n, *l;
2833 isc_boolean_t docancel = ISC_FALSE;
2834 isc_boolean_t match = ISC_TRUE;
2835 unsigned int parseflags;
2837 unsigned int msgflags;
2839 isc_result_t do_sigchase = ISC_FALSE;
2841 dns_message_t *msg_temp = NULL;
2843 isc_buffer_t *buf = NULL;
2849 debug("recv_done()");
2853 debug("recvcount=%d", recvcount);
2854 INSIST(recvcount >= 0);
2856 query = event->ev_arg;
2857 debug("lookup=%p, query=%p", query->lookup, query);
2861 REQUIRE(event->ev_type == ISC_SOCKEVENT_RECVDONE);
2862 sevent = (isc_socketevent_t *)event;
2864 b = ISC_LIST_HEAD(sevent->bufferlist);
2865 INSIST(b == &query->recvbuf);
2866 ISC_LIST_DEQUEUE(sevent->bufferlist, &query->recvbuf, link);
2868 if ((l->tcp_mode) && (l->timer != NULL))
2869 isc_timer_touch(l->timer);
2870 if ((!l->pending && !l->ns_search_only) || cancel_now) {
2871 debug("no longer pending. Got %s",
2872 isc_result_totext(sevent->result));
2873 query->waiting_connect = ISC_FALSE;
2875 isc_event_free(&event);
2877 check_next_lookup(l);
2882 if (sevent->result != ISC_R_SUCCESS) {
2883 if (sevent->result == ISC_R_CANCELED) {
2884 debug("in recv cancel handler");
2885 query->waiting_connect = ISC_FALSE;
2887 printf(";; communications error: %s\n",
2888 isc_result_totext(sevent->result));
2889 isc_socket_detach(&query->sock);
2891 debug("sockcount=%d", sockcount);
2892 INSIST(sockcount >= 0);
2894 isc_event_free(&event);
2896 check_next_lookup(l);
2902 !isc_sockaddr_compare(&sevent->address, &query->sockaddr,
2903 ISC_SOCKADDR_CMPADDR|
2904 ISC_SOCKADDR_CMPPORT|
2905 ISC_SOCKADDR_CMPSCOPE|
2906 ISC_SOCKADDR_CMPSCOPEZERO)) {
2907 char buf1[ISC_SOCKADDR_FORMATSIZE];
2908 char buf2[ISC_SOCKADDR_FORMATSIZE];
2911 if (isc_sockaddr_pf(&query->sockaddr) == AF_INET)
2912 isc_sockaddr_any(&any);
2914 isc_sockaddr_any6(&any);
2917 * We don't expect a match when the packet is
2918 * sent to 0.0.0.0, :: or to a multicast addresses.
2919 * XXXMPA broadcast needs to be handled here as well.
2921 if ((!isc_sockaddr_eqaddr(&query->sockaddr, &any) &&
2922 !isc_sockaddr_ismulticast(&query->sockaddr)) ||
2923 isc_sockaddr_getport(&query->sockaddr) !=
2924 isc_sockaddr_getport(&sevent->address)) {
2925 isc_sockaddr_format(&sevent->address, buf1,
2927 isc_sockaddr_format(&query->sockaddr, buf2,
2929 printf(";; reply from unexpected source: %s,"
2930 " expected %s\n", buf1, buf2);
2935 result = dns_message_peekheader(b, &id, &msgflags);
2936 if (result != ISC_R_SUCCESS || l->sendmsg->id != id) {
2939 isc_boolean_t fail = ISC_TRUE;
2940 if (result == ISC_R_SUCCESS) {
2941 if (!query->first_soa_rcvd ||
2943 printf(";; %s: ID mismatch: "
2944 "expected ID %u, got %u\n",
2945 query->first_soa_rcvd ?
2946 "WARNING" : "ERROR",
2947 l->sendmsg->id, id);
2948 if (query->first_soa_rcvd)
2950 query->warn_id = ISC_FALSE;
2952 printf(";; ERROR: short "
2953 "(< header size) message\n");
2955 isc_event_free(&event);
2957 check_next_lookup(l);
2962 } else if (result == ISC_R_SUCCESS)
2963 printf(";; Warning: ID mismatch: "
2964 "expected ID %u, got %u\n", l->sendmsg->id, id);
2966 printf(";; Warning: short "
2967 "(< header size) message received\n");
2970 if (result == ISC_R_SUCCESS && (msgflags & DNS_MESSAGEFLAG_QR) == 0)
2971 printf(";; Warning: query response not set\n");
2976 result = dns_message_create(mctx, DNS_MESSAGE_INTENTPARSE, &msg);
2977 check_result(result, "dns_message_create");
2980 if (l->querysig == NULL) {
2981 debug("getting initial querysig");
2982 result = dns_message_getquerytsig(l->sendmsg, mctx,
2984 check_result(result, "dns_message_getquerytsig");
2986 result = dns_message_setquerytsig(msg, l->querysig);
2987 check_result(result, "dns_message_setquerytsig");
2988 result = dns_message_settsigkey(msg, key);
2989 check_result(result, "dns_message_settsigkey");
2990 msg->tsigctx = l->tsigctx;
2992 if (l->msgcounter != 0)
2993 msg->tcp_continuation = 1;
2997 debug("before parse starts");
2998 parseflags = DNS_MESSAGEPARSE_PRESERVEORDER;
3001 do_sigchase = ISC_FALSE;
3004 do_sigchase = ISC_TRUE;
3007 if (l->besteffort) {
3008 parseflags |= DNS_MESSAGEPARSE_BESTEFFORT;
3009 parseflags |= DNS_MESSAGEPARSE_IGNORETRUNCATION;
3011 result = dns_message_parse(msg, b, parseflags);
3012 if (result == DNS_R_RECOVERABLE) {
3013 printf(";; Warning: Message parser reports malformed "
3014 "message packet.\n");
3015 result = ISC_R_SUCCESS;
3017 if (result != ISC_R_SUCCESS) {
3018 printf(";; Got bad packet: %s\n", isc_result_totext(result));
3020 query->waiting_connect = ISC_FALSE;
3021 dns_message_destroy(&msg);
3022 isc_event_free(&event);
3025 check_next_lookup(l);
3029 if (msg->counts[DNS_SECTION_QUESTION] != 0) {
3031 for (result = dns_message_firstname(msg, DNS_SECTION_QUESTION);
3032 result == ISC_R_SUCCESS && match;
3033 result = dns_message_nextname(msg, DNS_SECTION_QUESTION)) {
3034 dns_name_t *name = NULL;
3035 dns_rdataset_t *rdataset;
3037 dns_message_currentname(msg, DNS_SECTION_QUESTION,
3039 for (rdataset = ISC_LIST_HEAD(name->list);
3041 rdataset = ISC_LIST_NEXT(rdataset, link)) {
3042 if (l->rdtype != rdataset->type ||
3043 l->rdclass != rdataset->rdclass ||
3044 !dns_name_equal(l->name, name)) {
3045 char namestr[DNS_NAME_FORMATSIZE];
3046 char typebuf[DNS_RDATATYPE_FORMATSIZE];
3047 char classbuf[DNS_RDATACLASS_FORMATSIZE];
3048 dns_name_format(name, namestr,
3050 dns_rdatatype_format(rdataset->type,
3053 dns_rdataclass_format(rdataset->rdclass,
3056 printf(";; Question section mismatch: "
3058 namestr, typebuf, classbuf);
3064 dns_message_destroy(&msg);
3066 isc_event_free(&event);
3068 check_next_lookup(l);
3075 if ((msg->flags & DNS_MESSAGEFLAG_TC) != 0 &&
3076 !l->ignore && !l->tcp_mode) {
3077 printf(";; Truncated, retrying in TCP mode.\n");
3078 n = requeue_lookup(l, ISC_TRUE);
3079 n->tcp_mode = ISC_TRUE;
3080 n->origin = query->lookup->origin;
3081 dns_message_destroy(&msg);
3082 isc_event_free(&event);
3085 check_next_lookup(l);
3089 if ((msg->rcode == dns_rcode_servfail && !l->servfail_stops) ||
3090 (check_ra && (msg->flags & DNS_MESSAGEFLAG_RA) == 0 && l->recurse))
3092 dig_query_t *next = ISC_LIST_NEXT(query, link);
3093 if (l->current_query == query)
3094 l->current_query = NULL;
3096 debug("sending query %p\n", next);
3098 send_tcp_connect(next);
3103 * If our query is at the head of the list and there
3104 * is no next, we're the only one left, so fall
3105 * through to print the message.
3107 if ((ISC_LIST_HEAD(l->q) != query) ||
3108 (ISC_LIST_NEXT(query, link) != NULL)) {
3109 if( l->comments == ISC_TRUE )
3110 printf(";; Got %s from %s, "
3111 "trying next server\n",
3112 msg->rcode == dns_rcode_servfail ?
3114 "recursion not available",
3117 check_next_lookup(l);
3118 dns_message_destroy(&msg);
3119 isc_event_free(&event);
3126 result = dns_tsig_verify(&query->recvbuf, msg, NULL, NULL);
3127 if (result != ISC_R_SUCCESS) {
3128 printf(";; Couldn't verify signature: %s\n",
3129 isc_result_totext(result));
3130 validated = ISC_FALSE;
3132 l->tsigctx = msg->tsigctx;
3133 msg->tsigctx = NULL;
3134 if (l->querysig != NULL) {
3135 debug("freeing querysig buffer %p", l->querysig);
3136 isc_buffer_free(&l->querysig);
3138 result = dns_message_getquerytsig(msg, mctx, &l->querysig);
3139 check_result(result,"dns_message_getquerytsig");
3142 extrabytes = isc_buffer_remaininglength(b);
3144 debug("after parse");
3145 if (l->doing_xfr && l->xfr_q == NULL) {
3148 * Once we are in the XFR message, increase
3149 * the timeout to much longer, so brief network
3150 * outages won't cause the XFR to abort
3152 if (timeout != INT_MAX && l->timer != NULL) {
3153 unsigned int local_timeout;
3157 local_timeout = TCP_TIMEOUT * 4;
3159 local_timeout = UDP_TIMEOUT * 4;
3161 if (timeout < (INT_MAX / 4))
3162 local_timeout = timeout * 4;
3164 local_timeout = INT_MAX;
3166 debug("have local timeout of %d", local_timeout);
3167 isc_interval_set(&l->interval, local_timeout, 0);
3168 result = isc_timer_reset(l->timer,
3173 check_result(result, "isc_timer_reset");
3177 if (!l->doing_xfr || l->xfr_q == query) {
3178 if (msg->rcode != dns_rcode_noerror &&
3179 (l->origin != NULL || l->need_search)) {
3180 if (!next_origin(msg, query) || showsearch) {
3181 printmessage(query, msg, ISC_TRUE);
3182 received(b->used, &sevent->address, query);
3184 } else if (!l->trace && !l->ns_search_only) {
3188 printmessage(query, msg, ISC_TRUE);
3189 } else if (l->trace) {
3191 int count = msg->counts[DNS_SECTION_ANSWER];
3193 debug("in TRACE code");
3194 if (!l->ns_search_only)
3195 printmessage(query, msg, ISC_TRUE);
3197 l->rdtype = l->qrdtype;
3198 if (l->trace_root || (l->ns_search_only && count > 0)) {
3200 l->rdtype = dns_rdatatype_soa;
3201 n = followup_lookup(msg, query,
3202 DNS_SECTION_ANSWER);
3203 l->trace_root = ISC_FALSE;
3204 } else if (count == 0)
3205 n = followup_lookup(msg, query,
3206 DNS_SECTION_AUTHORITY);
3208 docancel = ISC_TRUE;
3210 debug("in NSSEARCH code");
3212 if (l->trace_root) {
3214 * This is the initial NS query.
3218 l->rdtype = dns_rdatatype_soa;
3219 n = followup_lookup(msg, query,
3220 DNS_SECTION_ANSWER);
3222 docancel = ISC_TRUE;
3223 l->trace_root = ISC_FALSE;
3228 printmessage(query, msg, ISC_TRUE);
3232 chase_msg = isc_mem_allocate(mctx,
3233 sizeof(dig_message_t));
3234 if (chase_msg == NULL) {
3235 fatal("Memory allocation failure in %s:%d",
3236 __FILE__, __LINE__);
3238 ISC_LIST_INITANDAPPEND(chase_message_list, chase_msg,
3240 if (dns_message_create(mctx, DNS_MESSAGE_INTENTPARSE,
3241 &msg_temp) != ISC_R_SUCCESS) {
3242 fatal("dns_message_create in %s:%d",
3243 __FILE__, __LINE__);
3246 isc_buffer_usedregion(b, &r);
3247 result = isc_buffer_allocate(mctx, &buf, r.length);
3249 check_result(result, "isc_buffer_allocate");
3250 result = isc_buffer_copyregion(buf, &r);
3251 check_result(result, "isc_buffer_copyregion");
3253 result = dns_message_parse(msg_temp, buf, 0);
3255 isc_buffer_free(&buf);
3256 chase_msg->msg = msg_temp;
3258 chase_msg2 = isc_mem_allocate(mctx,
3259 sizeof(dig_message_t));
3260 if (chase_msg2 == NULL) {
3261 fatal("Memory allocation failure in %s:%d",
3262 __FILE__, __LINE__);
3264 ISC_LIST_INITANDAPPEND(chase_message_list2, chase_msg2,
3266 chase_msg2->msg = msg;
3272 if (l->sigchase && ISC_LIST_EMPTY(lookup_list)) {
3278 debug("still pending.");
3280 if (query != l->xfr_q) {
3281 dns_message_destroy(&msg);
3282 isc_event_free(&event);
3283 query->waiting_connect = ISC_FALSE;
3288 docancel = check_for_more_data(query, msg, sevent);
3290 dns_message_destroy(&msg);
3293 check_next_lookup(l);
3297 if (msg->rcode == dns_rcode_noerror || l->origin == NULL) {
3302 received(b->used, &sevent->address, query);
3305 if (!query->lookup->ns_search_only)
3306 query->lookup->pending = ISC_FALSE;
3307 if (!query->lookup->ns_search_only ||
3308 query->lookup->trace_root || docancel) {
3312 dns_message_destroy(&msg);
3317 check_next_lookup(l);
3325 dns_message_destroy(&msg);
3327 isc_event_free(&event);
3332 isc_buffer_invalidate(&query->recvbuf);
3333 isc_buffer_init(&query->recvbuf, query->recvspace, COMMSIZE);
3334 ISC_LIST_ENQUEUE(query->recvlist, &query->recvbuf, link);
3335 result = isc_socket_recvv(query->sock, &query->recvlist, 1,
3336 global_task, recv_done, query);
3337 check_result(result, "isc_socket_recvv");
3339 isc_event_free(&event);
3345 * Turn a name into an address, using system-supplied routines. This is
3346 * used in looking up server names, etc... and needs to use system-supplied
3347 * routines, since they may be using a non-DNS system for these lookups.
3350 get_address(char *host, in_port_t port, isc_sockaddr_t *sockaddr) {
3352 isc_result_t result;
3355 result = bind9_getaddresses(host, port, sockaddr, 1, &count);
3357 if (result != ISC_R_SUCCESS)
3362 return (ISC_R_SUCCESS);
3366 getaddresses(dig_lookup_t *lookup, const char *host) {
3367 isc_result_t result;
3368 isc_sockaddr_t sockaddrs[DIG_MAX_ADDRESSES];
3369 isc_netaddr_t netaddr;
3372 char tmp[ISC_NETADDR_FORMATSIZE];
3374 result = bind9_getaddresses(host, 0, sockaddrs,
3375 DIG_MAX_ADDRESSES, &count);
3376 if (result != ISC_R_SUCCESS)
3377 fatal("couldn't get address for '%s': %s",
3378 host, isc_result_totext(result));
3380 for (i = 0; i < count; i++) {
3381 isc_netaddr_fromsockaddr(&netaddr, &sockaddrs[i]);
3382 isc_netaddr_format(&netaddr, tmp, sizeof(tmp));
3383 srv = make_server(tmp, host);
3384 ISC_LIST_APPEND(lookup->my_server_list, srv, link);
3391 * Initiate either a TCP or UDP lookup
3394 do_lookup(dig_lookup_t *lookup) {
3396 REQUIRE(lookup != NULL);
3398 debug("do_lookup()");
3399 lookup->pending = ISC_TRUE;
3400 if (lookup->tcp_mode)
3401 send_tcp_connect(ISC_LIST_HEAD(lookup->q));
3403 send_udp(ISC_LIST_HEAD(lookup->q));
3407 * Start everything in action upon task startup.
3410 onrun_callback(isc_task_t *task, isc_event_t *event) {
3413 isc_event_free(&event);
3420 * Make everything on the lookup queue go away. Mainly used by the
3425 dig_lookup_t *l, *n;
3426 dig_query_t *q, *nq;
3428 debug("cancel_all()");
3435 cancel_now = ISC_TRUE;
3436 if (current_lookup != NULL) {
3437 if (current_lookup->timer != NULL)
3438 isc_timer_detach(¤t_lookup->timer);
3439 q = ISC_LIST_HEAD(current_lookup->q);
3441 debug("canceling query %p, belonging to %p",
3443 nq = ISC_LIST_NEXT(q, link);
3444 if (q->sock != NULL) {
3445 isc_socket_cancel(q->sock, NULL,
3446 ISC_SOCKCANCEL_ALL);
3453 l = ISC_LIST_HEAD(lookup_list);
3455 n = ISC_LIST_NEXT(l, link);
3456 ISC_LIST_DEQUEUE(lookup_list, l, link);
3457 try_clear_lookup(l);
3464 * Destroy all of the libs we are using, and get everything ready for a
3468 destroy_libs(void) {
3471 dig_message_t *chase_msg;
3474 isc_result_t result;
3477 debug("destroy_libs()");
3478 if (global_task != NULL) {
3479 debug("freeing task");
3480 isc_task_detach(&global_task);
3483 * The taskmgr_destroy() call blocks until all events are cleared
3486 if (taskmgr != NULL) {
3487 debug("freeing taskmgr");
3488 isc_taskmgr_destroy(&taskmgr);
3491 REQUIRE(sockcount == 0);
3492 REQUIRE(recvcount == 0);
3493 REQUIRE(sendcount == 0);
3495 INSIST(ISC_LIST_HEAD(lookup_list) == NULL);
3496 INSIST(current_lookup == NULL);
3499 free_now = ISC_TRUE;
3501 lwres_conf_clear(lwctx);
3502 lwres_context_destroy(&lwctx);
3504 flush_server_list();
3509 result = dns_name_settotextfilter(NULL);
3510 check_result(result, "dns_name_settotextfilter");
3514 if (commctx != NULL) {
3515 debug("freeing commctx");
3516 isc_mempool_destroy(&commctx);
3518 if (socketmgr != NULL) {
3519 debug("freeing socketmgr");
3520 isc_socketmgr_destroy(&socketmgr);
3522 if (timermgr != NULL) {
3523 debug("freeing timermgr");
3524 isc_timermgr_destroy(&timermgr);
3527 debug("freeing key %p", key);
3528 dns_tsigkey_detach(&key);
3530 if (namebuf != NULL)
3531 isc_buffer_free(&namebuf);
3534 debug("destroy DST lib");
3536 is_dst_up = ISC_FALSE;
3539 debug("detach from entropy");
3540 isc_entropy_detach(&entp);
3544 DESTROYLOCK(&lookup_lock);
3547 debug("Destroy the messages kept for sigchase");
3548 /* Destroy the messages kept for sigchase */
3549 chase_msg = ISC_LIST_HEAD(chase_message_list);
3551 while (chase_msg != NULL) {
3552 INSIST(chase_msg->msg != NULL);
3553 dns_message_destroy(&(chase_msg->msg));
3555 chase_msg = ISC_LIST_NEXT(chase_msg, link);
3556 isc_mem_free(mctx, ptr);
3559 chase_msg = ISC_LIST_HEAD(chase_message_list2);
3561 while (chase_msg != NULL) {
3562 INSIST(chase_msg->msg != NULL);
3563 dns_message_destroy(&(chase_msg->msg));
3565 chase_msg = ISC_LIST_NEXT(chase_msg, link);
3566 isc_mem_free(mctx, ptr);
3568 if (dns_name_dynamic(&chase_name))
3569 free_name(&chase_name, mctx);
3571 if (dns_name_dynamic(&chase_current_name))
3572 free_name(&chase_current_name, mctx);
3573 if (dns_name_dynamic(&chase_authority_name))
3574 free_name(&chase_authority_name, mctx);
3577 if (dns_name_dynamic(&chase_signame))
3578 free_name(&chase_signame, mctx);
3581 debug("Destroy memory");
3584 if (memdebugging != 0)
3585 isc_mem_stats(mctx, stderr);
3587 isc_mem_destroy(&mctx);
3592 initialize_idn(void) {
3594 isc_result_t result;
3596 #ifdef HAVE_SETLOCALE
3598 (void)setlocale(LC_ALL, "");
3600 /* Create configuration context. */
3601 r = idn_nameinit(1);
3602 if (r != idn_success)
3603 fatal("idn api initialization failed: %s",
3604 idn_result_tostring(r));
3606 /* Set domain name -> text post-conversion filter. */
3607 result = dns_name_settotextfilter(output_filter);
3608 check_result(result, "dns_name_settotextfilter");
3612 output_filter(isc_buffer_t *buffer, unsigned int used_org,
3613 isc_boolean_t absolute)
3615 char tmp1[MAXDLEN], tmp2[MAXDLEN];
3616 size_t fromlen, tolen;
3617 isc_boolean_t end_with_dot;
3620 * Copy contents of 'buffer' to 'tmp1', supply trailing dot
3621 * if 'absolute' is true, and terminate with NUL.
3623 fromlen = isc_buffer_usedlength(buffer) - used_org;
3624 if (fromlen >= MAXDLEN)
3625 return (ISC_R_SUCCESS);
3626 memcpy(tmp1, (char *)isc_buffer_base(buffer) + used_org, fromlen);
3627 end_with_dot = (tmp1[fromlen - 1] == '.') ? ISC_TRUE : ISC_FALSE;
3628 if (absolute && !end_with_dot) {
3630 if (fromlen >= MAXDLEN)
3631 return (ISC_R_SUCCESS);
3632 tmp1[fromlen - 1] = '.';
3634 tmp1[fromlen] = '\0';
3637 * Convert contents of 'tmp1' to local encoding.
3639 if (idn_decodename(IDN_DECODE_APP, tmp1, tmp2, MAXDLEN) != idn_success)
3640 return (ISC_R_SUCCESS);
3644 * Copy the converted contents in 'tmp1' back to 'buffer'.
3645 * If we have appended trailing dot, remove it.
3647 tolen = strlen(tmp1);
3648 if (absolute && !end_with_dot && tmp1[tolen - 1] == '.')
3651 if (isc_buffer_length(buffer) < used_org + tolen)
3652 return (ISC_R_NOSPACE);
3654 isc_buffer_subtract(buffer, isc_buffer_usedlength(buffer) - used_org);
3655 memcpy(isc_buffer_used(buffer), tmp1, tolen);
3656 isc_buffer_add(buffer, tolen);
3658 return (ISC_R_SUCCESS);
3662 append_textname(char *name, const char *origin, size_t namesize) {
3663 size_t namelen = strlen(name);
3664 size_t originlen = strlen(origin);
3666 /* Already absolute? */
3667 if (namelen > 0 && name[namelen - 1] == '.')
3670 /* Append dot and origin */
3672 if (namelen + 1 + originlen >= namesize)
3673 return idn_buffer_overflow;
3675 name[namelen++] = '.';
3676 (void)strcpy(name + namelen, origin);
3681 idn_check_result(idn_result_t r, const char *msg) {
3682 if (r != idn_success) {
3684 fatal("%s: %s", msg, idn_result_tostring(r));
3687 #endif /* WITH_IDN */
3691 print_type(dns_rdatatype_t type)
3693 isc_buffer_t * b = NULL;
3694 isc_result_t result;
3697 result = isc_buffer_allocate(mctx, &b, 4000);
3698 check_result(result, "isc_buffer_allocate");
3700 result = dns_rdatatype_totext(type, b);
3701 check_result(result, "print_type");
3703 isc_buffer_usedregion(b, &r);
3704 r.base[r.length] = '\0';
3706 printf("%s", r.base);
3708 isc_buffer_free(&b);
3712 dump_database_section(dns_message_t *msg, int section)
3714 dns_name_t *msg_name=NULL;
3716 dns_rdataset_t *rdataset;
3719 dns_message_currentname(msg, section, &msg_name);
3721 for (rdataset = ISC_LIST_HEAD(msg_name->list); rdataset != NULL;
3722 rdataset = ISC_LIST_NEXT(rdataset, link)) {
3723 dns_name_print(msg_name, stdout);
3725 print_rdataset(msg_name, rdataset, mctx);
3729 } while (dns_message_nextname(msg, section) == ISC_R_SUCCESS);
3733 dump_database(void) {
3734 dig_message_t * msg;
3736 for (msg = ISC_LIST_HEAD(chase_message_list); msg != NULL;
3737 msg = ISC_LIST_NEXT(msg, link)) {
3738 if (dns_message_firstname(msg->msg, DNS_SECTION_ANSWER)
3740 dump_database_section(msg->msg, DNS_SECTION_ANSWER);
3742 if (dns_message_firstname(msg->msg, DNS_SECTION_AUTHORITY)
3744 dump_database_section(msg->msg, DNS_SECTION_AUTHORITY);
3746 if (dns_message_firstname(msg->msg, DNS_SECTION_ADDITIONAL)
3748 dump_database_section(msg->msg, DNS_SECTION_ADDITIONAL);
3754 search_type(dns_name_t *name, dns_rdatatype_t type, dns_rdatatype_t covers) {
3755 dns_rdataset_t *rdataset;
3756 dns_rdata_sig_t siginfo;
3757 dns_rdata_t sigrdata = DNS_RDATA_INIT;
3758 isc_result_t result;
3760 for (rdataset = ISC_LIST_HEAD(name->list); rdataset != NULL;
3761 rdataset = ISC_LIST_NEXT(rdataset, link)) {
3762 if (type == dns_rdatatype_any) {
3763 if (rdataset->type != dns_rdatatype_rrsig)
3765 } else if ((type == dns_rdatatype_rrsig) &&
3766 (rdataset->type == dns_rdatatype_rrsig)) {
3767 result = dns_rdataset_first(rdataset);
3768 check_result(result, "empty rdataset");
3769 dns_rdataset_current(rdataset, &sigrdata);
3770 result = dns_rdata_tostruct(&sigrdata, &siginfo, NULL);
3771 check_result(result, "sigrdata tostruct siginfo");
3773 if ((siginfo.covered == covers) ||
3774 (covers == dns_rdatatype_any)) {
3775 dns_rdata_reset(&sigrdata);
3776 dns_rdata_freestruct(&siginfo);
3779 dns_rdata_reset(&sigrdata);
3780 dns_rdata_freestruct(&siginfo);
3781 } else if (rdataset->type == type)
3788 chase_scanname_section(dns_message_t *msg, dns_name_t *name,
3789 dns_rdatatype_t type, dns_rdatatype_t covers,
3792 dns_rdataset_t *rdataset;
3793 dns_name_t *msg_name = NULL;
3796 dns_message_currentname(msg, section, &msg_name);
3797 if (dns_name_compare(msg_name, name) == 0) {
3798 rdataset = search_type(msg_name, type, covers);
3799 if (rdataset != NULL)
3803 } while (dns_message_nextname(msg, section) == ISC_R_SUCCESS);
3810 chase_scanname(dns_name_t *name, dns_rdatatype_t type, dns_rdatatype_t covers)
3812 dns_rdataset_t *rdataset = NULL;
3813 dig_message_t * msg;
3815 for (msg = ISC_LIST_HEAD(chase_message_list2); msg != NULL;
3816 msg = ISC_LIST_NEXT(msg, link)) {
3817 if (dns_message_firstname(msg->msg, DNS_SECTION_ANSWER)
3819 rdataset = chase_scanname_section(msg->msg, name,
3821 DNS_SECTION_ANSWER);
3822 if (rdataset != NULL)
3824 if (dns_message_firstname(msg->msg, DNS_SECTION_AUTHORITY)
3827 chase_scanname_section(msg->msg, name,
3829 DNS_SECTION_AUTHORITY);
3830 if (rdataset != NULL)
3832 if (dns_message_firstname(msg->msg, DNS_SECTION_ADDITIONAL)
3835 chase_scanname_section(msg->msg, name, type,
3837 DNS_SECTION_ADDITIONAL);
3838 if (rdataset != NULL)
3846 sigchase_scanname(dns_rdatatype_t type, dns_rdatatype_t covers,
3847 isc_boolean_t * lookedup, dns_name_t *rdata_name)
3849 dig_lookup_t *lookup;
3850 isc_buffer_t *b = NULL;
3852 isc_result_t result;
3853 dns_rdataset_t * temp;
3854 dns_rdatatype_t querytype;
3856 temp = chase_scanname(rdata_name, type, covers);
3860 if (*lookedup == ISC_TRUE)
3863 lookup = clone_lookup(current_lookup, ISC_TRUE);
3864 lookup->trace_root = ISC_FALSE;
3865 lookup->new_search = ISC_TRUE;
3867 result = isc_buffer_allocate(mctx, &b, BUFSIZE);
3868 check_result(result, "isc_buffer_allocate");
3869 result = dns_name_totext(rdata_name, ISC_FALSE, b);
3870 check_result(result, "dns_name_totext");
3871 isc_buffer_usedregion(b, &r);
3872 r.base[r.length] = '\0';
3873 strcpy(lookup->textname, (char*)r.base);
3874 isc_buffer_free(&b);
3876 if (type == dns_rdatatype_rrsig)
3881 if (querytype == 0 || querytype == 255) {
3882 printf("Error in the queried type: %d\n", querytype);
3886 lookup->rdtype = querytype;
3887 lookup->rdtypeset = ISC_TRUE;
3888 lookup->qrdtype = querytype;
3889 *lookedup = ISC_TRUE;
3891 ISC_LIST_APPEND(lookup_list, lookup, link);
3892 printf("\n\nLaunch a query to find a RRset of type ");
3894 printf(" for zone: %s\n", lookup->textname);
3899 insert_trustedkey(dst_key_t **keyp)
3903 if (tk_list.nb_tk >= MAX_TRUSTED_KEY)
3906 tk_list.key[tk_list.nb_tk++] = *keyp;
3916 for (i= 0; i < MAX_TRUSTED_KEY; i++) {
3917 if (tk_list.key[i] != NULL) {
3918 dst_key_free(&tk_list.key[i]);
3919 tk_list.key[i] = NULL;
3928 "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
3931 removetmpkey(isc_mem_t *mctx, const char *file)
3933 char *tempnamekey = NULL;
3935 isc_result_t result;
3937 tempnamekeylen = strlen(file)+10;
3939 tempnamekey = isc_mem_allocate(mctx, tempnamekeylen);
3940 if (tempnamekey == NULL)
3941 return (ISC_R_NOMEMORY);
3943 memset(tempnamekey, 0, tempnamekeylen);
3945 strcat(tempnamekey, file);
3946 strcat(tempnamekey,".key");
3947 isc_file_remove(tempnamekey);
3949 result = isc_file_remove(tempnamekey);
3950 isc_mem_free(mctx, tempnamekey);
3955 opentmpkey(isc_mem_t *mctx, const char *file, char **tempp, FILE **fp) {
3957 isc_result_t result;
3958 char *tempname = NULL;
3959 char *tempnamekey = NULL;
3967 tempnamelen = strlen(file) + 20;
3968 tempname = isc_mem_allocate(mctx, tempnamelen);
3969 if (tempname == NULL)
3970 return (ISC_R_NOMEMORY);
3971 memset(tempname, 0, tempnamelen);
3973 result = isc_file_mktemplate(file, tempname, tempnamelen);
3974 if (result != ISC_R_SUCCESS)
3980 if (cp == tempname) {
3981 isc_mem_free(mctx, tempname);
3982 return (ISC_R_FAILURE);
3986 while (cp >= tempname && *cp == 'X') {
3987 isc_random_get(&which);
3988 *cp = alphnum[which % (sizeof(alphnum) - 1)];
3992 tempnamekeylen = tempnamelen+5;
3993 tempnamekey = isc_mem_allocate(mctx, tempnamekeylen);
3994 if (tempnamekey == NULL)
3995 return (ISC_R_NOMEMORY);
3997 memset(tempnamekey, 0, tempnamekeylen);
3998 strncpy(tempnamekey, tempname, tempnamelen);
3999 strcat(tempnamekey ,".key");
4002 if (isc_file_exists(tempnamekey)) {
4003 isc_mem_free(mctx, tempnamekey);
4004 isc_mem_free(mctx, tempname);
4008 if ((f = fopen(tempnamekey, "w")) == NULL) {
4009 printf("get_trusted_key(): trusted key not found %s\n",
4011 return (ISC_R_FAILURE);
4015 isc_mem_free(mctx, tempnamekey);
4018 return (ISC_R_SUCCESS);
4021 isc_mem_free(mctx, tempname);
4028 get_trusted_key(isc_mem_t *mctx)
4030 isc_result_t result;
4031 const char *filename = NULL;
4032 char *filetemp = NULL;
4035 dst_key_t *key = NULL;
4037 result = isc_file_exists(trustedkey);
4038 if (result != ISC_TRUE) {
4039 result = isc_file_exists("/etc/trusted-key.key");
4040 if (result != ISC_TRUE) {
4041 result = isc_file_exists("./trusted-key.key");
4042 if (result != ISC_TRUE)
4043 return (ISC_R_FAILURE);
4045 filename = "./trusted-key.key";
4047 filename = "/etc/trusted-key.key";
4049 filename = trustedkey;
4051 if (filename == NULL) {
4052 printf("No trusted key\n");
4053 return (ISC_R_FAILURE);
4056 if ((fp = fopen(filename, "r")) == NULL) {
4057 printf("get_trusted_key(): trusted key not found %s\n",
4059 return (ISC_R_FAILURE);
4061 while (fgets(buf, sizeof(buf), fp) != NULL) {
4062 result = opentmpkey(mctx,"tmp_file", &filetemp, &fptemp);
4063 if (result != ISC_R_SUCCESS) {
4065 return (ISC_R_FAILURE);
4067 if (fputs(buf, fptemp) < 0) {
4070 return (ISC_R_FAILURE);
4073 result = dst_key_fromnamedfile(filetemp, DST_TYPE_PUBLIC,
4075 removetmpkey(mctx, filetemp);
4076 isc_mem_free(mctx, filetemp);
4077 if (result != ISC_R_SUCCESS) {
4079 return (ISC_R_FAILURE);
4082 dst_key_tofile(key, DST_TYPE_PUBLIC,"/tmp");
4084 insert_trustedkey(&key);
4088 return (ISC_R_SUCCESS);
4093 nameFromString(const char *str, dns_name_t *p_ret) {
4094 size_t len = strlen(str);
4095 isc_result_t result;
4096 isc_buffer_t buffer;
4097 dns_fixedname_t fixedname;
4099 REQUIRE(p_ret != NULL);
4100 REQUIRE(str != NULL);
4102 isc_buffer_init(&buffer, str, len);
4103 isc_buffer_add(&buffer, len);
4105 dns_fixedname_init(&fixedname);
4106 result = dns_name_fromtext(dns_fixedname_name(&fixedname), &buffer,
4107 dns_rootname, ISC_TRUE, NULL);
4108 check_result(result, "nameFromString");
4110 if (dns_name_dynamic(p_ret))
4111 free_name(p_ret, mctx);
4113 result = dns_name_dup(dns_fixedname_name(&fixedname), mctx, p_ret);
4114 check_result(result, "nameFromString");
4120 prepare_lookup(dns_name_t *name)
4122 isc_result_t result;
4123 dig_lookup_t *lookup = NULL;
4127 lookup = clone_lookup(current_lookup, ISC_TRUE);
4128 lookup->trace_root = ISC_FALSE;
4129 lookup->new_search = ISC_TRUE;
4130 lookup->trace_root_sigchase = ISC_FALSE;
4132 strncpy(lookup->textname, lookup->textnamesigchase, MXNAME);
4134 lookup->rdtype = lookup->rdtype_sigchase;
4135 lookup->rdtypeset = ISC_TRUE;
4136 lookup->qrdtype = lookup->qrdtype_sigchase;
4138 s = ISC_LIST_HEAD(lookup->my_server_list);
4140 debug("freeing server %p belonging to %p",
4143 s = ISC_LIST_NEXT(s, link);
4144 ISC_LIST_DEQUEUE(lookup->my_server_list,
4145 (dig_server_t *)ptr, link);
4146 isc_mem_free(mctx, ptr);
4150 for (result = dns_rdataset_first(chase_nsrdataset);
4151 result == ISC_R_SUCCESS;
4152 result = dns_rdataset_next(chase_nsrdataset)) {
4153 char namestr[DNS_NAME_FORMATSIZE];
4155 dns_rdata_t rdata = DNS_RDATA_INIT;
4156 dig_server_t * srv = NULL;
4157 #define __FOLLOW_GLUE__
4158 #ifdef __FOLLOW_GLUE__
4159 isc_buffer_t *b = NULL;
4160 isc_result_t result;
4162 dns_rdataset_t *rdataset = NULL;
4163 isc_boolean_t true = ISC_TRUE;
4166 memset(namestr, 0, DNS_NAME_FORMATSIZE);
4168 dns_rdataset_current(chase_nsrdataset, &rdata);
4170 result = dns_rdata_tostruct(&rdata, &ns, NULL);
4171 check_result(result, "dns_rdata_tostruct");
4173 #ifdef __FOLLOW_GLUE__
4175 result = advanced_rrsearch(&rdataset, &ns.name,
4177 dns_rdatatype_any, &true);
4178 if (result == ISC_R_SUCCESS) {
4179 for (result = dns_rdataset_first(rdataset);
4180 result == ISC_R_SUCCESS;
4181 result = dns_rdataset_next(rdataset)) {
4182 dns_rdata_t aaaa = DNS_RDATA_INIT;
4183 dns_rdataset_current(rdataset, &aaaa);
4185 result = isc_buffer_allocate(mctx, &b, 80);
4186 check_result(result, "isc_buffer_allocate");
4188 dns_rdata_totext(&aaaa, &ns.name, b);
4189 isc_buffer_usedregion(b, &r);
4190 r.base[r.length] = '\0';
4191 strncpy(namestr, (char*)r.base,
4192 DNS_NAME_FORMATSIZE);
4193 isc_buffer_free(&b);
4194 dns_rdata_reset(&aaaa);
4197 srv = make_server(namestr, namestr);
4199 ISC_LIST_APPEND(lookup->my_server_list,
4205 result = advanced_rrsearch(&rdataset, &ns.name, dns_rdatatype_a,
4206 dns_rdatatype_any, &true);
4207 if (result == ISC_R_SUCCESS) {
4208 for (result = dns_rdataset_first(rdataset);
4209 result == ISC_R_SUCCESS;
4210 result = dns_rdataset_next(rdataset)) {
4211 dns_rdata_t a = DNS_RDATA_INIT;
4212 dns_rdataset_current(rdataset, &a);
4214 result = isc_buffer_allocate(mctx, &b, 80);
4215 check_result(result, "isc_buffer_allocate");
4217 dns_rdata_totext(&a, &ns.name, b);
4218 isc_buffer_usedregion(b, &r);
4219 r.base[r.length] = '\0';
4220 strncpy(namestr, (char*)r.base,
4221 DNS_NAME_FORMATSIZE);
4222 isc_buffer_free(&b);
4223 dns_rdata_reset(&a);
4224 printf("ns name: %s\n", namestr);
4227 srv = make_server(namestr, namestr);
4229 ISC_LIST_APPEND(lookup->my_server_list,
4235 dns_name_format(&ns.name, namestr, sizeof(namestr));
4236 printf("ns name: ");
4237 dns_name_print(&ns.name, stdout);
4239 srv = make_server(namestr, namestr);
4241 ISC_LIST_APPEND(lookup->my_server_list, srv, link);
4244 dns_rdata_freestruct(&ns);
4245 dns_rdata_reset(&rdata);
4249 ISC_LIST_APPEND(lookup_list, lookup, link);
4250 printf("\nLaunch a query to find a RRset of type ");
4251 print_type(lookup->rdtype);
4252 printf(" for zone: %s", lookup->textname);
4253 printf(" with nameservers:");
4255 print_rdataset(name, chase_nsrdataset, mctx);
4256 return (ISC_R_SUCCESS);
4261 child_of_zone(dns_name_t * name, dns_name_t * zone_name,
4262 dns_name_t * child_name)
4264 dns_namereln_t name_reln;
4266 unsigned int nlabelsp;
4268 name_reln = dns_name_fullcompare(name, zone_name, &orderp, &nlabelsp);
4269 if (name_reln != dns_namereln_subdomain ||
4270 dns_name_countlabels(name) <= dns_name_countlabels(zone_name) + 1) {
4271 printf("\n;; ERROR : ");
4272 dns_name_print(name, stdout);
4273 printf(" is not a subdomain of: ");
4274 dns_name_print(zone_name, stdout);
4275 printf(" FAILED\n\n");
4276 return (ISC_R_FAILURE);
4279 dns_name_getlabelsequence(name,
4280 dns_name_countlabels(name) -
4281 dns_name_countlabels(zone_name) -1,
4282 dns_name_countlabels(zone_name) +1,
4284 return (ISC_R_SUCCESS);
4288 grandfather_pb_test(dns_name_t *zone_name, dns_rdataset_t *sigrdataset)
4290 isc_result_t result;
4291 dns_rdata_t sigrdata = DNS_RDATA_INIT;
4292 dns_rdata_sig_t siginfo;
4294 result = dns_rdataset_first(sigrdataset);
4295 check_result(result, "empty RRSIG dataset");
4296 dns_rdata_init(&sigrdata);
4299 dns_rdataset_current(sigrdataset, &sigrdata);
4301 result = dns_rdata_tostruct(&sigrdata, &siginfo, NULL);
4302 check_result(result, "sigrdata tostruct siginfo");
4304 if (dns_name_compare(&siginfo.signer, zone_name) == 0) {
4305 dns_rdata_freestruct(&siginfo);
4306 dns_rdata_reset(&sigrdata);
4307 return (ISC_R_SUCCESS);
4310 dns_rdata_freestruct(&siginfo);
4311 dns_rdata_reset(&sigrdata);
4313 } while (dns_rdataset_next(chase_sigkeyrdataset) == ISC_R_SUCCESS);
4315 dns_rdata_reset(&sigrdata);
4317 return (ISC_R_FAILURE);
4322 initialization(dns_name_t *name)
4324 isc_result_t result;
4325 isc_boolean_t true = ISC_TRUE;
4327 chase_nsrdataset = NULL;
4328 result = advanced_rrsearch(&chase_nsrdataset, name, dns_rdatatype_ns,
4329 dns_rdatatype_any, &true);
4330 if (result != ISC_R_SUCCESS) {
4331 printf("\n;; NS RRset is missing to continue validation:"
4333 return (ISC_R_FAILURE);
4335 INSIST(chase_nsrdataset != NULL);
4336 prepare_lookup(name);
4338 dup_name(name, &chase_current_name, mctx);
4340 return (ISC_R_SUCCESS);
4345 print_rdataset(dns_name_t *name, dns_rdataset_t *rdataset, isc_mem_t *mctx)
4347 isc_buffer_t *b = NULL;
4348 isc_result_t result;
4351 result = isc_buffer_allocate(mctx, &b, 9000);
4352 check_result(result, "isc_buffer_allocate");
4354 printrdataset(name, rdataset, b);
4356 isc_buffer_usedregion(b, &r);
4357 r.base[r.length] = '\0';
4360 printf("%s\n", r.base);
4362 isc_buffer_free(&b);
4367 dup_name(dns_name_t *source, dns_name_t *target, isc_mem_t *mctx) {
4368 isc_result_t result;
4370 if (dns_name_dynamic(target))
4371 free_name(target, mctx);
4372 result = dns_name_dup(source, mctx, target);
4373 check_result(result, "dns_name_dup");
4377 free_name(dns_name_t *name, isc_mem_t *mctx) {
4378 dns_name_free(name, mctx);
4379 dns_name_init(name, NULL);
4384 * take a DNSKEY RRset and the RRSIG RRset corresponding in parameter
4385 * return ISC_R_SUCCESS if the DNSKEY RRset contains a trusted_key
4386 * and the RRset is valid
4387 * return ISC_R_NOTFOUND if not contains trusted key
4388 or if the RRset isn't valid
4389 * return ISC_R_FAILURE if problem
4393 contains_trusted_key(dns_name_t *name, dns_rdataset_t *rdataset,
4394 dns_rdataset_t *sigrdataset,
4397 isc_result_t result;
4398 dns_rdata_t rdata = DNS_RDATA_INIT;
4399 dst_key_t *trustedKey = NULL;
4400 dst_key_t *dnsseckey = NULL;
4403 if (name == NULL || rdataset == NULL)
4404 return (ISC_R_FAILURE);
4406 result = dns_rdataset_first(rdataset);
4407 check_result(result, "empty rdataset");
4410 dns_rdataset_current(rdataset, &rdata);
4411 INSIST(rdata.type == dns_rdatatype_dnskey);
4413 result = dns_dnssec_keyfromrdata(name, &rdata,
4415 check_result(result, "dns_dnssec_keyfromrdata");
4418 for (i = 0; i < tk_list.nb_tk; i++) {
4419 if (dst_key_compare(tk_list.key[i], dnsseckey)
4421 dns_rdata_reset(&rdata);
4423 printf(";; Ok, find a Trusted Key in the "
4424 "DNSKEY RRset: %d\n",
4425 dst_key_id(dnsseckey));
4426 if (sigchase_verify_sig_key(name, rdataset,
4431 dst_key_free(&dnsseckey);
4433 return (ISC_R_SUCCESS);
4438 dns_rdata_reset(&rdata);
4439 if (dnsseckey != NULL)
4440 dst_key_free(&dnsseckey);
4441 } while (dns_rdataset_next(rdataset) == ISC_R_SUCCESS);
4443 if (trustedKey != NULL)
4444 dst_key_free(&trustedKey);
4447 return (ISC_R_NOTFOUND);
4451 sigchase_verify_sig(dns_name_t *name, dns_rdataset_t *rdataset,
4452 dns_rdataset_t *keyrdataset,
4453 dns_rdataset_t *sigrdataset,
4456 isc_result_t result;
4457 dns_rdata_t keyrdata = DNS_RDATA_INIT;
4458 dst_key_t *dnsseckey = NULL;
4460 result = dns_rdataset_first(keyrdataset);
4461 check_result(result, "empty DNSKEY dataset");
4462 dns_rdata_init(&keyrdata);
4465 dns_rdataset_current(keyrdataset, &keyrdata);
4466 INSIST(keyrdata.type == dns_rdatatype_dnskey);
4468 result = dns_dnssec_keyfromrdata(name, &keyrdata,
4470 check_result(result, "dns_dnssec_keyfromrdata");
4472 result = sigchase_verify_sig_key(name, rdataset, dnsseckey,
4474 if (result == ISC_R_SUCCESS) {
4475 dns_rdata_reset(&keyrdata);
4476 dst_key_free(&dnsseckey);
4477 return (ISC_R_SUCCESS);
4479 dst_key_free(&dnsseckey);
4480 dns_rdata_reset(&keyrdata);
4481 } while (dns_rdataset_next(chase_keyrdataset) == ISC_R_SUCCESS);
4483 dns_rdata_reset(&keyrdata);
4485 return (ISC_R_NOTFOUND);
4489 sigchase_verify_sig_key(dns_name_t *name, dns_rdataset_t *rdataset,
4490 dst_key_t *dnsseckey, dns_rdataset_t *sigrdataset,
4493 isc_result_t result;
4494 dns_rdata_t sigrdata = DNS_RDATA_INIT;
4495 dns_rdata_sig_t siginfo;
4497 result = dns_rdataset_first(sigrdataset);
4498 check_result(result, "empty RRSIG dataset");
4499 dns_rdata_init(&sigrdata);
4502 dns_rdataset_current(sigrdataset, &sigrdata);
4504 result = dns_rdata_tostruct(&sigrdata, &siginfo, NULL);
4505 check_result(result, "sigrdata tostruct siginfo");
4508 * Test if the id of the DNSKEY is
4509 * the id of the DNSKEY signer's
4511 if (siginfo.keyid == dst_key_id(dnsseckey)) {
4513 result = dns_rdataset_first(rdataset);
4514 check_result(result, "empty DS dataset");
4516 result = dns_dnssec_verify(name, rdataset, dnsseckey,
4517 ISC_FALSE, mctx, &sigrdata);
4519 printf(";; VERIFYING ");
4520 print_type(rdataset->type);
4521 printf(" RRset for ");
4522 dns_name_print(name, stdout);
4523 printf(" with DNSKEY:%d: %s\n", dst_key_id(dnsseckey),
4524 isc_result_totext(result));
4526 if (result == ISC_R_SUCCESS) {
4527 dns_rdata_reset(&sigrdata);
4531 dns_rdata_freestruct(&siginfo);
4532 dns_rdata_reset(&sigrdata);
4534 } while (dns_rdataset_next(chase_sigkeyrdataset) == ISC_R_SUCCESS);
4536 dns_rdata_reset(&sigrdata);
4538 return (ISC_R_NOTFOUND);
4543 sigchase_verify_ds(dns_name_t *name, dns_rdataset_t *keyrdataset,
4544 dns_rdataset_t *dsrdataset, isc_mem_t *mctx)
4546 isc_result_t result;
4547 dns_rdata_t keyrdata = DNS_RDATA_INIT;
4548 dns_rdata_t newdsrdata = DNS_RDATA_INIT;
4549 dns_rdata_t dsrdata = DNS_RDATA_INIT;
4550 dns_rdata_ds_t dsinfo;
4551 dst_key_t *dnsseckey = NULL;
4552 unsigned char dsbuf[DNS_DS_BUFFERSIZE];
4554 result = dns_rdataset_first(dsrdataset);
4555 check_result(result, "empty DSset dataset");
4557 dns_rdataset_current(dsrdataset, &dsrdata);
4559 result = dns_rdata_tostruct(&dsrdata, &dsinfo, NULL);
4560 check_result(result, "dns_rdata_tostruct for DS");
4562 result = dns_rdataset_first(keyrdataset);
4563 check_result(result, "empty KEY dataset");
4566 dns_rdataset_current(keyrdataset, &keyrdata);
4567 INSIST(keyrdata.type == dns_rdatatype_dnskey);
4569 result = dns_dnssec_keyfromrdata(name, &keyrdata,
4571 check_result(result, "dns_dnssec_keyfromrdata");
4574 * Test if the id of the DNSKEY is the
4575 * id of DNSKEY referenced by the DS
4577 if (dsinfo.key_tag == dst_key_id(dnsseckey)) {
4579 result = dns_ds_buildrdata(name, &keyrdata,
4581 dsbuf, &newdsrdata);
4582 dns_rdata_freestruct(&dsinfo);
4584 if (result != ISC_R_SUCCESS) {
4585 dns_rdata_reset(&keyrdata);
4586 dns_rdata_reset(&newdsrdata);
4587 dns_rdata_reset(&dsrdata);
4588 dst_key_free(&dnsseckey);
4589 dns_rdata_freestruct(&dsinfo);
4590 printf("Oops: impossible to build"
4596 if (dns_rdata_compare(&dsrdata,
4597 &newdsrdata) == 0) {
4598 printf(";; OK a DS valids a DNSKEY"
4600 printf(";; Now verify that this"
4601 " DNSKEY validates the "
4604 result = sigchase_verify_sig_key(name,
4607 chase_sigkeyrdataset,
4609 if (result == ISC_R_SUCCESS) {
4610 dns_rdata_reset(&keyrdata);
4611 dns_rdata_reset(&newdsrdata);
4612 dns_rdata_reset(&dsrdata);
4613 dst_key_free(&dnsseckey);
4618 printf(";; This DS is NOT the DS for"
4619 " the chasing KEY: FAILED\n");
4622 dns_rdata_reset(&newdsrdata);
4624 dst_key_free(&dnsseckey);
4625 dns_rdata_reset(&keyrdata);
4627 } while (dns_rdataset_next(chase_keyrdataset) == ISC_R_SUCCESS);
4628 dns_rdata_reset(&dsrdata);
4630 } while (dns_rdataset_next(chase_dsrdataset) == ISC_R_SUCCESS);
4632 dns_rdata_reset(&keyrdata);
4633 dns_rdata_reset(&newdsrdata);
4634 dns_rdata_reset(&dsrdata);
4636 return (ISC_R_NOTFOUND);
4641 * take a pointer on a rdataset in parameter and try to resolv it.
4642 * the searched rrset is a rrset on 'name' with type 'type'
4643 * (and if the type is a rrsig the signature cover 'covers').
4644 * the lookedup is to known if you have already done the query on the net.
4645 * ISC_R_SUCCESS: if we found the rrset
4646 * ISC_R_NOTFOUND: we do not found the rrset in cache
4647 * and we do a query on the net
4648 * ISC_R_FAILURE: rrset not found
4651 advanced_rrsearch(dns_rdataset_t **rdataset, dns_name_t *name,
4652 dns_rdatatype_t type, dns_rdatatype_t covers,
4653 isc_boolean_t *lookedup)
4655 isc_boolean_t tmplookedup;
4657 INSIST(rdataset != NULL);
4659 if (*rdataset != NULL)
4660 return (ISC_R_SUCCESS);
4662 tmplookedup = *lookedup;
4663 if ((*rdataset = sigchase_scanname(type, covers,
4664 lookedup, name)) == NULL) {
4666 return (ISC_R_FAILURE);
4667 return (ISC_R_NOTFOUND);
4669 *lookedup = ISC_FALSE;
4670 return (ISC_R_SUCCESS);
4677 sigchase_td(dns_message_t *msg)
4679 isc_result_t result;
4680 dns_name_t *name = NULL;
4681 isc_boolean_t have_answer = ISC_FALSE;
4682 isc_boolean_t true = ISC_TRUE;
4684 if ((result = dns_message_firstname(msg, DNS_SECTION_ANSWER))
4686 dns_message_currentname(msg, DNS_SECTION_ANSWER, &name);
4687 if (current_lookup->trace_root_sigchase) {
4688 initialization(name);
4693 if (!current_lookup->trace_root_sigchase) {
4694 result = dns_message_firstname(msg,
4695 DNS_SECTION_AUTHORITY);
4696 if (result == ISC_R_SUCCESS)
4697 dns_message_currentname(msg,
4698 DNS_SECTION_AUTHORITY,
4701 = chase_scanname_section(msg, name,
4704 DNS_SECTION_AUTHORITY);
4705 dup_name(name, &chase_authority_name, mctx);
4706 if (chase_nsrdataset != NULL) {
4707 have_delegation_ns = ISC_TRUE;
4708 printf("no response but there is a delegation"
4709 " in authority section:");
4710 dns_name_print(name, stdout);
4713 printf("no response and no delegation in "
4714 "authority section but a reference"
4716 dns_name_print(name, stdout);
4718 error_message = msg;
4721 printf(";; NO ANSWERS: %s\n",
4722 isc_result_totext(result));
4723 free_name(&chase_name, mctx);
4732 = chase_scanname_section(msg, &chase_name,
4736 DNS_SECTION_ANSWER);
4737 if (chase_rdataset != NULL)
4738 have_response = ISC_TRUE;
4741 result = advanced_rrsearch(&chase_keyrdataset,
4742 &chase_current_name,
4743 dns_rdatatype_dnskey,
4745 &chase_keylookedup);
4746 if (result == ISC_R_FAILURE) {
4747 printf("\n;; DNSKEY is missing to continue validation:"
4751 if (result == ISC_R_NOTFOUND)
4753 INSIST(chase_keyrdataset != NULL);
4754 printf("\n;; DNSKEYset:\n");
4755 print_rdataset(&chase_current_name , chase_keyrdataset, mctx);
4758 result = advanced_rrsearch(&chase_sigkeyrdataset,
4759 &chase_current_name,
4760 dns_rdatatype_rrsig,
4761 dns_rdatatype_dnskey,
4762 &chase_sigkeylookedup);
4763 if (result == ISC_R_FAILURE) {
4764 printf("\n;; RRSIG of DNSKEY is missing to continue validation:"
4768 if (result == ISC_R_NOTFOUND)
4770 INSIST(chase_sigkeyrdataset != NULL);
4771 printf("\n;; RRSIG of the DNSKEYset:\n");
4772 print_rdataset(&chase_current_name , chase_sigkeyrdataset, mctx);
4775 if (!chase_dslookedup && !chase_nslookedup) {
4776 if (!delegation_follow) {
4777 result = contains_trusted_key(&chase_current_name,
4779 chase_sigkeyrdataset,
4782 INSIST(chase_dsrdataset != NULL);
4783 INSIST(chase_sigdsrdataset != NULL);
4784 result = sigchase_verify_ds(&chase_current_name,
4790 if (result != ISC_R_SUCCESS) {
4791 printf("\n;; chain of trust can't be validated:"
4795 chase_dsrdataset = NULL;
4796 chase_sigdsrdataset = NULL;
4800 if (have_response || (!have_delegation_ns && !have_response)) {
4801 /* test if it's a grand father case */
4803 if (have_response) {
4804 result = advanced_rrsearch(&chase_sigrdataset,
4806 dns_rdatatype_rrsig,
4810 if (result == ISC_R_FAILURE) {
4811 printf("\n;; RRset is missing to continue"
4812 " validation SHOULD NOT APPEND:"
4818 result = advanced_rrsearch(&chase_sigrdataset,
4819 &chase_authority_name,
4820 dns_rdatatype_rrsig,
4823 if (result == ISC_R_FAILURE) {
4824 printf("\n;; RRSIG is missing to continue"
4825 " validation SHOULD NOT APPEND:"
4830 result = grandfather_pb_test(&chase_current_name,
4832 if (result != ISC_R_SUCCESS) {
4833 dns_name_t tmp_name;
4835 printf("\n;; We are in a Grand Father Problem:"
4836 " See 2.2.1 in RFC 3568\n");
4837 chase_rdataset = NULL;
4838 chase_sigrdataset = NULL;
4839 have_response = ISC_FALSE;
4840 have_delegation_ns = ISC_FALSE;
4842 dns_name_init(&tmp_name, NULL);
4843 result = child_of_zone(&chase_name, &chase_current_name,
4845 if (dns_name_dynamic(&chase_authority_name))
4846 free_name(&chase_authority_name, mctx);
4847 dup_name(&tmp_name, &chase_authority_name, mctx);
4848 printf(";; and we try to continue chain of trust"
4849 " validation of the zone: ");
4850 dns_name_print(&chase_authority_name, stdout);
4852 have_delegation_ns = ISC_TRUE;
4857 chase_sigrdataset = NULL;
4861 if (have_delegation_ns) {
4862 chase_nsrdataset = NULL;
4863 result = advanced_rrsearch(&chase_nsrdataset,
4864 &chase_authority_name,
4868 if (result == ISC_R_FAILURE) {
4869 printf("\n;;NSset is missing to continue validation:"
4873 if (result == ISC_R_NOTFOUND) {
4876 INSIST(chase_nsrdataset != NULL);
4878 result = advanced_rrsearch(&chase_dsrdataset,
4879 &chase_authority_name,
4883 if (result == ISC_R_FAILURE) {
4884 printf("\n;; DSset is missing to continue validation:"
4888 if (result == ISC_R_NOTFOUND)
4890 INSIST(chase_dsrdataset != NULL);
4891 printf("\n;; DSset:\n");
4892 print_rdataset(&chase_authority_name , chase_dsrdataset, mctx);
4894 result = advanced_rrsearch(&chase_sigdsrdataset,
4895 &chase_authority_name,
4896 dns_rdatatype_rrsig,
4899 if (result != ISC_R_SUCCESS) {
4900 printf("\n;; DSset is missing to continue validation:"
4904 printf("\n;; RRSIGset of DSset\n");
4905 print_rdataset(&chase_authority_name,
4906 chase_sigdsrdataset, mctx);
4907 INSIST(chase_sigdsrdataset != NULL);
4909 result = sigchase_verify_sig(&chase_authority_name,
4912 chase_sigdsrdataset, mctx);
4913 if (result != ISC_R_SUCCESS) {
4914 printf("\n;; Impossible to verify the DSset:"
4918 chase_keyrdataset = NULL;
4919 chase_sigkeyrdataset = NULL;
4922 prepare_lookup(&chase_authority_name);
4924 have_response = ISC_FALSE;
4925 have_delegation_ns = ISC_FALSE;
4926 delegation_follow = ISC_TRUE;
4927 error_message = NULL;
4928 dup_name(&chase_authority_name, &chase_current_name, mctx);
4929 free_name(&chase_authority_name, mctx);
4934 if (error_message != NULL) {
4935 dns_rdataset_t *rdataset;
4936 dns_rdataset_t *sigrdataset;
4937 dns_name_t rdata_name;
4938 isc_result_t ret = ISC_R_FAILURE;
4940 dns_name_init(&rdata_name, NULL);
4941 result = prove_nx(error_message, &chase_name,
4942 current_lookup->rdclass_sigchase,
4943 current_lookup->rdtype_sigchase, &rdata_name,
4944 &rdataset, &sigrdataset);
4945 if (rdataset == NULL || sigrdataset == NULL ||
4946 dns_name_countlabels(&rdata_name) == 0) {
4947 printf("\n;; Impossible to verify the non-existence,"
4948 " the NSEC RRset can't be validated:"
4952 ret = sigchase_verify_sig(&rdata_name, rdataset,
4955 if (ret != ISC_R_SUCCESS) {
4956 free_name(&rdata_name, mctx);
4957 printf("\n;; Impossible to verify the NSEC RR to prove"
4958 " the non-existence : FAILED\n\n");
4961 free_name(&rdata_name, mctx);
4962 if (result != ISC_R_SUCCESS) {
4963 printf("\n;; Impossible to verify the non-existence:"
4967 printf("\n;; OK the query doesn't have response but"
4968 " we have validate this fact : SUCCESS\n\n");
4974 printf(";; cleanandgo \n");
4975 if (dns_name_dynamic(&chase_current_name))
4976 free_name(&chase_current_name, mctx);
4977 if (dns_name_dynamic(&chase_authority_name))
4978 free_name(&chase_authority_name, mctx);
4983 result = advanced_rrsearch(&chase_rdataset, &chase_name,
4984 current_lookup->rdtype_sigchase,
4987 if (result == ISC_R_FAILURE) {
4988 printf("\n;; RRsig of RRset is missing to continue validation"
4989 " SHOULD NOT APPEND: FAILED\n\n");
4992 result = sigchase_verify_sig(&chase_name, chase_rdataset,
4994 chase_sigrdataset, mctx);
4995 if (result != ISC_R_SUCCESS) {
4996 printf("\n;; Impossible to verify the RRset : FAILED\n\n");
4999 print_rdataset(&chase_name , chase_rdataset, mctx);
5000 printf("DNSKEYset:\n");
5001 print_rdataset(&chase_name , chase_keyrdataset, mctx);
5002 printf("RRSIG of RRset:\n");
5003 print_rdataset(&chase_name , chase_sigrdataset, mctx);
5008 printf("\n;; The Answer:\n");
5009 print_rdataset(&chase_name , chase_rdataset, mctx);
5011 printf("\n;; FINISH : we have validate the DNSSEC chain"
5012 " of trust: SUCCESS\n\n");
5023 getneededrr(dns_message_t *msg)
5025 isc_result_t result;
5026 dns_name_t *name = NULL;
5027 dns_rdata_t sigrdata = DNS_RDATA_INIT;
5028 dns_rdata_sig_t siginfo;
5029 isc_boolean_t true = ISC_TRUE;
5031 if ((result = dns_message_firstname(msg, DNS_SECTION_ANSWER))
5033 printf(";; NO ANSWERS: %s\n", isc_result_totext(result));
5035 if (chase_name.ndata == NULL)
5036 return (ISC_R_ADDRNOTAVAIL);
5038 dns_message_currentname(msg, DNS_SECTION_ANSWER, &name);
5041 /* What do we chase? */
5042 if (chase_rdataset == NULL) {
5043 result = advanced_rrsearch(&chase_rdataset, name,
5045 dns_rdatatype_any, &true);
5046 if (result != ISC_R_SUCCESS) {
5047 printf("\n;; No Answers: Validation FAILED\n\n");
5048 return (ISC_R_NOTFOUND);
5050 dup_name(name, &chase_name, mctx);
5051 printf(";; RRset to chase:\n");
5052 print_rdataset(&chase_name, chase_rdataset, mctx);
5054 INSIST(chase_rdataset != NULL);
5057 if (chase_sigrdataset == NULL) {
5058 result = advanced_rrsearch(&chase_sigrdataset, name,
5059 dns_rdatatype_rrsig,
5060 chase_rdataset->type,
5061 &chase_siglookedup);
5062 if (result == ISC_R_FAILURE) {
5063 printf("\n;; RRSIG is missing for continue validation:"
5065 if (dns_name_dynamic(&chase_name))
5066 free_name(&chase_name, mctx);
5067 return (ISC_R_NOTFOUND);
5069 if (result == ISC_R_NOTFOUND) {
5070 return (ISC_R_NOTFOUND);
5072 printf("\n;; RRSIG of the RRset to chase:\n");
5073 print_rdataset(&chase_name, chase_sigrdataset, mctx);
5075 INSIST(chase_sigrdataset != NULL);
5078 /* first find the DNSKEY name */
5079 result = dns_rdataset_first(chase_sigrdataset);
5080 check_result(result, "empty RRSIG dataset");
5081 dns_rdataset_current(chase_sigrdataset, &sigrdata);
5082 result = dns_rdata_tostruct(&sigrdata, &siginfo, NULL);
5083 check_result(result, "sigrdata tostruct siginfo");
5084 dup_name(&siginfo.signer, &chase_signame, mctx);
5085 dns_rdata_freestruct(&siginfo);
5086 dns_rdata_reset(&sigrdata);
5088 /* Do we have a key? */
5089 if (chase_keyrdataset == NULL) {
5090 result = advanced_rrsearch(&chase_keyrdataset,
5092 dns_rdatatype_dnskey,
5094 &chase_keylookedup);
5095 if (result == ISC_R_FAILURE) {
5096 printf("\n;; DNSKEY is missing to continue validation:"
5098 free_name(&chase_signame, mctx);
5099 if (dns_name_dynamic(&chase_name))
5100 free_name(&chase_name, mctx);
5101 return (ISC_R_NOTFOUND);
5103 if (result == ISC_R_NOTFOUND) {
5104 free_name(&chase_signame, mctx);
5105 return (ISC_R_NOTFOUND);
5107 printf("\n;; DNSKEYset that signs the RRset to chase:\n");
5108 print_rdataset(&chase_signame, chase_keyrdataset, mctx);
5110 INSIST(chase_keyrdataset != NULL);
5112 if (chase_sigkeyrdataset == NULL) {
5113 result = advanced_rrsearch(&chase_sigkeyrdataset,
5115 dns_rdatatype_rrsig,
5116 dns_rdatatype_dnskey,
5117 &chase_sigkeylookedup);
5118 if (result == ISC_R_FAILURE) {
5119 printf("\n;; RRSIG for DNSKEY is missing to continue"
5120 " validation : FAILED\n\n");
5121 free_name(&chase_signame, mctx);
5122 if (dns_name_dynamic(&chase_name))
5123 free_name(&chase_name, mctx);
5124 return (ISC_R_NOTFOUND);
5126 if (result == ISC_R_NOTFOUND) {
5127 free_name(&chase_signame, mctx);
5128 return (ISC_R_NOTFOUND);
5130 printf("\n;; RRSIG of the DNSKEYset that signs the "
5131 "RRset to chase:\n");
5132 print_rdataset(&chase_signame, chase_sigkeyrdataset, mctx);
5134 INSIST(chase_sigkeyrdataset != NULL);
5137 if (chase_dsrdataset == NULL) {
5138 result = advanced_rrsearch(&chase_dsrdataset, &chase_signame,
5142 if (result == ISC_R_FAILURE) {
5143 printf("\n;; WARNING There is no DS for the zone: ");
5144 dns_name_print(&chase_signame, stdout);
5147 if (result == ISC_R_NOTFOUND) {
5148 free_name(&chase_signame, mctx);
5149 return (ISC_R_NOTFOUND);
5151 if (chase_dsrdataset != NULL) {
5152 printf("\n;; DSset of the DNSKEYset\n");
5153 print_rdataset(&chase_signame, chase_dsrdataset, mctx);
5157 if (chase_dsrdataset != NULL) {
5159 * if there is no RRSIG of DS,
5160 * we don't want to search on the network
5162 result = advanced_rrsearch(&chase_sigdsrdataset,
5164 dns_rdatatype_rrsig,
5165 dns_rdatatype_ds, &true);
5166 if (result == ISC_R_FAILURE) {
5167 printf(";; WARNING : NO RRSIG DS : RRSIG DS"
5168 " should come with DS\n");
5170 * We continue even the DS couldn't be validated,
5171 * because the DNSKEY could be a Trusted Key.
5173 chase_dsrdataset = NULL;
5175 printf("\n;; RRSIG of the DSset of the DNSKEYset\n");
5176 print_rdataset(&chase_signame, chase_sigdsrdataset,
5186 sigchase_bu(dns_message_t *msg)
5188 isc_result_t result;
5191 if (tk_list.nb_tk == 0) {
5192 result = get_trusted_key(mctx);
5193 if (result != ISC_R_SUCCESS) {
5194 printf("No trusted keys present\n");
5200 ret = getneededrr(msg);
5201 if (ret == ISC_R_NOTFOUND)
5204 if (ret == ISC_R_ADDRNOTAVAIL) {
5205 /* We have no response */
5206 dns_rdataset_t *rdataset;
5207 dns_rdataset_t *sigrdataset;
5208 dns_name_t rdata_name;
5209 dns_name_t query_name;
5212 dns_name_init(&query_name, NULL);
5213 dns_name_init(&rdata_name, NULL);
5214 nameFromString(current_lookup->textname, &query_name);
5216 result = prove_nx(msg, &query_name, current_lookup->rdclass,
5217 current_lookup->rdtype, &rdata_name,
5218 &rdataset, &sigrdataset);
5219 free_name(&query_name, mctx);
5220 if (rdataset == NULL || sigrdataset == NULL ||
5221 dns_name_countlabels(&rdata_name) == 0) {
5222 printf("\n;; Impossible to verify the Non-existence,"
5223 " the NSEC RRset can't be validated: "
5229 if (result != ISC_R_SUCCESS) {
5230 printf("\n No Answers and impossible to prove the"
5231 " unsecurity : Validation FAILED\n\n");
5235 printf(";; An NSEC prove the non-existence of a answers,"
5236 " Now we want validate this NSEC\n");
5238 dup_name(&rdata_name, &chase_name, mctx);
5239 free_name(&rdata_name, mctx);
5240 chase_rdataset = rdataset;
5241 chase_sigrdataset = sigrdataset;
5242 chase_keyrdataset = NULL;
5243 chase_sigkeyrdataset = NULL;
5244 chase_dsrdataset = NULL;
5245 chase_sigdsrdataset = NULL;
5246 chase_siglookedup = ISC_FALSE;
5247 chase_keylookedup = ISC_FALSE;
5248 chase_dslookedup = ISC_FALSE;
5249 chase_sigdslookedup = ISC_FALSE;
5256 printf("\n\n\n;; WE HAVE MATERIAL, WE NOW DO VALIDATION\n");
5258 result = sigchase_verify_sig(&chase_name, chase_rdataset,
5260 chase_sigrdataset, mctx);
5261 if (result != ISC_R_SUCCESS) {
5262 free_name(&chase_name, mctx);
5263 free_name(&chase_signame, mctx);
5264 printf(";; No DNSKEY is valid to check the RRSIG"
5265 " of the RRset: FAILED\n");
5269 printf(";; OK We found DNSKEY (or more) to validate the RRset\n");
5271 result = contains_trusted_key(&chase_signame, chase_keyrdataset,
5272 chase_sigkeyrdataset, mctx);
5273 if (result == ISC_R_SUCCESS) {
5274 free_name(&chase_name, mctx);
5275 free_name(&chase_signame, mctx);
5276 printf("\n;; Ok this DNSKEY is a Trusted Key,"
5277 " DNSSEC validation is ok: SUCCESS\n\n");
5282 printf(";; Now, we are going to validate this DNSKEY by the DS\n");
5284 if (chase_dsrdataset == NULL) {
5285 free_name(&chase_name, mctx);
5286 free_name(&chase_signame, mctx);
5287 printf(";; the DNSKEY isn't trusted-key and there isn't"
5288 " DS to validate the DNSKEY: FAILED\n");
5293 result = sigchase_verify_ds(&chase_signame, chase_keyrdataset,
5294 chase_dsrdataset, mctx);
5295 if (result != ISC_R_SUCCESS) {
5296 free_name(&chase_signame, mctx);
5297 free_name(&chase_name, mctx);
5298 printf(";; ERROR no DS validates a DNSKEY in the"
5299 " DNSKEY RRset: FAILED\n");
5303 printf(";; OK this DNSKEY (validated by the DS) validates"
5304 " the RRset of the DNSKEYs, thus the DNSKEY validates"
5306 INSIST(chase_sigdsrdataset != NULL);
5308 dup_name(&chase_signame, &chase_name, mctx);
5309 free_name(&chase_signame, mctx);
5310 chase_rdataset = chase_dsrdataset;
5311 chase_sigrdataset = chase_sigdsrdataset;
5312 chase_keyrdataset = NULL;
5313 chase_sigkeyrdataset = NULL;
5314 chase_dsrdataset = NULL;
5315 chase_sigdsrdataset = NULL;
5316 chase_siglookedup = chase_keylookedup = ISC_FALSE;
5317 chase_dslookedup = chase_sigdslookedup = ISC_FALSE;
5319 printf(";; Now, we want to validate the DS : recursive call\n");
5326 sigchase(dns_message_t *msg) {
5328 if (current_lookup->do_topdown) {
5341 * return 1 if name1 < name2
5342 * 0 if name1 == name2
5343 * -1 if name1 > name2
5347 inf_name(dns_name_t *name1, dns_name_t *name2)
5351 unsigned int nblabel1;
5352 unsigned int nblabel2;
5357 nblabel1 = dns_name_countlabels(name1);
5358 nblabel2 = dns_name_countlabels(name2);
5360 if (nblabel1 >= nblabel2)
5361 min_lum_label = nblabel2;
5363 min_lum_label = nblabel1;
5366 for (i=1 ; i < min_lum_label; i++) {
5367 dns_name_getlabel(name1, nblabel1 -1 - i, &label1);
5368 dns_name_getlabel(name2, nblabel2 -1 - i, &label2);
5369 if ((ret = isc_region_compare(&label1, &label2)) != 0) {
5376 if (nblabel1 == nblabel2)
5379 if (nblabel1 < nblabel2)
5391 prove_nx_domain(dns_message_t *msg,
5393 dns_name_t *rdata_name,
5394 dns_rdataset_t **rdataset,
5395 dns_rdataset_t **sigrdataset)
5397 isc_result_t ret = ISC_R_FAILURE;
5398 isc_result_t result = ISC_R_NOTFOUND;
5399 dns_rdataset_t *nsecset = NULL;
5400 dns_rdataset_t *signsecset = NULL ;
5401 dns_rdata_t nsec = DNS_RDATA_INIT;
5402 dns_name_t *nsecname;
5403 dns_rdata_nsec_t nsecstruct;
5405 if ((result = dns_message_firstname(msg, DNS_SECTION_AUTHORITY))
5407 printf(";; nothing in authority section : impossible to"
5408 " validate the non-existence : FAILED\n");
5409 return (ISC_R_FAILURE);
5414 dns_message_currentname(msg, DNS_SECTION_AUTHORITY, &nsecname);
5415 nsecset = search_type(nsecname, dns_rdatatype_nsec,
5417 if (nsecset == NULL)
5420 printf("There is a NSEC for this zone in the"
5421 " AUTHORITY section:\n");
5422 print_rdataset(nsecname, nsecset, mctx);
5424 for (result = dns_rdataset_first(nsecset);
5425 result == ISC_R_SUCCESS;
5426 result = dns_rdataset_next(nsecset)) {
5427 dns_rdataset_current(nsecset, &nsec);
5431 = chase_scanname_section(msg, nsecname,
5432 dns_rdatatype_rrsig,
5434 DNS_SECTION_AUTHORITY);
5435 if (signsecset == NULL) {
5436 printf(";; no RRSIG NSEC in authority section:"
5437 " impossible to validate the "
5438 "non-existence: FAILED\n");
5439 return (ISC_R_FAILURE);
5442 ret = dns_rdata_tostruct(&nsec, &nsecstruct, NULL);
5443 check_result(ret,"dns_rdata_tostruct");
5445 if ((inf_name(nsecname, &nsecstruct.next) == 1 &&
5446 inf_name(name, &nsecstruct.next) == 1) ||
5447 (inf_name(name, nsecname) == 1 &&
5448 inf_name(&nsecstruct.next, name) == 1)) {
5449 dns_rdata_freestruct(&nsecstruct);
5450 *rdataset = nsecset;
5451 *sigrdataset = signsecset;
5452 dup_name(nsecname, rdata_name, mctx);
5454 return (ISC_R_SUCCESS);
5457 dns_rdata_freestruct(&nsecstruct);
5458 dns_rdata_reset(&nsec);
5460 } while (dns_message_nextname(msg, DNS_SECTION_AUTHORITY)
5464 *sigrdataset = NULL;
5466 return (ISC_R_FAILURE);
5477 prove_nx_type(dns_message_t *msg, dns_name_t *name, dns_rdataset_t *nsecset,
5478 dns_rdataclass_t class, dns_rdatatype_t type,
5479 dns_name_t *rdata_name, dns_rdataset_t **rdataset,
5480 dns_rdataset_t **sigrdataset)
5483 dns_rdataset_t *signsecset;
5484 dns_rdata_t nsec = DNS_RDATA_INIT;
5488 ret = dns_rdataset_first(nsecset);
5489 check_result(ret,"dns_rdataset_first");
5491 dns_rdataset_current(nsecset, &nsec);
5493 ret = dns_nsec_typepresent(&nsec, type);
5494 if (ret == ISC_R_SUCCESS)
5495 printf("OK the NSEC said that the type doesn't exist \n");
5497 signsecset = chase_scanname_section(msg, name,
5498 dns_rdatatype_rrsig,
5500 DNS_SECTION_AUTHORITY);
5501 if (signsecset == NULL) {
5502 printf("There isn't RRSIG NSEC for the zone \n");
5503 return (ISC_R_FAILURE);
5505 dup_name(name, rdata_name, mctx);
5506 *rdataset = nsecset;
5507 *sigrdataset = signsecset;
5519 prove_nx(dns_message_t *msg, dns_name_t *name, dns_rdataclass_t class,
5520 dns_rdatatype_t type, dns_name_t *rdata_name,
5521 dns_rdataset_t **rdataset, dns_rdataset_t **sigrdataset)
5524 dns_rdataset_t *nsecset = NULL;
5526 printf("We want to prove the non-existence of a type of rdata %d"
5527 " or of the zone: \n", type);
5529 if ((ret = dns_message_firstname(msg, DNS_SECTION_AUTHORITY))
5531 printf(";; nothing in authority section : impossible to"
5532 " validate the non-existence : FAILED\n");
5533 return (ISC_R_FAILURE);
5536 nsecset = chase_scanname_section(msg, name, dns_rdatatype_nsec,
5538 DNS_SECTION_AUTHORITY);
5539 if (nsecset != NULL) {
5540 printf("We have a NSEC for this zone :OK\n");
5541 ret = prove_nx_type(msg, name, nsecset, class,
5542 type, rdata_name, rdataset,
5544 if (ret != ISC_R_SUCCESS) {
5545 printf("prove_nx: ERROR type exist\n");
5548 printf("prove_nx: OK type does not exist\n");
5549 return (ISC_R_SUCCESS);
5552 printf("there is no NSEC for this zone: validating "
5553 "that the zone doesn't exist\n");
5554 ret = prove_nx_domain(msg, name, rdata_name,
5555 rdataset, sigrdataset);
5558 /* Never get here */