2 * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
3 * Copyright (C) 2000-2003 Internet Software Consortium.
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
9 * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
10 * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
11 * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
12 * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
13 * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
14 * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
15 * PERFORMANCE OF THIS SOFTWARE.
18 /* $Id: dighost.c,v 1.221.2.19.2.20 2004/11/22 23:30:31 marka Exp $ */
21 * Notice to programmers: Do not use this code as an example of how to
22 * use the ISC library to perform DNS lookups. Dig and Host both operate
23 * on the request level, since they allow fine-tuning of output and are
24 * intended as debugging tools. As a result, they perform many of the
25 * functions which could be better handled using the dns_resolver
26 * functions in most applications.
35 #include <dns/byaddr.h>
37 #include <dns/dnssec.h>
41 #include <isc/random.h>
44 #include <dns/fixedname.h>
45 #include <dns/message.h>
47 #include <dns/rdata.h>
48 #include <dns/rdataclass.h>
49 #include <dns/rdatalist.h>
50 #include <dns/rdataset.h>
51 #include <dns/rdatastruct.h>
52 #include <dns/rdatatype.h>
53 #include <dns/result.h>
59 #include <isc/base64.h>
60 #include <isc/entropy.h>
62 #include <isc/netaddr.h>
64 #include <isc/netdb.h>
66 #include <isc/print.h>
67 #include <isc/random.h>
68 #include <isc/result.h>
69 #include <isc/string.h>
71 #include <isc/timer.h>
72 #include <isc/types.h>
75 #include <lwres/lwres.h>
76 #include <lwres/net.h>
78 #include <bind9/getaddresses.h>
82 #if ! defined(NS_INADDRSZ)
86 #if ! defined(NS_IN6ADDRSZ)
87 #define NS_IN6ADDRSZ 16
90 static lwres_context_t *lwctx = NULL;
91 static lwres_conf_t *lwconf;
93 ISC_LIST(dig_lookup_t) lookup_list;
94 dig_serverlist_t server_list;
95 ISC_LIST(dig_searchlist_t) search_list;
98 have_ipv4 = ISC_FALSE,
99 have_ipv6 = ISC_FALSE,
100 specified_source = ISC_FALSE,
101 free_now = ISC_FALSE,
102 cancel_now = ISC_FALSE,
103 usesearch = ISC_FALSE,
105 is_dst_up = ISC_FALSE;
107 unsigned int timeout = 0;
108 isc_mem_t *mctx = NULL;
109 isc_taskmgr_t *taskmgr = NULL;
110 isc_task_t *global_task = NULL;
111 isc_timermgr_t *timermgr = NULL;
112 isc_socketmgr_t *socketmgr = NULL;
113 isc_sockaddr_t bind_address;
114 isc_sockaddr_t bind_any;
120 int lookup_counter = 0;
124 * 0 Everything went well, including things like NXDOMAIN
126 * 7 Got too many RR's or Names
127 * 8 Couldn't open batch file
128 * 9 No reply from server
133 char keynametext[MXNAME];
134 char keyfile[MXNAME] = "";
135 char keysecret[MXNAME] = "";
136 isc_buffer_t *namebuf = NULL;
137 dns_tsigkey_t *key = NULL;
138 isc_boolean_t validated = ISC_TRUE;
139 isc_entropy_t *entp = NULL;
140 isc_mempool_t *commctx = NULL;
141 isc_boolean_t debugging = ISC_FALSE;
142 isc_boolean_t memdebugging = ISC_FALSE;
143 char *progname = NULL;
144 isc_mutex_t lookup_lock;
145 dig_lookup_t *current_lookup = NULL;
149 isc_result_t get_trusted_key(isc_mem_t *mctx);
150 dns_rdataset_t * sigchase_scanname(dns_rdatatype_t type,
151 dns_rdatatype_t covers,
152 isc_boolean_t *lookedup,
153 dns_name_t *rdata_name);
154 dns_rdataset_t * chase_scanname_section(dns_message_t *msg,
156 dns_rdatatype_t type,
157 dns_rdatatype_t covers,
159 isc_result_t advanced_rrsearch(dns_rdataset_t **rdataset,
161 dns_rdatatype_t type,
162 dns_rdatatype_t covers,
163 isc_boolean_t *lookedup);
164 isc_result_t sigchase_verify_sig_key(dns_name_t *name,
165 dns_rdataset_t *rdataset,
166 dst_key_t* dnsseckey,
167 dns_rdataset_t *sigrdataset,
169 isc_result_t sigchase_verify_sig(dns_name_t *name,
170 dns_rdataset_t *rdataset,
171 dns_rdataset_t *keyrdataset,
172 dns_rdataset_t *sigrdataset,
174 isc_result_t sigchase_verify_ds(dns_name_t *name,
175 dns_rdataset_t *keyrdataset,
176 dns_rdataset_t *dsrdataset,
178 void sigchase(dns_message_t *msg);
179 void print_rdata(dns_rdata_t *rdata, isc_mem_t *mctx);
180 void print_rdataset(dns_name_t *name,
181 dns_rdataset_t *rdataset, isc_mem_t *mctx);
182 void dup_name(dns_name_t *source, dns_name_t* target,
184 void dump_database(void);
185 void dump_database_section(dns_message_t *msg, int section);
186 dns_rdataset_t * search_type(dns_name_t *name, dns_rdatatype_t type,
187 dns_rdatatype_t covers);
188 isc_result_t contains_trusted_key(dns_name_t *name,
189 dns_rdataset_t *rdataset,
190 dns_rdataset_t *sigrdataset,
192 void print_type(dns_rdatatype_t type);
193 isc_result_t prove_nx_domain(dns_message_t * msg,
195 dns_name_t * rdata_name,
196 dns_rdataset_t ** rdataset,
197 dns_rdataset_t ** sigrdataset);
198 isc_result_t prove_nx_type(dns_message_t * msg, dns_name_t *name,
199 dns_rdataset_t *nsec,
200 dns_rdataclass_t class,
201 dns_rdatatype_t type,
202 dns_name_t * rdata_name,
203 dns_rdataset_t ** rdataset,
204 dns_rdataset_t ** sigrdataset);
205 isc_result_t prove_nx(dns_message_t * msg, dns_name_t * name,
206 dns_rdataclass_t class,
207 dns_rdatatype_t type,
208 dns_name_t * rdata_name,
209 dns_rdataset_t ** rdataset,
210 dns_rdataset_t ** sigrdataset);
211 static void nameFromString(const char *str, dns_name_t *p_ret);
212 int inf_name(dns_name_t * name1, dns_name_t * name2);
213 isc_result_t opentmpkey(isc_mem_t *mctx, const char *file,
214 char **tempp, FILE **fp);
215 isc_result_t removetmpkey(isc_mem_t *mctx, const char *file);
216 void clean_trustedkey(void );
217 void insert_trustedkey(dst_key_t * key);
219 isc_result_t getneededrr(dns_message_t *msg);
220 void sigchase_bottom_up(dns_message_t *msg);
221 void sigchase_bu(dns_message_t *msg);
224 isc_result_t initialization(dns_name_t *name);
225 isc_result_t prepare_lookup(dns_name_t *name);
226 isc_result_t grandfather_pb_test(dns_name_t * zone_name,
227 dns_rdataset_t *sigrdataset);
228 isc_result_t child_of_zone(dns_name_t *name,
229 dns_name_t *zone_name,
230 dns_name_t *child_name);
231 void sigchase_td(dns_message_t *msg);
233 char trustedkey[MXNAME] = "";
235 dns_rdataset_t * chase_rdataset = NULL;
236 dns_rdataset_t * chase_sigrdataset = NULL;
237 dns_rdataset_t * chase_dsrdataset = NULL;
238 dns_rdataset_t * chase_sigdsrdataset = NULL;
239 dns_rdataset_t * chase_keyrdataset = NULL;
240 dns_rdataset_t * chase_sigkeyrdataset = NULL;
241 dns_rdataset_t * chase_nsrdataset = NULL;
243 dns_name_t chase_name; /* the query name */
246 * the current name is the parent name when we follow delegation
248 dns_name_t chase_current_name;
250 * the child name is used for delegation (NS DS responses in AUTHORITY section)
252 dns_name_t chase_authority_name;
255 dns_name_t chase_signame;
259 isc_boolean_t chase_siglookedup = ISC_FALSE;
260 isc_boolean_t chase_keylookedup = ISC_FALSE;
261 isc_boolean_t chase_sigkeylookedup = ISC_FALSE;
262 isc_boolean_t chase_dslookedup = ISC_FALSE;
263 isc_boolean_t chase_sigdslookedup = ISC_FALSE;
265 isc_boolean_t chase_nslookedup = ISC_FALSE;
266 isc_boolean_t chase_lookedup = ISC_FALSE;
269 isc_boolean_t delegation_follow = ISC_FALSE;
270 isc_boolean_t grandfather_pb = ISC_FALSE;
271 isc_boolean_t have_response = ISC_FALSE;
272 isc_boolean_t have_delegation_ns = ISC_FALSE;
273 dns_message_t * error_message = NULL;
276 isc_boolean_t dsvalidating = ISC_FALSE;
277 isc_boolean_t chase_name_dup = ISC_FALSE;
279 ISC_LIST(dig_message_t) chase_message_list;
280 ISC_LIST(dig_message_t) chase_message_list2;
283 #define MAX_TRUSTED_KEY 5
284 typedef struct struct_trusted_key_list {
285 dst_key_t * key[MAX_TRUSTED_KEY];
289 struct_tk_list tk_list = { {NULL, NULL, NULL, NULL, NULL}, 0};
293 #define DIG_MAX_ADDRESSES 20
296 * Apply and clear locks at the event level in global task.
297 * Can I get rid of these using shutdown events? XXX
299 #define LOCK_LOOKUP {\
300 debug("lock_lookup %s:%d", __FILE__, __LINE__);\
301 check_result(isc_mutex_lock((&lookup_lock)), "isc_mutex_lock");\
304 #define UNLOCK_LOOKUP {\
305 debug("unlock_lookup %s:%d", __FILE__, __LINE__);\
306 check_result(isc_mutex_unlock((&lookup_lock)),\
307 "isc_mutex_unlock");\
311 cancel_lookup(dig_lookup_t *lookup);
314 recv_done(isc_task_t *task, isc_event_t *event);
317 connect_timeout(isc_task_t *task, isc_event_t *event);
320 launch_next_query(dig_query_t *query, isc_boolean_t include_question);
324 mem_alloc(void *arg, size_t size) {
325 return (isc_mem_get(arg, size));
329 mem_free(void *arg, void *mem, size_t size) {
330 isc_mem_put(arg, mem, size);
334 next_token(char **stringp, const char *delim) {
338 res = strsep(stringp, delim);
341 } while (*res == '\0');
346 count_dots(char *string) {
360 hex_dump(isc_buffer_t *b) {
364 isc_buffer_usedregion(b, &r);
366 printf("%d bytes\n", r.length);
367 for (len = 0; len < r.length; len++) {
368 printf("%02x ", r.base[len]);
377 * Append 'len' bytes of 'text' at '*p', failing with
378 * ISC_R_NOSPACE if that would advance p past 'end'.
381 append(const char *text, int len, char **p, char *end) {
383 return (ISC_R_NOSPACE);
384 memcpy(*p, text, len);
386 return (ISC_R_SUCCESS);
390 reverse_octets(const char *in, char **p, char *end) {
391 char *dot = strchr(in, '.');
395 result = reverse_octets(dot + 1, p, end);
396 if (result != ISC_R_SUCCESS)
398 result = append(".", 1, p, end);
399 if (result != ISC_R_SUCCESS)
405 return (append(in, len, p, end));
409 get_reverse(char *reverse, size_t len, char *value, isc_boolean_t ip6_int,
410 isc_boolean_t strict)
416 addr.family = AF_INET6;
417 r = inet_pton(AF_INET6, value, &addr.type.in6);
419 /* This is a valid IPv6 address. */
420 dns_fixedname_t fname;
422 unsigned int options = 0;
425 options |= DNS_BYADDROPT_IPV6INT;
426 dns_fixedname_init(&fname);
427 name = dns_fixedname_name(&fname);
428 result = dns_byaddr_createptrname2(&addr, options, name);
429 if (result != ISC_R_SUCCESS)
431 dns_name_format(name, reverse, len);
432 return (ISC_R_SUCCESS);
435 * Not a valid IPv6 address. Assume IPv4.
436 * If 'strict' is not set, construct the
437 * in-addr.arpa name by blindly reversing
438 * octets whether or not they look like integers,
439 * so that this can be used for RFC2317 names
443 char *end = reverse + len;
444 if (strict && inet_pton(AF_INET, value, &addr.type.in) != 1)
445 return (DNS_R_BADDOTTEDQUAD);
446 result = reverse_octets(value, &p, end);
447 if (result != ISC_R_SUCCESS)
449 /* Append .in-addr.arpa. and a terminating NUL. */
450 result = append(".in-addr.arpa.", 15, &p, end);
451 if (result != ISC_R_SUCCESS)
453 return (ISC_R_SUCCESS);
458 fatal(const char *format, ...) {
461 fprintf(stderr, "%s: ", progname);
462 va_start(args, format);
463 vfprintf(stderr, format, args);
465 fprintf(stderr, "\n");
469 exitcode = fatalexit;
474 debug(const char *format, ...) {
478 va_start(args, format);
479 vfprintf(stderr, format, args);
481 fprintf(stderr, "\n");
486 check_result(isc_result_t result, const char *msg) {
487 if (result != ISC_R_SUCCESS) {
488 fatal("%s: %s", msg, isc_result_totext(result));
493 * Create a server structure, which is part of the lookup structure.
494 * This is little more than a linked list of servers to query in hopes
495 * of finding the answer the user is looking for
498 make_server(const char *servname, const char *userarg) {
501 REQUIRE(servname != NULL);
503 debug("make_server(%s)", servname);
504 srv = isc_mem_allocate(mctx, sizeof(struct dig_server));
506 fatal("memory allocation failure in %s:%d",
508 strncpy(srv->servername, servname, MXNAME);
509 strncpy(srv->userarg, userarg, MXNAME);
510 srv->servername[MXNAME-1] = 0;
511 srv->userarg[MXNAME-1] = 0;
512 ISC_LINK_INIT(srv, link);
517 addr2af(int lwresaddrtype)
521 switch (lwresaddrtype) {
522 case LWRES_ADDRTYPE_V4:
526 case LWRES_ADDRTYPE_V6:
535 * Create a copy of the server list from the lwres configuration structure.
536 * The dest list must have already had ISC_LIST_INIT applied.
539 copy_server_list(lwres_conf_t *confdata, dig_serverlist_t *dest) {
540 dig_server_t *newsrv;
541 char tmp[sizeof("ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255")];
545 debug("copy_server_list()");
546 for (i = 0; i < confdata->nsnext; i++) {
547 af = addr2af(confdata->nameservers[i].family);
549 lwres_net_ntop(af, confdata->nameservers[i].address,
551 newsrv = make_server(tmp, tmp);
552 ISC_LINK_INIT(newsrv, link);
553 ISC_LIST_ENQUEUE(*dest, newsrv, link);
558 flush_server_list(void) {
559 dig_server_t *s, *ps;
561 debug("flush_server_list()");
562 s = ISC_LIST_HEAD(server_list);
565 s = ISC_LIST_NEXT(s, link);
566 ISC_LIST_DEQUEUE(server_list, ps, link);
567 isc_mem_free(mctx, ps);
572 set_nameserver(char *opt) {
574 isc_sockaddr_t sockaddrs[DIG_MAX_ADDRESSES];
575 isc_netaddr_t netaddr;
578 char tmp[ISC_NETADDR_FORMATSIZE];
583 result = bind9_getaddresses(opt, 0, sockaddrs,
584 DIG_MAX_ADDRESSES, &count);
585 if (result != ISC_R_SUCCESS)
586 fatal("couldn't get address for '%s': %s",
587 opt, isc_result_totext(result));
591 for (i = 0; i < count; i++) {
592 isc_netaddr_fromsockaddr(&netaddr, &sockaddrs[i]);
593 isc_netaddr_format(&netaddr, tmp, sizeof(tmp));
594 srv = make_server(tmp, opt);
596 fatal("memory allocation failure");
597 ISC_LIST_APPEND(server_list, srv, link);
602 add_nameserver(lwres_conf_t *confdata, const char *addr, int af) {
604 int i = confdata->nsnext;
606 if (confdata->nsnext >= LWRES_CONFMAXNAMESERVERS)
607 return (ISC_R_FAILURE);
611 confdata->nameservers[i].family = LWRES_ADDRTYPE_V4;
612 confdata->nameservers[i].length = NS_INADDRSZ;
615 confdata->nameservers[i].family = LWRES_ADDRTYPE_V6;
616 confdata->nameservers[i].length = NS_IN6ADDRSZ;
619 return (ISC_R_FAILURE);
622 if (lwres_net_pton(af, addr, &confdata->nameservers[i].address) == 1) {
624 return (ISC_R_SUCCESS);
626 return (ISC_R_FAILURE);
630 * Produce a cloned server list. The dest list must have already had
631 * ISC_LIST_INIT applied.
634 clone_server_list(dig_serverlist_t src, dig_serverlist_t *dest) {
635 dig_server_t *srv, *newsrv;
637 debug("clone_server_list()");
638 srv = ISC_LIST_HEAD(src);
639 while (srv != NULL) {
640 newsrv = make_server(srv->servername, srv->userarg);
641 ISC_LINK_INIT(newsrv, link);
642 ISC_LIST_ENQUEUE(*dest, newsrv, link);
643 srv = ISC_LIST_NEXT(srv, link);
648 * Create an empty lookup structure, which holds all the information needed
649 * to get an answer to a user's question. This structure contains two
650 * linked lists: the server list (servers to query) and the query list
651 * (outstanding queries which have been made to the listed servers).
654 make_empty_lookup(void) {
655 dig_lookup_t *looknew;
657 debug("make_empty_lookup()");
661 looknew = isc_mem_allocate(mctx, sizeof(struct dig_lookup));
663 fatal("memory allocation failure in %s:%d",
665 looknew->pending = ISC_TRUE;
666 looknew->textname[0] = 0;
667 looknew->cmdline[0] = 0;
668 looknew->rdtype = dns_rdatatype_a;
669 looknew->qrdtype = dns_rdatatype_a;
670 looknew->rdclass = dns_rdataclass_in;
671 looknew->rdtypeset = ISC_FALSE;
672 looknew->rdclassset = ISC_FALSE;
673 looknew->sendspace = NULL;
674 looknew->sendmsg = NULL;
675 looknew->name = NULL;
676 looknew->oname = NULL;
677 looknew->timer = NULL;
678 looknew->xfr_q = NULL;
679 looknew->current_query = NULL;
680 looknew->doing_xfr = ISC_FALSE;
681 looknew->ixfr_serial = ISC_FALSE;
682 looknew->trace = ISC_FALSE;
683 looknew->trace_root = ISC_FALSE;
684 looknew->identify = ISC_FALSE;
685 looknew->identify_previous_line = ISC_FALSE;
686 looknew->ignore = ISC_FALSE;
687 looknew->servfail_stops = ISC_TRUE;
688 looknew->besteffort = ISC_TRUE;
689 looknew->dnssec = ISC_FALSE;
691 looknew->sigchase = ISC_FALSE;
693 looknew->do_topdown = ISC_FALSE;
694 looknew->trace_root_sigchase = ISC_FALSE;
695 looknew->rdtype_sigchaseset = ISC_FALSE;
696 looknew->rdtype_sigchase = dns_rdatatype_any;
697 looknew->qrdtype_sigchase = dns_rdatatype_any;
698 looknew->rdclass_sigchase = dns_rdataclass_in;
699 looknew->rdclass_sigchaseset = ISC_FALSE;
702 looknew->udpsize = 0;
703 looknew->recurse = ISC_TRUE;
704 looknew->aaonly = ISC_FALSE;
705 looknew->adflag = ISC_FALSE;
706 looknew->cdflag = ISC_FALSE;
707 looknew->ns_search_only = ISC_FALSE;
708 looknew->origin = NULL;
709 looknew->tsigctx = NULL;
710 looknew->querysig = NULL;
711 looknew->retries = tries;
712 looknew->nsfound = 0;
713 looknew->tcp_mode = ISC_FALSE;
714 looknew->ip6_int = ISC_FALSE;
715 looknew->comments = ISC_TRUE;
716 looknew->stats = ISC_TRUE;
717 looknew->section_question = ISC_TRUE;
718 looknew->section_answer = ISC_TRUE;
719 looknew->section_authority = ISC_TRUE;
720 looknew->section_additional = ISC_TRUE;
721 looknew->new_search = ISC_FALSE;
722 ISC_LINK_INIT(looknew, link);
723 ISC_LIST_INIT(looknew->q);
724 ISC_LIST_INIT(looknew->my_server_list);
729 * Clone a lookup, perhaps copying the server list. This does not clone
730 * the query list, since it will be regenerated by the setup_lookup()
731 * function, nor does it queue up the new lookup for processing.
732 * Caution: If you don't clone the servers, you MUST clone the server
733 * list seperately from somewhere else, or construct it by hand.
736 clone_lookup(dig_lookup_t *lookold, isc_boolean_t servers) {
737 dig_lookup_t *looknew;
739 debug("clone_lookup()");
743 looknew = make_empty_lookup();
744 INSIST(looknew != NULL);
745 strncpy(looknew->textname, lookold->textname, MXNAME);
747 strncpy(looknew->textnamesigchase, lookold->textnamesigchase, MXNAME);
749 strncpy(looknew->cmdline, lookold->cmdline, MXNAME);
750 looknew->textname[MXNAME-1] = 0;
751 looknew->rdtype = lookold->rdtype;
752 looknew->qrdtype = lookold->qrdtype;
753 looknew->rdclass = lookold->rdclass;
754 looknew->rdtypeset = lookold->rdtypeset;
755 looknew->rdclassset = lookold->rdclassset;
756 looknew->doing_xfr = lookold->doing_xfr;
757 looknew->ixfr_serial = lookold->ixfr_serial;
758 looknew->trace = lookold->trace;
759 looknew->trace_root = lookold->trace_root;
760 looknew->identify = lookold->identify;
761 looknew->identify_previous_line = lookold->identify_previous_line;
762 looknew->ignore = lookold->ignore;
763 looknew->servfail_stops = lookold->servfail_stops;
764 looknew->besteffort = lookold->besteffort;
765 looknew->dnssec = lookold->dnssec;
767 looknew->sigchase = lookold->sigchase;
769 looknew->do_topdown = lookold->do_topdown;
770 looknew->trace_root_sigchase = lookold->trace_root_sigchase;
771 looknew->rdtype_sigchaseset = lookold->rdtype_sigchaseset;
772 looknew->rdtype_sigchase = lookold->rdtype_sigchase;
773 looknew->qrdtype_sigchase = lookold->qrdtype_sigchase;
774 looknew->rdclass_sigchase = lookold->rdclass_sigchase;
775 looknew->rdclass_sigchaseset = lookold->rdclass_sigchaseset;
778 looknew->udpsize = lookold->udpsize;
779 looknew->recurse = lookold->recurse;
780 looknew->aaonly = lookold->aaonly;
781 looknew->adflag = lookold->adflag;
782 looknew->cdflag = lookold->cdflag;
783 looknew->ns_search_only = lookold->ns_search_only;
784 looknew->tcp_mode = lookold->tcp_mode;
785 looknew->comments = lookold->comments;
786 looknew->stats = lookold->stats;
787 looknew->section_question = lookold->section_question;
788 looknew->section_answer = lookold->section_answer;
789 looknew->section_authority = lookold->section_authority;
790 looknew->section_additional = lookold->section_additional;
791 looknew->retries = lookold->retries;
792 looknew->tsigctx = NULL;
795 clone_server_list(lookold->my_server_list,
796 &looknew->my_server_list);
801 * Requeue a lookup for further processing, perhaps copying the server
802 * list. The new lookup structure is returned to the caller, and is
803 * queued for processing. If servers are not cloned in the requeue, they
804 * must be added before allowing the current event to complete, since the
805 * completion of the event may result in the next entry on the lookup
809 requeue_lookup(dig_lookup_t *lookold, isc_boolean_t servers) {
810 dig_lookup_t *looknew;
812 debug("requeue_lookup()");
815 if (lookup_counter > LOOKUP_LIMIT)
816 fatal("too many lookups");
818 looknew = clone_lookup(lookold, servers);
819 INSIST(looknew != NULL);
821 debug("before insertion, init@%p -> %p, new@%p -> %p",
822 lookold, lookold->link.next, looknew, looknew->link.next);
823 ISC_LIST_PREPEND(lookup_list, looknew, link);
824 debug("after insertion, init -> %p, new = %p, new -> %p",
825 lookold, looknew, looknew->link.next);
831 setup_text_key(void) {
834 isc_buffer_t secretbuf;
836 unsigned char *secretstore;
838 debug("setup_text_key()");
839 result = isc_buffer_allocate(mctx, &namebuf, MXNAME);
840 check_result(result, "isc_buffer_allocate");
841 dns_name_init(&keyname, NULL);
842 check_result(result, "dns_name_init");
843 isc_buffer_putstr(namebuf, keynametext);
844 secretsize = strlen(keysecret) * 3 / 4;
845 secretstore = isc_mem_allocate(mctx, secretsize);
846 if (secretstore == NULL)
847 fatal("memory allocation failure in %s:%d",
849 isc_buffer_init(&secretbuf, secretstore, secretsize);
850 result = isc_base64_decodestring(keysecret, &secretbuf);
851 if (result != ISC_R_SUCCESS)
854 secretsize = isc_buffer_usedlength(&secretbuf);
856 result = dns_name_fromtext(&keyname, namebuf,
857 dns_rootname, ISC_FALSE,
859 if (result != ISC_R_SUCCESS)
862 result = dns_tsigkey_create(&keyname, dns_tsig_hmacmd5_name,
863 secretstore, secretsize,
864 ISC_FALSE, NULL, 0, 0, mctx,
867 if (result != ISC_R_SUCCESS)
868 printf(";; Couldn't create key %s: %s\n",
869 keynametext, isc_result_totext(result));
871 isc_mem_free(mctx, secretstore);
872 dns_name_invalidate(&keyname);
873 isc_buffer_free(&namebuf);
877 setup_file_key(void) {
879 dst_key_t *dstkey = NULL;
881 debug("setup_file_key()");
882 result = dst_key_fromnamedfile(keyfile, DST_TYPE_PRIVATE | DST_TYPE_KEY,
884 if (result != ISC_R_SUCCESS) {
885 fprintf(stderr, "Couldn't read key from %s: %s\n",
886 keyfile, isc_result_totext(result));
890 result = dns_tsigkey_createfromkey(dst_key_name(dstkey),
891 dns_tsig_hmacmd5_name,
892 dstkey, ISC_FALSE, NULL, 0, 0,
894 if (result != ISC_R_SUCCESS) {
895 printf(";; Couldn't create key %s: %s\n",
896 keynametext, isc_result_totext(result));
902 dst_key_free(&dstkey);
905 static dig_searchlist_t *
906 make_searchlist_entry(char *domain) {
907 dig_searchlist_t *search;
908 search = isc_mem_allocate(mctx, sizeof(*search));
910 fatal("memory allocation failure in %s:%d",
912 strncpy(search->origin, domain, MXNAME);
913 search->origin[MXNAME-1] = 0;
914 ISC_LINK_INIT(search, link);
919 create_search_list(lwres_conf_t *confdata) {
921 dig_searchlist_t *search;
923 debug("create_search_list()");
924 ISC_LIST_INIT(search_list);
926 for (i = 0; i < confdata->searchnxt; i++) {
927 search = make_searchlist_entry(confdata->search[i]);
928 ISC_LIST_APPEND(search_list, search, link);
933 * Setup the system as a whole, reading key information and resolv.conf
938 dig_searchlist_t *domain = NULL;
939 lwres_result_t lwresult;
941 debug("setup_system()");
943 lwresult = lwres_context_create(&lwctx, mctx, mem_alloc, mem_free, 1);
944 if (lwresult != LWRES_R_SUCCESS)
945 fatal("lwres_context_create failed");
947 (void)lwres_conf_parse(lwctx, RESOLV_CONF);
948 lwconf = lwres_conf_get(lwctx);
950 /* Make the search list */
951 if (lwconf->searchnxt > 0)
952 create_search_list(lwconf);
954 /* No search list. Use the domain name if any */
955 if (lwconf->domainname != NULL) {
956 domain = make_searchlist_entry(lwconf->domainname);
957 ISC_LIST_INITANDAPPEND(search_list, domain, link);
962 ndots = lwconf->ndots;
963 debug("ndots is %d.", ndots);
965 /* If we don't find a nameserver fall back to localhost */
966 if (lwconf->nsnext == 0) {
968 lwresult = add_nameserver(lwconf, "127.0.0.1", AF_INET);
969 if (lwresult != ISC_R_SUCCESS)
970 fatal("add_nameserver failed");
973 lwresult = add_nameserver(lwconf, "::1", AF_INET6);
974 if (lwresult != ISC_R_SUCCESS)
975 fatal("add_nameserver failed");
979 if (ISC_LIST_EMPTY(server_list))
980 copy_server_list(lwconf, &server_list);
984 else if (keysecret[0] != 0)
987 /* Setup the list of messages for +sigchase */
988 ISC_LIST_INIT(chase_message_list);
989 ISC_LIST_INIT(chase_message_list2);
990 dns_name_init(&chase_name, NULL);
992 dns_name_init(&chase_current_name, NULL);
993 dns_name_init(&chase_authority_name, NULL);
996 dns_name_init(&chase_signame, NULL);
1004 clear_searchlist(void) {
1005 dig_searchlist_t *search;
1006 while ((search = ISC_LIST_HEAD(search_list)) != NULL) {
1007 ISC_LIST_UNLINK(search_list, search, link);
1008 isc_mem_free(mctx, search);
1013 * Override the search list derived from resolv.conf by 'domain'.
1016 set_search_domain(char *domain) {
1017 dig_searchlist_t *search;
1020 search = make_searchlist_entry(domain);
1021 ISC_LIST_APPEND(search_list, search, link);
1025 * Setup the ISC and DNS libraries for use by the system.
1029 isc_result_t result;
1031 debug("setup_libs()");
1033 result = isc_net_probeipv4();
1034 if (result == ISC_R_SUCCESS)
1035 have_ipv4 = ISC_TRUE;
1037 result = isc_net_probeipv6();
1038 if (result == ISC_R_SUCCESS)
1039 have_ipv6 = ISC_TRUE;
1040 if (!have_ipv6 && !have_ipv4)
1041 fatal("can't find either v4 or v6 networking");
1043 result = isc_mem_create(0, 0, &mctx);
1044 check_result(result, "isc_mem_create");
1046 result = isc_taskmgr_create(mctx, 1, 0, &taskmgr);
1047 check_result(result, "isc_taskmgr_create");
1049 result = isc_task_create(taskmgr, 0, &global_task);
1050 check_result(result, "isc_task_create");
1052 result = isc_timermgr_create(mctx, &timermgr);
1053 check_result(result, "isc_timermgr_create");
1055 result = isc_socketmgr_create(mctx, &socketmgr);
1056 check_result(result, "isc_socketmgr_create");
1058 result = isc_entropy_create(mctx, &entp);
1059 check_result(result, "isc_entropy_create");
1061 result = dst_lib_init(mctx, entp, 0);
1062 check_result(result, "dst_lib_init");
1063 is_dst_up = ISC_TRUE;
1065 result = isc_mempool_create(mctx, COMMSIZE, &commctx);
1066 check_result(result, "isc_mempool_create");
1067 isc_mempool_setname(commctx, "COMMPOOL");
1069 * 6 and 2 set as reasonable parameters for 3 or 4 nameserver
1072 isc_mempool_setfreemax(commctx, 6);
1073 isc_mempool_setfillcount(commctx, 2);
1075 result = isc_mutex_init(&lookup_lock);
1076 check_result(result, "isc_mutex_init");
1078 dns_result_register();
1082 * Add EDNS0 option record to a message. Currently, the only supported
1083 * options are UDP buffer size and the DO bit.
1086 add_opt(dns_message_t *msg, isc_uint16_t udpsize, isc_boolean_t dnssec) {
1087 dns_rdataset_t *rdataset = NULL;
1088 dns_rdatalist_t *rdatalist = NULL;
1089 dns_rdata_t *rdata = NULL;
1090 isc_result_t result;
1093 result = dns_message_gettemprdataset(msg, &rdataset);
1094 check_result(result, "dns_message_gettemprdataset");
1095 dns_rdataset_init(rdataset);
1096 result = dns_message_gettemprdatalist(msg, &rdatalist);
1097 check_result(result, "dns_message_gettemprdatalist");
1098 result = dns_message_gettemprdata(msg, &rdata);
1099 check_result(result, "dns_message_gettemprdata");
1101 debug("setting udp size of %d", udpsize);
1102 rdatalist->type = dns_rdatatype_opt;
1103 rdatalist->covers = 0;
1104 rdatalist->rdclass = udpsize;
1107 rdatalist->ttl = DNS_MESSAGEEXTFLAG_DO;
1110 ISC_LIST_INIT(rdatalist->rdata);
1111 ISC_LIST_APPEND(rdatalist->rdata, rdata, link);
1112 dns_rdatalist_tordataset(rdatalist, rdataset);
1113 result = dns_message_setopt(msg, rdataset);
1114 check_result(result, "dns_message_setopt");
1118 * Add a question section to a message, asking for the specified name,
1122 add_question(dns_message_t *message, dns_name_t *name,
1123 dns_rdataclass_t rdclass, dns_rdatatype_t rdtype)
1125 dns_rdataset_t *rdataset;
1126 isc_result_t result;
1128 debug("add_question()");
1130 result = dns_message_gettemprdataset(message, &rdataset);
1131 check_result(result, "dns_message_gettemprdataset()");
1132 dns_rdataset_init(rdataset);
1133 dns_rdataset_makequestion(rdataset, rdclass, rdtype);
1134 ISC_LIST_APPEND(name->list, rdataset, link);
1138 * Check if we're done with all the queued lookups, which is true iff
1139 * all sockets, sends, and recvs are accounted for (counters == 0),
1140 * and the lookup list is empty.
1141 * If we are done, pass control back out to dighost_shutdown() (which is
1142 * part of dig.c, host.c, or nslookup.c) to either shutdown the system as
1143 * a whole or reseed the lookup list.
1146 check_if_done(void) {
1147 debug("check_if_done()");
1148 debug("list %s", ISC_LIST_EMPTY(lookup_list) ? "empty" : "full");
1149 if (ISC_LIST_EMPTY(lookup_list) && current_lookup == NULL &&
1151 INSIST(sockcount == 0);
1152 INSIST(recvcount == 0);
1153 debug("shutting down");
1159 * Clear out a query when we're done with it. WARNING: This routine
1160 * WILL invalidate the query pointer.
1163 clear_query(dig_query_t *query) {
1164 dig_lookup_t *lookup;
1166 REQUIRE(query != NULL);
1168 debug("clear_query(%p)", query);
1170 lookup = query->lookup;
1172 if (lookup->current_query == query)
1173 lookup->current_query = NULL;
1175 ISC_LIST_UNLINK(lookup->q, query, link);
1176 if (ISC_LINK_LINKED(&query->recvbuf, link))
1177 ISC_LIST_DEQUEUE(query->recvlist, &query->recvbuf,
1179 if (ISC_LINK_LINKED(&query->lengthbuf, link))
1180 ISC_LIST_DEQUEUE(query->lengthlist, &query->lengthbuf,
1182 INSIST(query->recvspace != NULL);
1183 if (query->sock != NULL) {
1184 isc_socket_detach(&query->sock);
1186 debug("sockcount=%d", sockcount);
1188 isc_mempool_put(commctx, query->recvspace);
1189 isc_buffer_invalidate(&query->recvbuf);
1190 isc_buffer_invalidate(&query->lengthbuf);
1191 isc_mem_free(mctx, query);
1195 * Try and clear out a lookup if we're done with it. Return ISC_TRUE if
1196 * the lookup was successfully cleared. If ISC_TRUE is returned, the
1197 * lookup pointer has been invalidated.
1199 static isc_boolean_t
1200 try_clear_lookup(dig_lookup_t *lookup) {
1205 REQUIRE(lookup != NULL);
1207 debug("try_clear_lookup(%p)", lookup);
1209 if (ISC_LIST_HEAD(lookup->q) != NULL) {
1211 q = ISC_LIST_HEAD(lookup->q);
1213 debug("query to %s still pending",
1215 q = ISC_LIST_NEXT(q, link);
1221 * At this point, we know there are no queries on the lookup,
1222 * so can make it go away also.
1225 s = ISC_LIST_HEAD(lookup->my_server_list);
1227 debug("freeing server %p belonging to %p",
1230 s = ISC_LIST_NEXT(s, link);
1231 ISC_LIST_DEQUEUE(lookup->my_server_list,
1232 (dig_server_t *)ptr, link);
1233 isc_mem_free(mctx, ptr);
1235 if (lookup->sendmsg != NULL)
1236 dns_message_destroy(&lookup->sendmsg);
1237 if (lookup->querysig != NULL) {
1238 debug("freeing buffer %p", lookup->querysig);
1239 isc_buffer_free(&lookup->querysig);
1241 if (lookup->timer != NULL)
1242 isc_timer_detach(&lookup->timer);
1243 if (lookup->sendspace != NULL)
1244 isc_mempool_put(commctx, lookup->sendspace);
1246 if (lookup->tsigctx != NULL)
1247 dst_context_destroy(&lookup->tsigctx);
1249 isc_mem_free(mctx, lookup);
1255 * If we can, start the next lookup in the queue running.
1256 * This assumes that the lookup on the head of the queue hasn't been
1257 * started yet. It also removes the lookup from the head of the queue,
1258 * setting the current_lookup pointer pointing to it.
1261 start_lookup(void) {
1262 debug("start_lookup()");
1267 * If there's a current lookup running, we really shouldn't get
1270 INSIST(current_lookup == NULL);
1272 current_lookup = ISC_LIST_HEAD(lookup_list);
1274 * Put the current lookup somewhere so cancel_all can find it
1276 if (current_lookup != NULL) {
1277 ISC_LIST_DEQUEUE(lookup_list, current_lookup, link);
1279 if (current_lookup->do_topdown &&
1280 !current_lookup->rdtype_sigchaseset) {
1281 dst_key_t * trustedkey = NULL;
1282 isc_buffer_t *b = NULL;
1284 isc_result_t result;
1285 dns_name_t query_name;
1286 dns_name_t * key_name;
1289 result = get_trusted_key(mctx);
1290 if (result != ISC_R_SUCCESS) {
1291 printf("\n;; No trusted key, "
1292 "+sigchase option is disabled\n");
1293 current_lookup->sigchase = ISC_FALSE;
1296 dns_name_init(&query_name, NULL);
1297 nameFromString(current_lookup->textname, &query_name);
1299 for (i = 0; i< tk_list.nb_tk; i++) {
1300 key_name = dst_key_name(tk_list.key[i]);
1302 if (dns_name_issubdomain(&query_name,
1303 key_name) == ISC_TRUE)
1304 trustedkey = tk_list.key[i];
1306 * Verifier que la temp est bien la plus basse
1310 if (trustedkey == NULL) {
1311 printf("\n;; The queried zone: ");
1312 dns_name_print(&query_name, stdout);
1313 printf(" isn't a subdomain of any Trusted Keys"
1314 ": +sigchase option is disable\n");
1315 current_lookup->sigchase = ISC_FALSE;
1316 dns_name_free(&query_name, mctx);
1319 dns_name_free(&query_name, mctx);
1322 current_lookup->rdtype_sigchase
1323 = current_lookup->rdtype;
1324 current_lookup->rdtype_sigchaseset
1325 = current_lookup->rdtypeset;
1326 current_lookup->rdtype = dns_rdatatype_ns;
1329 current_lookup->qrdtype_sigchase
1330 = current_lookup->qrdtype;
1331 current_lookup->qrdtype = dns_rdatatype_ns;
1333 current_lookup->rdclass_sigchase
1334 = current_lookup->rdclass;
1335 current_lookup->rdclass_sigchaseset
1336 = current_lookup->rdclassset;
1337 current_lookup->rdclass = dns_rdataclass_in;
1340 strncpy(current_lookup->textnamesigchase,
1341 current_lookup->textname, MXNAME);
1343 current_lookup->trace_root_sigchase = ISC_TRUE;
1345 result = isc_buffer_allocate(mctx, &b, BUFSIZE);
1346 check_result(result, "isc_buffer_allocate");
1347 result = dns_name_totext(dst_key_name(trustedkey),
1349 check_result(result, "dns_name_totext");
1350 isc_buffer_usedregion(b, &r);
1351 r.base[r.length] = '\0';
1352 strncpy(current_lookup->textname, (char*)r.base,
1354 isc_buffer_free(&b);
1356 nameFromString(current_lookup->textnamesigchase,
1359 dns_name_init(&chase_authority_name, NULL);
1363 setup_lookup(current_lookup);
1364 do_lookup(current_lookup);
1371 * If we can, clear the current lookup and start the next one running.
1372 * This calls try_clear_lookup, so may invalidate the lookup pointer.
1375 check_next_lookup(dig_lookup_t *lookup) {
1379 debug("check_next_lookup(%p)", lookup);
1381 if (ISC_LIST_HEAD(lookup->q) != NULL) {
1382 debug("still have a worker");
1385 if (try_clear_lookup(lookup)) {
1386 current_lookup = NULL;
1392 * Create and queue a new lookup as a followup to the current lookup,
1393 * based on the supplied message and section. This is used in trace and
1394 * name server search modes to start a new lookup using servers from
1395 * NS records in a reply. Returns the number of followup lookups made.
1398 followup_lookup(dns_message_t *msg, dig_query_t *query, dns_section_t section)
1400 dig_lookup_t *lookup = NULL;
1401 dig_server_t *srv = NULL;
1402 dns_rdataset_t *rdataset = NULL;
1403 dns_rdata_t rdata = DNS_RDATA_INIT;
1404 dns_name_t *name = NULL;
1405 isc_result_t result;
1406 isc_boolean_t success = ISC_FALSE;
1411 debug("following up %s", query->lookup->textname);
1413 for (result = dns_message_firstname(msg, section);
1414 result == ISC_R_SUCCESS;
1415 result = dns_message_nextname(msg, section)) {
1417 dns_message_currentname(msg, section, &name);
1419 if (section == DNS_SECTION_AUTHORITY) {
1421 result = dns_message_findtype(name, dns_rdatatype_soa,
1423 if (result == ISC_R_SUCCESS)
1427 result = dns_message_findtype(name, dns_rdatatype_ns, 0,
1429 if (result != ISC_R_SUCCESS)
1432 debug("found NS set");
1434 for (result = dns_rdataset_first(rdataset);
1435 result == ISC_R_SUCCESS;
1436 result = dns_rdataset_next(rdataset)) {
1437 char namestr[DNS_NAME_FORMATSIZE];
1440 if (query->lookup->trace_root &&
1441 query->lookup->nsfound >= MXSERV)
1444 dns_rdataset_current(rdataset, &rdata);
1446 query->lookup->nsfound++;
1447 (void)dns_rdata_tostruct(&rdata, &ns, NULL);
1448 dns_name_format(&ns.name, namestr, sizeof(namestr));
1449 dns_rdata_freestruct(&ns);
1451 /* Initialize lookup if we've not yet */
1452 debug("found NS %d %s", numLookups, namestr);
1457 lookup = requeue_lookup(query->lookup,
1459 cancel_lookup(query->lookup);
1460 lookup->doing_xfr = ISC_FALSE;
1461 if (!lookup->trace_root &&
1462 section == DNS_SECTION_ANSWER)
1463 lookup->trace = ISC_FALSE;
1465 lookup->trace = query->lookup->trace;
1466 lookup->ns_search_only =
1467 query->lookup->ns_search_only;
1468 lookup->trace_root = ISC_FALSE;
1470 srv = make_server(namestr, namestr);
1471 debug("adding server %s", srv->servername);
1472 ISC_LIST_APPEND(lookup->my_server_list, srv, link);
1473 dns_rdata_reset(&rdata);
1477 if (lookup == NULL &&
1478 section == DNS_SECTION_ANSWER &&
1479 (query->lookup->trace || query->lookup->ns_search_only))
1480 return (followup_lookup(msg, query, DNS_SECTION_AUTHORITY));
1486 * Create and queue a new lookup using the next origin from the search
1487 * list, read in setup_system().
1489 * Return ISC_TRUE iff there was another searchlist entry.
1491 static isc_boolean_t
1492 next_origin(dns_message_t *msg, dig_query_t *query) {
1493 dig_lookup_t *lookup;
1499 debug("next_origin()");
1500 debug("following up %s", query->lookup->textname);
1504 * We're not using a search list, so don't even think
1505 * about finding the next entry.
1508 if (query->lookup->origin == NULL)
1510 * Then we just did rootorg; there's nothing left.
1513 lookup = requeue_lookup(query->lookup, ISC_TRUE);
1514 lookup->origin = ISC_LIST_NEXT(query->lookup->origin, link);
1515 cancel_lookup(query->lookup);
1520 * Insert an SOA record into the sendmessage in a lookup. Used for
1521 * creating IXFR queries.
1524 insert_soa(dig_lookup_t *lookup) {
1525 isc_result_t result;
1526 dns_rdata_soa_t soa;
1527 dns_rdata_t *rdata = NULL;
1528 dns_rdatalist_t *rdatalist = NULL;
1529 dns_rdataset_t *rdataset = NULL;
1530 dns_name_t *soaname = NULL;
1532 debug("insert_soa()");
1534 soa.serial = lookup->ixfr_serial;
1539 soa.common.rdclass = lookup->rdclass;
1540 soa.common.rdtype = dns_rdatatype_soa;
1542 dns_name_init(&soa.origin, NULL);
1543 dns_name_init(&soa.contact, NULL);
1545 dns_name_clone(dns_rootname, &soa.origin);
1546 dns_name_clone(dns_rootname, &soa.contact);
1548 isc_buffer_init(&lookup->rdatabuf, lookup->rdatastore,
1549 sizeof(lookup->rdatastore));
1551 result = dns_message_gettemprdata(lookup->sendmsg, &rdata);
1552 check_result(result, "dns_message_gettemprdata");
1554 result = dns_rdata_fromstruct(rdata, lookup->rdclass,
1555 dns_rdatatype_soa, &soa,
1557 check_result(result, "isc_rdata_fromstruct");
1559 result = dns_message_gettemprdatalist(lookup->sendmsg, &rdatalist);
1560 check_result(result, "dns_message_gettemprdatalist");
1562 result = dns_message_gettemprdataset(lookup->sendmsg, &rdataset);
1563 check_result(result, "dns_message_gettemprdataset");
1565 dns_rdatalist_init(rdatalist);
1566 rdatalist->type = dns_rdatatype_soa;
1567 rdatalist->rdclass = lookup->rdclass;
1568 rdatalist->covers = 0;
1570 ISC_LIST_INIT(rdatalist->rdata);
1571 ISC_LIST_APPEND(rdatalist->rdata, rdata, link);
1573 dns_rdataset_init(rdataset);
1574 dns_rdatalist_tordataset(rdatalist, rdataset);
1576 result = dns_message_gettempname(lookup->sendmsg, &soaname);
1577 check_result(result, "dns_message_gettempname");
1578 dns_name_init(soaname, NULL);
1579 dns_name_clone(lookup->name, soaname);
1580 ISC_LIST_INIT(soaname->list);
1581 ISC_LIST_APPEND(soaname->list, rdataset, link);
1582 dns_message_addname(lookup->sendmsg, soaname, DNS_SECTION_AUTHORITY);
1586 * Setup the supplied lookup structure, making it ready to start sending
1587 * queries to servers. Create and initialize the message to be sent as
1588 * well as the query structures and buffer space for the replies. If the
1589 * server list is empty, clone it from the system default list.
1592 setup_lookup(dig_lookup_t *lookup) {
1593 isc_result_t result;
1599 dns_compress_t cctx;
1602 REQUIRE(lookup != NULL);
1605 debug("setup_lookup(%p)", lookup);
1607 result = dns_message_create(mctx, DNS_MESSAGE_INTENTRENDER,
1609 check_result(result, "dns_message_create");
1611 if (lookup->new_search) {
1612 debug("resetting lookup counter.");
1616 if (ISC_LIST_EMPTY(lookup->my_server_list)) {
1617 debug("cloning server list");
1618 clone_server_list(server_list, &lookup->my_server_list);
1620 result = dns_message_gettempname(lookup->sendmsg, &lookup->name);
1621 check_result(result, "dns_message_gettempname");
1622 dns_name_init(lookup->name, NULL);
1624 isc_buffer_init(&lookup->namebuf, lookup->namespace,
1625 sizeof(lookup->namespace));
1626 isc_buffer_init(&lookup->onamebuf, lookup->onamespace,
1627 sizeof(lookup->onamespace));
1630 * If the name has too many dots, force the origin to be NULL
1631 * (which produces an absolute lookup). Otherwise, take the origin
1632 * we have if there's one in the struct already. If it's NULL,
1633 * take the first entry in the searchlist iff either usesearch
1634 * is TRUE or we got a domain line in the resolv.conf file.
1636 /* XXX New search here? */
1637 if ((count_dots(lookup->textname) >= ndots) || !usesearch)
1638 lookup->origin = NULL; /* Force abs lookup */
1639 else if (lookup->origin == NULL && lookup->new_search && usesearch) {
1640 lookup->origin = ISC_LIST_HEAD(search_list);
1642 if (lookup->origin != NULL) {
1643 debug("trying origin %s", lookup->origin->origin);
1644 result = dns_message_gettempname(lookup->sendmsg,
1646 check_result(result, "dns_message_gettempname");
1647 dns_name_init(lookup->oname, NULL);
1648 /* XXX Helper funct to conv char* to name? */
1649 len = strlen(lookup->origin->origin);
1650 isc_buffer_init(&b, lookup->origin->origin, len);
1651 isc_buffer_add(&b, len);
1652 result = dns_name_fromtext(lookup->oname, &b, dns_rootname,
1653 ISC_FALSE, &lookup->onamebuf);
1654 if (result != ISC_R_SUCCESS) {
1655 dns_message_puttempname(lookup->sendmsg,
1657 dns_message_puttempname(lookup->sendmsg,
1659 fatal("'%s' is not in legal name syntax (%s)",
1660 lookup->origin->origin,
1661 isc_result_totext(result));
1663 if (lookup->trace && lookup->trace_root) {
1664 dns_name_clone(dns_rootname, lookup->name);
1666 len = strlen(lookup->textname);
1667 isc_buffer_init(&b, lookup->textname, len);
1668 isc_buffer_add(&b, len);
1669 result = dns_name_fromtext(lookup->name, &b,
1670 lookup->oname, ISC_FALSE,
1673 if (result != ISC_R_SUCCESS) {
1674 dns_message_puttempname(lookup->sendmsg,
1676 dns_message_puttempname(lookup->sendmsg,
1678 fatal("'%s' is not in legal name syntax (%s)",
1679 lookup->textname, isc_result_totext(result));
1681 dns_message_puttempname(lookup->sendmsg, &lookup->oname);
1683 debug("using root origin");
1684 if (lookup->trace && lookup->trace_root)
1685 dns_name_clone(dns_rootname, lookup->name);
1687 len = strlen(lookup->textname);
1688 isc_buffer_init(&b, lookup->textname, len);
1689 isc_buffer_add(&b, len);
1690 result = dns_name_fromtext(lookup->name, &b,
1695 if (result != ISC_R_SUCCESS) {
1696 dns_message_puttempname(lookup->sendmsg,
1698 isc_buffer_init(&b, store, MXNAME);
1699 fatal("'%s' is not a legal name "
1700 "(%s)", lookup->textname,
1701 isc_result_totext(result));
1704 dns_name_format(lookup->name, store, sizeof(store));
1705 trying(store, lookup);
1706 INSIST(dns_name_isabsolute(lookup->name));
1708 isc_random_get(&id);
1709 lookup->sendmsg->id = (unsigned short)id & 0xFFFF;
1710 lookup->sendmsg->opcode = dns_opcode_query;
1711 lookup->msgcounter = 0;
1713 * If this is a trace request, completely disallow recursion, since
1714 * it's meaningless for traces.
1716 if (lookup->trace || (lookup->ns_search_only && !lookup->trace_root))
1717 lookup->recurse = ISC_FALSE;
1719 if (lookup->recurse &&
1720 lookup->rdtype != dns_rdatatype_axfr &&
1721 lookup->rdtype != dns_rdatatype_ixfr) {
1722 debug("recursive query");
1723 lookup->sendmsg->flags |= DNS_MESSAGEFLAG_RD;
1727 if (lookup->aaonly) {
1729 lookup->sendmsg->flags |= DNS_MESSAGEFLAG_AA;
1732 if (lookup->adflag) {
1734 lookup->sendmsg->flags |= DNS_MESSAGEFLAG_AD;
1737 if (lookup->cdflag) {
1739 lookup->sendmsg->flags |= DNS_MESSAGEFLAG_CD;
1742 dns_message_addname(lookup->sendmsg, lookup->name,
1743 DNS_SECTION_QUESTION);
1745 if (lookup->trace && lookup->trace_root) {
1746 lookup->qrdtype = lookup->rdtype;
1747 lookup->rdtype = dns_rdatatype_ns;
1750 if ((lookup->rdtype == dns_rdatatype_axfr) ||
1751 (lookup->rdtype == dns_rdatatype_ixfr)) {
1752 lookup->doing_xfr = ISC_TRUE;
1754 * Force TCP mode if we're doing an xfr.
1755 * XXX UDP ixfr's would be useful
1757 lookup->tcp_mode = ISC_TRUE;
1760 add_question(lookup->sendmsg, lookup->name, lookup->rdclass,
1764 if (lookup->rdtype == dns_rdatatype_ixfr)
1767 /* XXX Insist this? */
1768 lookup->tsigctx = NULL;
1769 lookup->querysig = NULL;
1771 debug("initializing keys");
1772 result = dns_message_settsigkey(lookup->sendmsg, key);
1773 check_result(result, "dns_message_settsigkey");
1776 lookup->sendspace = isc_mempool_get(commctx);
1777 if (lookup->sendspace == NULL)
1778 fatal("memory allocation failure");
1780 result = dns_compress_init(&cctx, -1, mctx);
1781 check_result(result, "dns_compress_init");
1783 debug("starting to render the message");
1784 isc_buffer_init(&lookup->sendbuf, lookup->sendspace, COMMSIZE);
1785 result = dns_message_renderbegin(lookup->sendmsg, &cctx,
1787 check_result(result, "dns_message_renderbegin");
1788 if (lookup->udpsize > 0 || lookup->dnssec) {
1789 if (lookup->udpsize == 0)
1790 lookup->udpsize = 2048;
1791 add_opt(lookup->sendmsg, lookup->udpsize, lookup->dnssec);
1794 result = dns_message_rendersection(lookup->sendmsg,
1795 DNS_SECTION_QUESTION, 0);
1796 check_result(result, "dns_message_rendersection");
1797 result = dns_message_rendersection(lookup->sendmsg,
1798 DNS_SECTION_AUTHORITY, 0);
1799 check_result(result, "dns_message_rendersection");
1800 result = dns_message_renderend(lookup->sendmsg);
1801 check_result(result, "dns_message_renderend");
1802 debug("done rendering");
1804 dns_compress_invalidate(&cctx);
1807 * Force TCP mode if the request is larger than 512 bytes.
1809 if (isc_buffer_usedlength(&lookup->sendbuf) > 512)
1810 lookup->tcp_mode = ISC_TRUE;
1812 lookup->pending = ISC_FALSE;
1814 for (serv = ISC_LIST_HEAD(lookup->my_server_list);
1816 serv = ISC_LIST_NEXT(serv, link)) {
1817 query = isc_mem_allocate(mctx, sizeof(dig_query_t));
1819 fatal("memory allocation failure in %s:%d",
1820 __FILE__, __LINE__);
1821 debug("create query %p linked to lookup %p",
1823 query->lookup = lookup;
1824 query->waiting_connect = ISC_FALSE;
1825 query->recv_made = ISC_FALSE;
1826 query->first_pass = ISC_TRUE;
1827 query->first_soa_rcvd = ISC_FALSE;
1828 query->second_rr_rcvd = ISC_FALSE;
1829 query->first_repeat_rcvd = ISC_FALSE;
1830 query->warn_id = ISC_TRUE;
1831 query->first_rr_serial = 0;
1832 query->second_rr_serial = 0;
1833 query->servname = serv->servername;
1834 query->userarg = serv->userarg;
1835 query->rr_count = 0;
1836 query->msg_count = 0;
1837 ISC_LINK_INIT(query, link);
1838 ISC_LIST_INIT(query->recvlist);
1839 ISC_LIST_INIT(query->lengthlist);
1841 query->recvspace = isc_mempool_get(commctx);
1842 if (query->recvspace == NULL)
1843 fatal("memory allocation failure");
1845 isc_buffer_init(&query->recvbuf, query->recvspace, COMMSIZE);
1846 isc_buffer_init(&query->lengthbuf, query->lengthspace, 2);
1847 isc_buffer_init(&query->slbuf, query->slspace, 2);
1849 ISC_LINK_INIT(query, link);
1850 ISC_LIST_ENQUEUE(lookup->q, query, link);
1852 /* XXX qrflag, print_query, etc... */
1853 if (!ISC_LIST_EMPTY(lookup->q) && qr) {
1854 printmessage(ISC_LIST_HEAD(lookup->q), lookup->sendmsg,
1860 * Event handler for send completion. Track send counter, and clear out
1861 * the query if the send was canceled.
1864 send_done(isc_task_t *_task, isc_event_t *event) {
1865 REQUIRE(event->ev_type == ISC_SOCKEVENT_SENDDONE);
1871 isc_event_free(&event);
1873 debug("send_done()");
1875 debug("sendcount=%d", sendcount);
1876 INSIST(sendcount >= 0);
1882 * Cancel a lookup, sending isc_socket_cancel() requests to all outstanding
1883 * IO sockets. The cancel handlers should take care of cleaning up the
1884 * query and lookup structures
1887 cancel_lookup(dig_lookup_t *lookup) {
1888 dig_query_t *query, *next;
1890 debug("cancel_lookup()");
1891 query = ISC_LIST_HEAD(lookup->q);
1892 while (query != NULL) {
1893 next = ISC_LIST_NEXT(query, link);
1894 if (query->sock != NULL) {
1895 isc_socket_cancel(query->sock, global_task,
1896 ISC_SOCKCANCEL_ALL);
1903 if (lookup->timer != NULL)
1904 isc_timer_detach(&lookup->timer);
1905 lookup->pending = ISC_FALSE;
1906 lookup->retries = 0;
1910 bringup_timer(dig_query_t *query, unsigned int default_timeout) {
1912 unsigned int local_timeout;
1913 isc_result_t result;
1915 debug("bringup_timer()");
1917 * If the timer already exists, that means we're calling this
1918 * a second time (for a retry). Don't need to recreate it,
1922 if (ISC_LIST_NEXT(query, link) != NULL)
1923 local_timeout = SERVER_TIMEOUT;
1926 local_timeout = default_timeout;
1928 local_timeout = timeout;
1930 debug("have local timeout of %d", local_timeout);
1931 isc_interval_set(&l->interval, local_timeout, 0);
1932 if (l->timer != NULL)
1933 isc_timer_detach(&l->timer);
1934 result = isc_timer_create(timermgr,
1941 check_result(result, "isc_timer_create");
1945 connect_done(isc_task_t *task, isc_event_t *event);
1948 * Unlike send_udp, this can't be called multiple times with the same
1949 * query. When we retry TCP, we requeue the whole lookup, which should
1953 send_tcp_connect(dig_query_t *query) {
1954 isc_result_t result;
1958 debug("send_tcp_connect(%p)", query);
1961 query->waiting_connect = ISC_TRUE;
1962 query->lookup->current_query = query;
1963 get_address(query->servname, port, &query->sockaddr);
1965 if (specified_source &&
1966 (isc_sockaddr_pf(&query->sockaddr) !=
1967 isc_sockaddr_pf(&bind_address))) {
1968 printf(";; Skipping server %s, incompatible "
1969 "address family\n", query->servname);
1970 query->waiting_connect = ISC_FALSE;
1971 next = ISC_LIST_NEXT(query, link);
1975 printf(";; No acceptable nameservers\n");
1976 check_next_lookup(l);
1979 send_tcp_connect(next);
1982 INSIST(query->sock == NULL);
1983 result = isc_socket_create(socketmgr,
1984 isc_sockaddr_pf(&query->sockaddr),
1985 isc_sockettype_tcp, &query->sock);
1986 check_result(result, "isc_socket_create");
1988 debug("sockcount=%d", sockcount);
1989 if (specified_source)
1990 result = isc_socket_bind(query->sock, &bind_address);
1992 if ((isc_sockaddr_pf(&query->sockaddr) == AF_INET) &&
1994 isc_sockaddr_any(&bind_any);
1996 isc_sockaddr_any6(&bind_any);
1997 result = isc_socket_bind(query->sock, &bind_any);
1999 check_result(result, "isc_socket_bind");
2000 bringup_timer(query, TCP_TIMEOUT);
2001 result = isc_socket_connect(query->sock, &query->sockaddr,
2002 global_task, connect_done, query);
2003 check_result(result, "isc_socket_connect");
2005 * If we're at the endgame of a nameserver search, we need to
2006 * immediately bring up all the queries. Do it here.
2008 if (l->ns_search_only && !l->trace_root) {
2009 debug("sending next, since searching");
2010 next = ISC_LIST_NEXT(query, link);
2012 send_tcp_connect(next);
2017 * Send a UDP packet to the remote nameserver, possible starting the
2018 * recv action as well. Also make sure that the timer is running and
2019 * is properly reset.
2022 send_udp(dig_query_t *query) {
2023 dig_lookup_t *l = NULL;
2025 isc_result_t result;
2027 debug("send_udp(%p)", query);
2030 bringup_timer(query, UDP_TIMEOUT);
2031 l->current_query = query;
2032 debug("working on lookup %p, query %p",
2033 query->lookup, query);
2034 if (!query->recv_made) {
2035 /* XXX Check the sense of this, need assertion? */
2036 query->waiting_connect = ISC_FALSE;
2037 get_address(query->servname, port, &query->sockaddr);
2039 result = isc_socket_create(socketmgr,
2040 isc_sockaddr_pf(&query->sockaddr),
2041 isc_sockettype_udp, &query->sock);
2042 check_result(result, "isc_socket_create");
2044 debug("sockcount=%d", sockcount);
2045 if (specified_source) {
2046 result = isc_socket_bind(query->sock, &bind_address);
2048 isc_sockaddr_anyofpf(&bind_any,
2049 isc_sockaddr_pf(&query->sockaddr));
2050 result = isc_socket_bind(query->sock, &bind_any);
2052 check_result(result, "isc_socket_bind");
2054 query->recv_made = ISC_TRUE;
2055 ISC_LINK_INIT(&query->recvbuf, link);
2056 ISC_LIST_ENQUEUE(query->recvlist, &query->recvbuf,
2058 debug("recving with lookup=%p, query=%p, sock=%p",
2059 query->lookup, query,
2061 result = isc_socket_recvv(query->sock,
2062 &query->recvlist, 1,
2063 global_task, recv_done,
2065 check_result(result, "isc_socket_recvv");
2067 debug("recvcount=%d", recvcount);
2069 ISC_LIST_INIT(query->sendlist);
2070 ISC_LINK_INIT(&l->sendbuf, link);
2071 ISC_LIST_ENQUEUE(query->sendlist, &l->sendbuf,
2073 debug("sending a request");
2074 TIME_NOW(&query->time_sent);
2075 INSIST(query->sock != NULL);
2076 result = isc_socket_sendtov(query->sock, &query->sendlist,
2077 global_task, send_done, query,
2078 &query->sockaddr, NULL);
2079 check_result(result, "isc_socket_sendtov");
2082 * If we're at the endgame of a nameserver search, we need to
2083 * immediately bring up all the queries. Do it here.
2085 if (l->ns_search_only && !l->trace_root) {
2086 debug("sending next, since searching");
2087 next = ISC_LIST_NEXT(query, link);
2094 * IO timeout handler, used for both connect and recv timeouts. If
2095 * retries are still allowed, either resend the UDP packet or queue a
2096 * new TCP lookup. Otherwise, cancel the lookup.
2099 connect_timeout(isc_task_t *task, isc_event_t *event) {
2100 dig_lookup_t *l = NULL, *n;
2101 dig_query_t *query = NULL, *cq;
2104 REQUIRE(event->ev_type == ISC_TIMEREVENT_IDLE);
2106 debug("connect_timeout()");
2110 query = l->current_query;
2111 isc_event_free(&event);
2115 if ((query != NULL) && (query->lookup->current_query != NULL) &&
2116 (ISC_LIST_NEXT(query->lookup->current_query, link) != NULL)) {
2117 debug("trying next server...");
2118 cq = query->lookup->current_query;
2120 send_udp(ISC_LIST_NEXT(cq, link));
2122 send_tcp_connect(ISC_LIST_NEXT(cq, link));
2127 if (l->retries > 1) {
2130 debug("resending UDP request to first server");
2131 send_udp(ISC_LIST_HEAD(l->q));
2133 debug("making new TCP request, %d tries left",
2136 n = requeue_lookup(l, ISC_TRUE);
2138 check_next_lookup(l);
2141 fputs(l->cmdline, stdout);
2142 printf(";; connection timed out; no servers could be "
2145 check_next_lookup(l);
2153 * Event handler for the TCP recv which gets the length header of TCP
2154 * packets. Start the next recv of length bytes.
2157 tcp_length_done(isc_task_t *task, isc_event_t *event) {
2158 isc_socketevent_t *sevent;
2159 isc_buffer_t *b = NULL;
2160 isc_result_t result;
2161 dig_query_t *query = NULL;
2163 isc_uint16_t length;
2165 REQUIRE(event->ev_type == ISC_SOCKEVENT_RECVDONE);
2170 debug("tcp_length_done()");
2173 sevent = (isc_socketevent_t *)event;
2174 query = event->ev_arg;
2177 INSIST(recvcount >= 0);
2179 if (sevent->result == ISC_R_CANCELED) {
2180 isc_event_free(&event);
2183 check_next_lookup(l);
2187 if (sevent->result != ISC_R_SUCCESS) {
2188 char sockstr[ISC_SOCKADDR_FORMATSIZE];
2189 isc_sockaddr_format(&query->sockaddr, sockstr,
2191 printf(";; communications error to %s: %s\n",
2192 sockstr, isc_result_totext(sevent->result));
2194 isc_socket_detach(&query->sock);
2196 debug("sockcount=%d", sockcount);
2197 INSIST(sockcount >= 0);
2198 isc_event_free(&event);
2200 check_next_lookup(l);
2204 b = ISC_LIST_HEAD(sevent->bufferlist);
2205 ISC_LIST_DEQUEUE(sevent->bufferlist, &query->lengthbuf, link);
2206 length = isc_buffer_getuint16(b);
2208 isc_event_free(&event);
2209 launch_next_query(query, ISC_FALSE);
2215 * Even though the buffer was already init'ed, we need
2216 * to redo it now, to force the length we want.
2218 isc_buffer_invalidate(&query->recvbuf);
2219 isc_buffer_init(&query->recvbuf, query->recvspace, length);
2220 ENSURE(ISC_LIST_EMPTY(query->recvlist));
2221 ISC_LINK_INIT(&query->recvbuf, link);
2222 ISC_LIST_ENQUEUE(query->recvlist, &query->recvbuf, link);
2223 debug("recving with lookup=%p, query=%p",
2224 query->lookup, query);
2225 result = isc_socket_recvv(query->sock, &query->recvlist, length, task,
2227 check_result(result, "isc_socket_recvv");
2229 debug("resubmitted recv request with length %d, recvcount=%d",
2231 isc_event_free(&event);
2236 * For transfers that involve multiple recvs (XFR's in particular),
2237 * launch the next recv.
2240 launch_next_query(dig_query_t *query, isc_boolean_t include_question) {
2241 isc_result_t result;
2246 debug("launch_next_query()");
2248 if (!query->lookup->pending) {
2249 debug("ignoring launch_next_query because !pending");
2250 isc_socket_detach(&query->sock);
2252 debug("sockcount=%d", sockcount);
2253 INSIST(sockcount >= 0);
2254 query->waiting_connect = ISC_FALSE;
2257 check_next_lookup(l);
2261 isc_buffer_clear(&query->slbuf);
2262 isc_buffer_clear(&query->lengthbuf);
2263 isc_buffer_putuint16(&query->slbuf,
2264 (isc_uint16_t) query->lookup->sendbuf.used);
2265 ISC_LIST_INIT(query->sendlist);
2266 ISC_LINK_INIT(&query->slbuf, link);
2267 ISC_LIST_ENQUEUE(query->sendlist, &query->slbuf, link);
2268 if (include_question) {
2269 ISC_LINK_INIT(&query->lookup->sendbuf, link);
2270 ISC_LIST_ENQUEUE(query->sendlist, &query->lookup->sendbuf,
2273 ISC_LINK_INIT(&query->lengthbuf, link);
2274 ISC_LIST_ENQUEUE(query->lengthlist, &query->lengthbuf, link);
2276 result = isc_socket_recvv(query->sock, &query->lengthlist, 0,
2277 global_task, tcp_length_done, query);
2278 check_result(result, "isc_socket_recvv");
2280 debug("recvcount=%d", recvcount);
2281 if (!query->first_soa_rcvd) {
2282 debug("sending a request in launch_next_query");
2283 TIME_NOW(&query->time_sent);
2284 result = isc_socket_sendv(query->sock, &query->sendlist,
2285 global_task, send_done, query);
2286 check_result(result, "isc_socket_sendv");
2288 debug("sendcount=%d", sendcount);
2290 query->waiting_connect = ISC_FALSE;
2292 check_next_lookup(query->lookup);
2298 * Event handler for TCP connect complete. Make sure the connection was
2299 * successful, then pass into launch_next_query to actually send the
2303 connect_done(isc_task_t *task, isc_event_t *event) {
2304 isc_socketevent_t *sevent = NULL;
2305 dig_query_t *query = NULL, *next;
2310 REQUIRE(event->ev_type == ISC_SOCKEVENT_CONNECT);
2313 debug("connect_done()");
2316 sevent = (isc_socketevent_t *)event;
2317 query = sevent->ev_arg;
2319 INSIST(query->waiting_connect);
2321 query->waiting_connect = ISC_FALSE;
2323 if (sevent->result == ISC_R_CANCELED) {
2324 debug("in cancel handler");
2325 isc_socket_detach(&query->sock);
2327 INSIST(sockcount >= 0);
2328 debug("sockcount=%d", sockcount);
2329 query->waiting_connect = ISC_FALSE;
2330 isc_event_free(&event);
2333 check_next_lookup(l);
2337 if (sevent->result != ISC_R_SUCCESS) {
2338 char sockstr[ISC_SOCKADDR_FORMATSIZE];
2340 debug("unsuccessful connection: %s",
2341 isc_result_totext(sevent->result));
2342 isc_sockaddr_format(&query->sockaddr, sockstr,
2344 if (sevent->result != ISC_R_CANCELED)
2345 printf(";; Connection to %s(%s) for %s failed: "
2347 query->servname, query->lookup->textname,
2348 isc_result_totext(sevent->result));
2349 isc_socket_detach(&query->sock);
2351 INSIST(sockcount >= 0);
2352 /* XXX Clean up exitcodes */
2355 debug("sockcount=%d", sockcount);
2356 query->waiting_connect = ISC_FALSE;
2357 isc_event_free(&event);
2359 if (l->current_query != NULL)
2360 next = ISC_LIST_NEXT(l->current_query, link);
2365 bringup_timer(next, TCP_TIMEOUT);
2366 send_tcp_connect(next);
2368 check_next_lookup(l);
2373 launch_next_query(query, ISC_TRUE);
2374 isc_event_free(&event);
2379 * Check if the ongoing XFR needs more data before it's complete, using
2380 * the semantics of IXFR and AXFR protocols. Much of the complexity of
2381 * this routine comes from determining when an IXFR is complete.
2382 * ISC_FALSE means more data is on the way, and the recv has been issued.
2384 static isc_boolean_t
2385 check_for_more_data(dig_query_t *query, dns_message_t *msg,
2386 isc_socketevent_t *sevent)
2388 dns_rdataset_t *rdataset = NULL;
2389 dns_rdata_t rdata = DNS_RDATA_INIT;
2390 dns_rdata_soa_t soa;
2391 isc_uint32_t serial;
2392 isc_result_t result;
2394 debug("check_for_more_data()");
2397 * By the time we're in this routine, we know we're doing
2398 * either an AXFR or IXFR. If there's no second_rr_type,
2399 * then we don't yet know which kind of answer we got back
2400 * from the server. Here, we're going to walk through the
2401 * rr's in the message, acting as necessary whenever we hit
2406 result = dns_message_firstname(msg, DNS_SECTION_ANSWER);
2407 if (result != ISC_R_SUCCESS) {
2408 puts("; Transfer failed.");
2414 dns_message_currentname(msg, DNS_SECTION_ANSWER,
2416 for (rdataset = ISC_LIST_HEAD(name->list);
2418 rdataset = ISC_LIST_NEXT(rdataset, link)) {
2419 result = dns_rdataset_first(rdataset);
2420 if (result != ISC_R_SUCCESS)
2424 dns_rdata_reset(&rdata);
2425 dns_rdataset_current(rdataset, &rdata);
2427 * If this is the first rr, make sure
2430 if ((!query->first_soa_rcvd) &&
2431 (rdata.type != dns_rdatatype_soa)) {
2432 puts("; Transfer failed. "
2433 "Didn't start with "
2437 if ((!query->second_rr_rcvd) &&
2438 (rdata.type != dns_rdatatype_soa)) {
2439 query->second_rr_rcvd = ISC_TRUE;
2440 query->second_rr_serial = 0;
2441 debug("got the second rr as nonsoa");
2446 * If the record is anything except an SOA
2447 * now, just continue on...
2449 if (rdata.type != dns_rdatatype_soa)
2451 /* Now we have an SOA. Work with it. */
2452 debug("got an SOA");
2453 (void)dns_rdata_tostruct(&rdata, &soa, NULL);
2454 serial = soa.serial;
2455 dns_rdata_freestruct(&soa);
2456 if (!query->first_soa_rcvd) {
2457 query->first_soa_rcvd = ISC_TRUE;
2458 query->first_rr_serial = serial;
2459 debug("this is the first %d",
2460 query->lookup->ixfr_serial);
2461 if (query->lookup->ixfr_serial >=
2466 if (query->lookup->rdtype ==
2467 dns_rdatatype_axfr) {
2468 debug("doing axfr, got second SOA");
2471 if (!query->second_rr_rcvd) {
2472 if (query->first_rr_serial == serial) {
2473 debug("doing ixfr, got "
2477 debug("this is the second %d",
2478 query->lookup->ixfr_serial);
2479 query->second_rr_rcvd = ISC_TRUE;
2480 query->second_rr_serial = serial;
2483 if (query->second_rr_serial == 0) {
2485 * If the second RR was a non-SOA
2486 * record, and we're getting any
2487 * other SOA, then this is an
2488 * AXFR, and we're done.
2490 debug("done, since axfr");
2494 * If we get to this point, we're doing an
2495 * IXFR and have to start really looking
2496 * at serial numbers.
2498 if (query->first_rr_serial == serial) {
2499 debug("got a match for ixfr");
2500 if (!query->first_repeat_rcvd) {
2501 query->first_repeat_rcvd =
2505 debug("done with ixfr");
2508 debug("meaningless soa %d", serial);
2510 result = dns_rdataset_next(rdataset);
2511 } while (result == ISC_R_SUCCESS);
2513 result = dns_message_nextname(msg, DNS_SECTION_ANSWER);
2514 } while (result == ISC_R_SUCCESS);
2515 launch_next_query(query, ISC_FALSE);
2518 received(sevent->n, &sevent->address, query);
2523 * Event handler for recv complete. Perform whatever actions are necessary,
2524 * based on the specifics of the user's request.
2527 recv_done(isc_task_t *task, isc_event_t *event) {
2528 isc_socketevent_t *sevent = NULL;
2529 dig_query_t *query = NULL;
2530 isc_buffer_t *b = NULL;
2531 dns_message_t *msg = NULL;
2533 dig_message_t *chase_msg = NULL;
2534 dig_message_t *chase_msg2 = NULL;
2536 isc_result_t result;
2537 dig_lookup_t *n, *l;
2538 isc_boolean_t docancel = ISC_FALSE;
2539 isc_boolean_t match = ISC_TRUE;
2540 unsigned int parseflags;
2542 unsigned int msgflags;
2544 isc_result_t do_sigchase = ISC_FALSE;
2546 dns_message_t *msg_temp = NULL;
2548 isc_buffer_t *buf = NULL;
2554 debug("recv_done()");
2558 debug("recvcount=%d", recvcount);
2559 INSIST(recvcount >= 0);
2561 query = event->ev_arg;
2562 debug("lookup=%p, query=%p", query->lookup, query);
2566 REQUIRE(event->ev_type == ISC_SOCKEVENT_RECVDONE);
2567 sevent = (isc_socketevent_t *)event;
2569 if ((l->tcp_mode) && (l->timer != NULL))
2570 isc_timer_touch(l->timer);
2571 if ((!l->pending && !l->ns_search_only) || cancel_now) {
2572 debug("no longer pending. Got %s",
2573 isc_result_totext(sevent->result));
2574 query->waiting_connect = ISC_FALSE;
2576 isc_event_free(&event);
2578 check_next_lookup(l);
2583 if (sevent->result != ISC_R_SUCCESS) {
2584 if (sevent->result == ISC_R_CANCELED) {
2585 debug("in recv cancel handler");
2586 query->waiting_connect = ISC_FALSE;
2588 printf(";; communications error: %s\n",
2589 isc_result_totext(sevent->result));
2590 isc_socket_detach(&query->sock);
2592 debug("sockcount=%d", sockcount);
2593 INSIST(sockcount >= 0);
2595 isc_event_free(&event);
2597 check_next_lookup(l);
2602 b = ISC_LIST_HEAD(sevent->bufferlist);
2603 ISC_LIST_DEQUEUE(sevent->bufferlist, &query->recvbuf, link);
2606 !isc_sockaddr_equal(&sevent->address, &query->sockaddr)) {
2607 char buf1[ISC_SOCKADDR_FORMATSIZE];
2608 char buf2[ISC_SOCKADDR_FORMATSIZE];
2611 if (isc_sockaddr_pf(&query->sockaddr) == AF_INET)
2612 isc_sockaddr_any(&any);
2614 isc_sockaddr_any6(&any);
2616 #ifdef ISC_PLATFORM_HAVESCOPEID
2618 * Accept answers from any scope if we havn't specified the
2619 * scope as long as the address and port match.
2621 if (isc_sockaddr_pf(&query->sockaddr) == AF_INET6 &&
2622 query->sockaddr.type.sin6.sin6_scope_id == 0 &&
2623 memcmp(&sevent->address.type.sin6.sin6_addr,
2624 &query->sockaddr.type.sin6.sin6_addr,
2625 sizeof(query->sockaddr.type.sin6.sin6_addr)) == 0 &&
2626 isc_sockaddr_getport(&sevent->address) ==
2627 isc_sockaddr_getport(&query->sockaddr))
2632 * We don't expect a match above when the packet is
2633 * sent to 0.0.0.0, :: or to a multicast addresses.
2634 * XXXMPA broadcast needs to be handled here as well.
2636 if ((!isc_sockaddr_eqaddr(&query->sockaddr, &any) &&
2637 !isc_sockaddr_ismulticast(&query->sockaddr)) ||
2638 isc_sockaddr_getport(&query->sockaddr) !=
2639 isc_sockaddr_getport(&sevent->address)) {
2640 isc_sockaddr_format(&sevent->address, buf1,
2642 isc_sockaddr_format(&query->sockaddr, buf2,
2644 printf(";; reply from unexpected source: %s,"
2645 " expected %s\n", buf1, buf2);
2650 result = dns_message_peekheader(b, &id, &msgflags);
2651 if (result != ISC_R_SUCCESS || l->sendmsg->id != id) {
2654 isc_boolean_t fail = ISC_TRUE;
2655 if (result == ISC_R_SUCCESS) {
2656 if (!query->first_soa_rcvd ||
2658 printf(";; %s: ID mismatch: "
2659 "expected ID %u, got %u\n",
2660 query->first_soa_rcvd ?
2661 "WARNING" : "ERROR",
2662 l->sendmsg->id, id);
2663 if (query->first_soa_rcvd)
2665 query->warn_id = ISC_FALSE;
2667 printf(";; ERROR: short "
2668 "(< header size) message\n");
2670 isc_event_free(&event);
2672 check_next_lookup(l);
2677 } else if (result == ISC_R_SUCCESS)
2678 printf(";; Warning: ID mismatch: "
2679 "expected ID %u, got %u\n", l->sendmsg->id, id);
2681 printf(";; Warning: short "
2682 "(< header size) message received\n");
2686 isc_buffer_invalidate(&query->recvbuf);
2687 isc_buffer_init(&query->recvbuf, query->recvspace, COMMSIZE);
2688 ISC_LIST_ENQUEUE(query->recvlist, &query->recvbuf, link);
2689 result = isc_socket_recvv(query->sock, &query->recvlist, 1,
2690 global_task, recv_done, query);
2691 check_result(result, "isc_socket_recvv");
2693 isc_event_free(&event);
2698 result = dns_message_create(mctx, DNS_MESSAGE_INTENTPARSE, &msg);
2699 check_result(result, "dns_message_create");
2702 if (l->querysig == NULL) {
2703 debug("getting initial querysig");
2704 result = dns_message_getquerytsig(l->sendmsg, mctx,
2706 check_result(result, "dns_message_getquerytsig");
2708 result = dns_message_setquerytsig(msg, l->querysig);
2709 check_result(result, "dns_message_setquerytsig");
2710 result = dns_message_settsigkey(msg, key);
2711 check_result(result, "dns_message_settsigkey");
2712 msg->tsigctx = l->tsigctx;
2714 if (l->msgcounter != 0)
2715 msg->tcp_continuation = 1;
2719 debug("before parse starts");
2720 parseflags = DNS_MESSAGEPARSE_PRESERVEORDER;
2723 do_sigchase = ISC_FALSE;
2726 do_sigchase = ISC_TRUE;
2729 if (l->besteffort) {
2730 parseflags |= DNS_MESSAGEPARSE_BESTEFFORT;
2731 parseflags |= DNS_MESSAGEPARSE_IGNORETRUNCATION;
2733 result = dns_message_parse(msg, b, parseflags);
2734 if (result == DNS_R_RECOVERABLE) {
2735 printf(";; Warning: Message parser reports malformed "
2736 "message packet.\n");
2737 result = ISC_R_SUCCESS;
2739 if (result != ISC_R_SUCCESS) {
2740 printf(";; Got bad packet: %s\n", isc_result_totext(result));
2742 query->waiting_connect = ISC_FALSE;
2743 dns_message_destroy(&msg);
2744 isc_event_free(&event);
2747 check_next_lookup(l);
2751 if ((msg->flags & DNS_MESSAGEFLAG_TC) != 0
2752 && !l->ignore && !l->tcp_mode) {
2753 printf(";; Truncated, retrying in TCP mode.\n");
2754 n = requeue_lookup(l, ISC_TRUE);
2755 n->tcp_mode = ISC_TRUE;
2756 n->origin = query->lookup->origin;
2757 dns_message_destroy(&msg);
2758 isc_event_free(&event);
2761 check_next_lookup(l);
2765 if (msg->rcode == dns_rcode_servfail && !l->servfail_stops) {
2766 dig_query_t *next = ISC_LIST_NEXT(query, link);
2767 if (l->current_query == query)
2768 l->current_query = NULL;
2770 debug("sending query %p\n", next);
2772 send_tcp_connect(next);
2777 * If our query is at the head of the list and there
2778 * is no next, we're the only one left, so fall
2779 * through to print the message.
2781 if ((ISC_LIST_HEAD(l->q) != query) ||
2782 (ISC_LIST_NEXT(query, link) != NULL)) {
2783 printf(";; Got SERVFAIL reply from %s, "
2784 "trying next server\n",
2787 check_next_lookup(l);
2788 dns_message_destroy(&msg);
2789 isc_event_free(&event);
2796 result = dns_tsig_verify(&query->recvbuf, msg, NULL, NULL);
2797 if (result != ISC_R_SUCCESS) {
2798 printf(";; Couldn't verify signature: %s\n",
2799 isc_result_totext(result));
2800 validated = ISC_FALSE;
2802 l->tsigctx = msg->tsigctx;
2803 msg->tsigctx = NULL;
2804 if (l->querysig != NULL) {
2805 debug("freeing querysig buffer %p", l->querysig);
2806 isc_buffer_free(&l->querysig);
2808 result = dns_message_getquerytsig(msg, mctx, &l->querysig);
2809 check_result(result,"dns_message_getquerytsig");
2812 debug("after parse");
2813 if (l->doing_xfr && l->xfr_q == NULL) {
2816 * Once we are in the XFR message, increase
2817 * the timeout to much longer, so brief network
2818 * outages won't cause the XFR to abort
2820 if (timeout != INT_MAX && l->timer != NULL) {
2821 unsigned int local_timeout;
2825 local_timeout = TCP_TIMEOUT * 4;
2827 local_timeout = UDP_TIMEOUT * 4;
2829 if (timeout < (INT_MAX / 4))
2830 local_timeout = timeout * 4;
2832 local_timeout = INT_MAX;
2834 debug("have local timeout of %d", local_timeout);
2835 isc_interval_set(&l->interval, local_timeout, 0);
2836 result = isc_timer_reset(l->timer,
2841 check_result(result, "isc_timer_reset");
2845 if (!l->doing_xfr || l->xfr_q == query) {
2849 if (msg->rcode != dns_rcode_noerror && l->origin != NULL) {
2850 if (!next_origin(msg, query)) {
2851 printmessage(query, msg, ISC_TRUE);
2852 received(b->used, &sevent->address, query);
2854 } else if (!l->trace && !l->ns_search_only) {
2858 printmessage(query, msg, ISC_TRUE);
2859 } else if (l->trace) {
2862 count = msg->counts[DNS_SECTION_ANSWER];
2864 int count = msg->counts[DNS_SECTION_ANSWER];
2867 debug("in TRACE code");
2868 if (!l->ns_search_only)
2869 printmessage(query, msg, ISC_TRUE);
2871 l->rdtype = l->qrdtype;
2872 if (l->trace_root || (l->ns_search_only && count > 0)) {
2874 l->rdtype = dns_rdatatype_soa;
2875 n = followup_lookup(msg, query,
2876 DNS_SECTION_ANSWER);
2877 l->trace_root = ISC_FALSE;
2878 } else if (count == 0)
2879 n = followup_lookup(msg, query,
2880 DNS_SECTION_AUTHORITY);
2882 docancel = ISC_TRUE;
2884 debug("in NSSEARCH code");
2886 if (l->trace_root) {
2888 * This is the initial NS query.
2892 l->rdtype = dns_rdatatype_soa;
2893 n = followup_lookup(msg, query,
2894 DNS_SECTION_ANSWER);
2896 docancel = ISC_TRUE;
2897 l->trace_root = ISC_FALSE;
2902 printmessage(query, msg, ISC_TRUE);
2906 chase_msg = isc_mem_allocate(mctx,
2907 sizeof(dig_message_t));
2908 if (chase_msg == NULL) {
2909 fatal("Memory allocation failure in %s:%d",
2910 __FILE__, __LINE__);
2912 ISC_LIST_INITANDAPPEND(chase_message_list, chase_msg,
2914 if (dns_message_create(mctx, DNS_MESSAGE_INTENTPARSE,
2915 &msg_temp) != ISC_R_SUCCESS) {
2916 fatal("dns_message_create in %s:%d",
2917 __FILE__, __LINE__);
2920 isc_buffer_usedregion(b, &r);
2921 result = isc_buffer_allocate(mctx, &buf, r.length);
2923 check_result(result, "isc_buffer_allocate");
2924 result = isc_buffer_copyregion(buf, &r);
2925 check_result(result, "isc_buffer_copyregion");
2927 result = dns_message_parse(msg_temp, buf, 0);
2929 isc_buffer_free(&buf);
2930 chase_msg->msg = msg_temp;
2932 chase_msg2 = isc_mem_allocate(mctx,
2933 sizeof(dig_message_t));
2934 if (chase_msg2 == NULL) {
2935 fatal("Memory allocation failure in %s:%d",
2936 __FILE__, __LINE__);
2938 ISC_LIST_INITANDAPPEND(chase_message_list2, chase_msg2,
2940 chase_msg2->msg = msg;
2947 if (l->sigchase && ISC_LIST_EMPTY(lookup_list) ) {
2953 debug("still pending.");
2955 if (query != l->xfr_q) {
2956 dns_message_destroy(&msg);
2957 isc_event_free(&event);
2958 query->waiting_connect = ISC_FALSE;
2963 docancel = check_for_more_data(query, msg, sevent);
2965 dns_message_destroy(&msg);
2968 check_next_lookup(l);
2972 if (msg->rcode == dns_rcode_noerror || l->origin == NULL) {
2977 received(b->used, &sevent->address, query);
2980 if (!query->lookup->ns_search_only)
2981 query->lookup->pending = ISC_FALSE;
2982 if (!query->lookup->ns_search_only ||
2983 query->lookup->trace_root || docancel) {
2987 dns_message_destroy(&msg);
2992 check_next_lookup(l);
3000 dns_message_destroy(&msg);
3002 isc_event_free(&event);
3007 * Turn a name into an address, using system-supplied routines. This is
3008 * used in looking up server names, etc... and needs to use system-supplied
3009 * routines, since they may be using a non-DNS system for these lookups.
3012 get_address(char *host, in_port_t port, isc_sockaddr_t *sockaddr) {
3014 isc_result_t result;
3017 result = bind9_getaddresses(host, port, sockaddr, 1, &count);
3019 if (result != ISC_R_SUCCESS)
3020 fatal("couldn't get address for '%s': %s",
3021 host, isc_result_totext(result));
3026 * Initiate either a TCP or UDP lookup
3029 do_lookup(dig_lookup_t *lookup) {
3031 REQUIRE(lookup != NULL);
3033 debug("do_lookup()");
3034 lookup->pending = ISC_TRUE;
3035 if (lookup->tcp_mode)
3036 send_tcp_connect(ISC_LIST_HEAD(lookup->q));
3038 send_udp(ISC_LIST_HEAD(lookup->q));
3042 * Start everything in action upon task startup.
3045 onrun_callback(isc_task_t *task, isc_event_t *event) {
3048 isc_event_free(&event);
3055 * Make everything on the lookup queue go away. Mainly used by the
3060 dig_lookup_t *l, *n;
3061 dig_query_t *q, *nq;
3063 debug("cancel_all()");
3070 cancel_now = ISC_TRUE;
3071 if (current_lookup != NULL) {
3072 if (current_lookup->timer != NULL)
3073 isc_timer_detach(¤t_lookup->timer);
3074 q = ISC_LIST_HEAD(current_lookup->q);
3076 debug("cancelling query %p, belonging to %p",
3078 nq = ISC_LIST_NEXT(q, link);
3079 if (q->sock != NULL) {
3080 isc_socket_cancel(q->sock, NULL,
3081 ISC_SOCKCANCEL_ALL);
3088 l = ISC_LIST_HEAD(lookup_list);
3090 n = ISC_LIST_NEXT(l, link);
3091 ISC_LIST_DEQUEUE(lookup_list, l, link);
3092 try_clear_lookup(l);
3099 * Destroy all of the libs we are using, and get everything ready for a
3103 destroy_libs(void) {
3106 dig_message_t *chase_msg;
3109 debug("destroy_libs()");
3110 if (global_task != NULL) {
3111 debug("freeing task");
3112 isc_task_detach(&global_task);
3115 * The taskmgr_destroy() call blocks until all events are cleared
3118 if (taskmgr != NULL) {
3119 debug("freeing taskmgr");
3120 isc_taskmgr_destroy(&taskmgr);
3123 REQUIRE(sockcount == 0);
3124 REQUIRE(recvcount == 0);
3125 REQUIRE(sendcount == 0);
3127 INSIST(ISC_LIST_HEAD(lookup_list) == NULL);
3128 INSIST(current_lookup == NULL);
3131 free_now = ISC_TRUE;
3133 lwres_conf_clear(lwctx);
3134 lwres_context_destroy(&lwctx);
3136 flush_server_list();
3139 if (commctx != NULL) {
3140 debug("freeing commctx");
3141 isc_mempool_destroy(&commctx);
3143 if (socketmgr != NULL) {
3144 debug("freeing socketmgr");
3145 isc_socketmgr_destroy(&socketmgr);
3147 if (timermgr != NULL) {
3148 debug("freeing timermgr");
3149 isc_timermgr_destroy(&timermgr);
3152 debug("freeing key %p", key);
3153 dns_tsigkey_detach(&key);
3155 if (namebuf != NULL)
3156 isc_buffer_free(&namebuf);
3159 debug("destroy DST lib");
3161 is_dst_up = ISC_FALSE;
3164 debug("detach from entropy");
3165 isc_entropy_detach(&entp);
3169 DESTROYLOCK(&lookup_lock);
3172 debug("Destroy the messages kept for sigchase");
3173 /* Destroy the messages kept for sigchase */
3174 chase_msg = ISC_LIST_HEAD(chase_message_list);
3176 while (chase_msg != NULL) {
3177 INSIST(chase_msg->msg != NULL);
3178 dns_message_destroy(&(chase_msg->msg));
3180 chase_msg = ISC_LIST_NEXT(chase_msg, link);
3181 isc_mem_free(mctx, ptr);
3184 chase_msg = ISC_LIST_HEAD(chase_message_list2);
3186 while (chase_msg != NULL) {
3187 INSIST(chase_msg->msg != NULL);
3188 dns_message_destroy(&(chase_msg->msg));
3190 chase_msg = ISC_LIST_NEXT(chase_msg, link);
3191 isc_mem_free(mctx, ptr);
3193 if (dns_name_dynamic(&chase_name))
3194 dns_name_free(&chase_name, mctx);
3196 if (dns_name_dynamic(&chase_current_name))
3197 dns_name_free(&chase_current_name, mctx);
3198 if (dns_name_dynamic(&chase_authority_name))
3199 dns_name_free(&chase_authority_name, mctx);
3202 if (dns_name_dynamic(&chase_signame))
3203 dns_name_free(&chase_signame, mctx);
3206 debug("Destroy memory");
3209 if (memdebugging != 0)
3210 isc_mem_stats(mctx, stderr);
3212 isc_mem_destroy(&mctx);
3220 print_type(dns_rdatatype_t type)
3222 isc_buffer_t * b = NULL;
3223 isc_result_t result;
3226 result = isc_buffer_allocate(mctx, &b, 4000);
3227 check_result(result, "isc_buffer_allocate");
3229 result = dns_rdatatype_totext(type, b);
3230 check_result(result, "print_type");
3232 isc_buffer_usedregion(b, &r);
3233 r.base[r.length] = '\0';
3235 printf("%s", r.base);
3237 isc_buffer_free(&b);
3242 dump_database_section( dns_message_t *msg, int section)
3244 dns_name_t *msg_name=NULL;
3246 dns_rdataset_t *rdataset;
3249 dns_message_currentname(msg, section, &msg_name);
3251 for (rdataset = ISC_LIST_HEAD(msg_name->list); rdataset != NULL;
3252 rdataset = ISC_LIST_NEXT(rdataset, link)) {
3253 dns_name_print(msg_name, stdout);
3255 print_rdataset(msg_name, rdataset, mctx);
3259 } while ( dns_message_nextname(msg, section) == ISC_R_SUCCESS);
3263 void dump_database(void)
3265 dig_message_t * msg;
3267 for (msg = ISC_LIST_HEAD(chase_message_list); msg != NULL;
3268 msg = ISC_LIST_NEXT(msg, link)) {
3269 if (dns_message_firstname(msg->msg, DNS_SECTION_ANSWER)
3271 dump_database_section(msg->msg, DNS_SECTION_ANSWER);
3273 if (dns_message_firstname(msg->msg, DNS_SECTION_AUTHORITY)
3275 dump_database_section(msg->msg, DNS_SECTION_AUTHORITY);
3277 if (dns_message_firstname(msg->msg, DNS_SECTION_ADDITIONAL)
3279 dump_database_section(msg->msg, DNS_SECTION_ADDITIONAL);
3284 dns_rdataset_t * search_type(dns_name_t *name,
3285 dns_rdatatype_t type,
3286 dns_rdatatype_t covers)
3288 dns_rdataset_t *rdataset;
3289 dns_rdata_sig_t siginfo;
3290 dns_rdata_t sigrdata;
3291 isc_result_t result;
3293 for (rdataset = ISC_LIST_HEAD(name->list); rdataset != NULL;
3294 rdataset = ISC_LIST_NEXT(rdataset, link)) {
3295 if (type == dns_rdatatype_any) {
3296 if (rdataset->type != dns_rdatatype_rrsig)
3299 else if ((type == dns_rdatatype_rrsig) &&
3300 (rdataset->type == dns_rdatatype_rrsig)) {
3301 dns_rdata_init(&sigrdata);
3302 result = dns_rdataset_first(rdataset);
3303 check_result(result, "empty rdataset");
3304 dns_rdataset_current(rdataset, &sigrdata);
3305 result = dns_rdata_tostruct(&sigrdata, &siginfo, NULL);
3306 check_result(result, "sigrdata tostruct siginfo");
3308 if ((siginfo.covered == covers) ||
3309 (covers == dns_rdatatype_any)) {
3310 dns_rdata_reset(&sigrdata);
3311 dns_rdata_freestruct(&siginfo);
3314 dns_rdata_reset(&sigrdata);
3315 dns_rdata_freestruct(&siginfo);
3317 else if (rdataset->type == type)
3324 chase_scanname_section(dns_message_t *msg,
3326 dns_rdatatype_t type,
3327 dns_rdatatype_t covers,
3330 dns_rdataset_t *rdataset;
3331 dns_name_t *msg_name = NULL;
3334 dns_message_currentname(msg, section, &msg_name);
3335 if (dns_name_compare(msg_name, name) == 0) {
3336 rdataset = search_type(msg_name, type, covers);
3337 if ( rdataset != NULL)
3341 } while ( dns_message_nextname(msg, section) == ISC_R_SUCCESS);
3348 chase_scanname(dns_name_t *name, dns_rdatatype_t type, dns_rdatatype_t covers)
3350 dns_rdataset_t *rdataset = NULL;
3351 dig_message_t * msg;
3353 for (msg = ISC_LIST_HEAD(chase_message_list2); msg != NULL;
3354 msg = ISC_LIST_NEXT(msg, link)) {
3355 if (dns_message_firstname(msg->msg, DNS_SECTION_ANSWER)
3357 rdataset = chase_scanname_section(msg->msg, name,
3359 DNS_SECTION_ANSWER);
3360 if (rdataset != NULL)
3362 if (dns_message_firstname(msg->msg, DNS_SECTION_AUTHORITY)
3365 chase_scanname_section(msg->msg, name,
3367 DNS_SECTION_AUTHORITY);
3368 if (rdataset != NULL)
3370 if (dns_message_firstname(msg->msg, DNS_SECTION_ADDITIONAL)
3373 chase_scanname_section(msg->msg, name, type,
3375 DNS_SECTION_ADDITIONAL);
3376 if (rdataset != NULL)
3384 sigchase_scanname(dns_rdatatype_t type, dns_rdatatype_t covers,
3385 isc_boolean_t * lookedup,
3386 dns_name_t *rdata_name )
3388 dig_lookup_t *lookup;
3389 isc_buffer_t *b = NULL;
3391 isc_result_t result;
3392 dns_rdataset_t * temp;
3393 dns_rdatatype_t querytype;
3395 if ((temp=chase_scanname(rdata_name, type, covers))!=NULL) {
3399 if (*lookedup == ISC_TRUE) {
3403 lookup = clone_lookup(current_lookup, ISC_TRUE);
3404 lookup->trace_root = ISC_FALSE;
3405 lookup->new_search = ISC_TRUE;
3407 result = isc_buffer_allocate(mctx, &b, BUFSIZE);
3408 check_result(result, "isc_buffer_allocate");
3409 result = dns_name_totext(rdata_name, ISC_FALSE, b);
3410 check_result(result, "dns_name_totext");
3411 isc_buffer_usedregion(b, &r);
3412 r.base[r.length] = '\0';
3413 strcpy(lookup->textname, (char*)r.base);
3414 isc_buffer_free(&b);
3416 if (type == dns_rdatatype_rrsig)
3420 if (querytype == 0 || querytype == 255) {
3421 printf("Error in the queried type: %d\n", querytype);
3425 lookup->rdtype = querytype;
3426 lookup->rdtypeset = ISC_TRUE;
3427 lookup->qrdtype = querytype;
3428 *lookedup = ISC_TRUE;
3430 ISC_LIST_APPEND(lookup_list, lookup, link);
3431 printf("\n\nLaunch a query to find a RRset of type ");
3433 printf(" for zone: %s\n", lookup->textname);
3438 insert_trustedkey(dst_key_t * key)
3442 if (tk_list.nb_tk >= MAX_TRUSTED_KEY)
3445 tk_list.key[tk_list.nb_tk++] = key;
3454 for (i= 0; i < MAX_TRUSTED_KEY; i++) {
3455 if (tk_list.key[i] != NULL) {
3456 dst_key_free(&tk_list.key[i]);
3457 tk_list.key[i] = NULL;
3467 "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
3470 removetmpkey(isc_mem_t *mctx, const char *file)
3472 char *tempnamekey = NULL;
3474 isc_result_t result;
3476 tempnamekeylen = strlen(file)+10;
3478 tempnamekey = isc_mem_allocate(mctx, tempnamekeylen);
3479 if (tempnamekey == NULL)
3480 return (ISC_R_NOMEMORY);
3482 memset(tempnamekey, 0, tempnamekeylen);
3484 strcat(tempnamekey, file);
3485 strcat(tempnamekey,".key");
3486 isc_file_remove(tempnamekey);
3488 result = isc_file_remove(tempnamekey);
3489 isc_mem_free(mctx, tempnamekey);
3494 opentmpkey(isc_mem_t *mctx, const char *file, char **tempp, FILE **fp) {
3496 isc_result_t result;
3497 char *tempname = NULL;
3498 char *tempnamekey = NULL;
3506 tempnamelen = strlen(file) + 20;
3507 tempname = isc_mem_allocate(mctx, tempnamelen);
3508 if (tempname == NULL)
3509 return (ISC_R_NOMEMORY);
3510 memset(tempname, 0, tempnamelen);
3512 result = isc_file_mktemplate(file, tempname, tempnamelen);
3513 if (result != ISC_R_SUCCESS)
3519 if (cp == tempname) {
3520 isc_mem_free(mctx, tempname);
3521 return (ISC_R_FAILURE);
3525 while (cp >= tempname && *cp == 'X') {
3526 isc_random_get(&which);
3527 *cp = alphnum[which % (sizeof(alphnum) - 1)];
3531 tempnamekeylen = tempnamelen+5;
3532 tempnamekey = isc_mem_allocate(mctx, tempnamekeylen);
3533 if (tempnamekey == NULL)
3534 return (ISC_R_NOMEMORY);
3536 memset(tempnamekey, 0, tempnamekeylen);
3537 strncpy(tempnamekey, tempname, tempnamelen);
3538 strcat(tempnamekey ,".key");
3541 if (isc_file_exists(tempnamekey)) {
3542 isc_mem_free(mctx, tempnamekey);
3543 isc_mem_free(mctx, tempname);
3547 if ((f = fopen(tempnamekey, "w")) == NULL) {
3548 printf("get_trusted_key(): trusted key not found %s\n",
3550 return ISC_R_FAILURE;
3554 isc_mem_free(mctx, tempnamekey);
3557 return (ISC_R_SUCCESS);
3560 isc_mem_free(mctx, tempname);
3567 get_trusted_key(isc_mem_t *mctx)
3569 isc_result_t result;
3570 const char * filename = NULL;
3571 char * filetemp =NULL;
3574 dst_key_t * key = NULL;
3576 result = isc_file_exists(trustedkey);
3577 if (result != ISC_TRUE) {
3578 result = isc_file_exists("/etc/trusted-key.key");
3579 if (result != ISC_TRUE) {
3580 result = isc_file_exists("./trusted-key.key");
3581 if (result != ISC_TRUE)
3582 return ISC_R_FAILURE;
3584 filename = "./trusted-key.key";
3587 filename = "/etc/trusted-key.key";
3590 filename = trustedkey;
3592 if (filename == NULL) {
3593 printf("No trusted key\n");
3594 return ISC_R_FAILURE;
3597 if ((fp = fopen(filename, "r")) == NULL) {
3598 printf("get_trusted_key(): trusted key not found %s\n",
3600 return ISC_R_FAILURE;
3602 while (fgets(buf, 1500, fp) != NULL) {
3603 result = opentmpkey(mctx,"tmp_file", &filetemp, &fptemp);
3604 if (result != ISC_R_SUCCESS) {
3606 return ISC_R_FAILURE;
3608 if (fputs(buf, fptemp)<0) {
3611 return ISC_R_FAILURE;
3614 result = dst_key_fromnamedfile(filetemp, DST_TYPE_PUBLIC,
3616 removetmpkey(mctx, filetemp);
3617 isc_mem_free(mctx, filetemp);
3618 if (result != ISC_R_SUCCESS ) {
3620 return ISC_R_FAILURE;
3622 insert_trustedkey(key);
3624 dst_key_tofile(key, DST_TYPE_PUBLIC,"/tmp");
3628 return ISC_R_SUCCESS;
3633 nameFromString(const char *str, dns_name_t *p_ret) {
3634 size_t len = strlen(str);
3635 isc_result_t result;
3636 isc_buffer_t buffer;
3637 dns_fixedname_t fixedname;
3639 REQUIRE(p_ret != NULL);
3640 REQUIRE(str != NULL);
3642 isc_buffer_init(&buffer, str, len);
3643 isc_buffer_add(&buffer, len);
3645 dns_fixedname_init(&fixedname);
3646 result = dns_name_fromtext(dns_fixedname_name(&fixedname), &buffer,
3647 dns_rootname, ISC_TRUE, NULL);
3648 check_result(result, "nameFromString");
3650 if (dns_name_dynamic(p_ret))
3651 dns_name_free(p_ret, mctx);
3653 result = dns_name_dup(dns_fixedname_name(&fixedname), mctx, p_ret);
3654 check_result(result, "nameFromString");
3660 prepare_lookup(dns_name_t *name)
3662 isc_result_t result;
3663 dig_lookup_t * lookup = NULL;
3667 lookup = clone_lookup(current_lookup, ISC_TRUE);
3668 lookup->trace_root = ISC_FALSE;
3669 lookup->new_search = ISC_TRUE;
3670 lookup->trace_root_sigchase = ISC_FALSE;
3672 strncpy(lookup->textname, lookup->textnamesigchase, MXNAME);
3674 lookup->rdtype = lookup->rdtype_sigchase;
3675 lookup->rdtypeset = ISC_TRUE;
3676 lookup->qrdtype = lookup->qrdtype_sigchase;
3678 s = ISC_LIST_HEAD(lookup->my_server_list);
3680 debug("freeing server %p belonging to %p",
3683 s = ISC_LIST_NEXT(s, link);
3684 ISC_LIST_DEQUEUE(lookup->my_server_list,
3685 (dig_server_t *)ptr, link);
3686 isc_mem_free(mctx, ptr);
3690 for (result = dns_rdataset_first(chase_nsrdataset);
3691 result == ISC_R_SUCCESS;
3692 result = dns_rdataset_next(chase_nsrdataset)) {
3693 char namestr[DNS_NAME_FORMATSIZE];
3695 dns_rdata_t rdata = DNS_RDATA_INIT;
3696 dig_server_t * srv = NULL;
3697 #define __FOLLOW_GLUE__
3698 #ifdef __FOLLOW_GLUE__
3699 isc_buffer_t * b = NULL;
3700 isc_result_t result;
3702 dns_rdataset_t * rdataset =NULL;
3703 isc_boolean_t true = ISC_TRUE;
3706 memset(namestr, 0, DNS_NAME_FORMATSIZE);
3708 dns_rdataset_current(chase_nsrdataset, &rdata);
3710 (void)dns_rdata_tostruct(&rdata, &ns, NULL);
3714 #ifdef __FOLLOW_GLUE__
3716 result = advanced_rrsearch(&rdataset, &ns.name,
3718 dns_rdatatype_any, &true);
3719 if (result == ISC_R_SUCCESS) {
3720 for (result = dns_rdataset_first(rdataset);
3721 result == ISC_R_SUCCESS;
3722 result = dns_rdataset_next(rdataset)) {
3723 dns_rdata_t aaaa = DNS_RDATA_INIT;
3724 dns_rdataset_current(rdataset, &aaaa);
3726 result = isc_buffer_allocate(mctx, &b, 80);
3727 check_result(result, "isc_buffer_allocate");
3729 dns_rdata_totext(&aaaa, &ns.name, b);
3730 isc_buffer_usedregion(b, &r);
3731 r.base[r.length] = '\0';
3732 strncpy(namestr, (char*)r.base,
3733 DNS_NAME_FORMATSIZE);
3734 isc_buffer_free(&b);
3735 dns_rdata_reset(&aaaa);
3738 srv = make_server(namestr, namestr);
3740 ISC_LIST_APPEND(lookup->my_server_list,
3746 result = advanced_rrsearch(&rdataset, &ns.name, dns_rdatatype_a,
3747 dns_rdatatype_any, &true);
3748 if (result == ISC_R_SUCCESS) {
3749 for (result = dns_rdataset_first(rdataset);
3750 result == ISC_R_SUCCESS;
3751 result = dns_rdataset_next(rdataset)) {
3752 dns_rdata_t a = DNS_RDATA_INIT;
3753 dns_rdataset_current(rdataset, &a);
3755 result = isc_buffer_allocate(mctx, &b, 80);
3756 check_result(result, "isc_buffer_allocate");
3758 dns_rdata_totext(&a, &ns.name, b);
3759 isc_buffer_usedregion(b, &r);
3760 r.base[r.length] = '\0';
3761 strncpy(namestr, (char*)r.base,
3762 DNS_NAME_FORMATSIZE);
3763 isc_buffer_free(&b);
3764 dns_rdata_reset(&a);
3765 printf("ns name: %s\n", namestr);
3768 srv = make_server(namestr, namestr);
3770 ISC_LIST_APPEND(lookup->my_server_list,
3776 dns_name_format(&ns.name, namestr, sizeof(namestr));
3777 printf("ns name: ");
3778 dns_name_print(&ns.name, stdout);
3780 srv = make_server(namestr, namestr);
3782 ISC_LIST_APPEND(lookup->my_server_list, srv, link);
3785 dns_rdata_freestruct(&ns);
3786 dns_rdata_reset(&rdata);
3790 ISC_LIST_APPEND(lookup_list, lookup, link);
3791 printf("\nLaunch a query to find a RRset of type ");
3792 print_type(lookup->rdtype);
3793 printf(" for zone: %s", lookup->textname);
3794 printf(" with nameservers:");
3796 print_rdataset(name, chase_nsrdataset, mctx);
3797 return ISC_R_SUCCESS;
3802 child_of_zone(dns_name_t * name, dns_name_t * zone_name,
3803 dns_name_t * child_name)
3805 dns_namereln_t name_reln;
3807 unsigned int nlabelsp;
3809 name_reln = dns_name_fullcompare(name, zone_name, &orderp, &nlabelsp);
3810 if ( (name_reln != dns_namereln_subdomain) ||
3811 (dns_name_countlabels(name) <=
3812 dns_name_countlabels(zone_name) +1)) {
3813 printf("\n;; ERROR : ");
3814 dns_name_print(name, stdout);
3815 printf(" is not a subdomain of: ");
3816 dns_name_print(zone_name, stdout);
3817 printf(" FAILED\n\n");
3818 return ISC_R_FAILURE;
3821 dns_name_getlabelsequence(name,
3822 dns_name_countlabels(name) -
3823 dns_name_countlabels(zone_name) -1,
3824 dns_name_countlabels(zone_name) +1,
3826 return ISC_R_SUCCESS;
3830 grandfather_pb_test(dns_name_t * zone_name, dns_rdataset_t * sigrdataset)
3832 isc_result_t result;
3833 dns_rdata_t sigrdata;
3834 dns_rdata_sig_t siginfo;
3836 result = dns_rdataset_first(sigrdataset);
3837 check_result(result, "empty RRSIG dataset");
3838 dns_rdata_init(&sigrdata);
3841 dns_rdataset_current(sigrdataset, &sigrdata);
3843 result = dns_rdata_tostruct(&sigrdata, &siginfo, NULL);
3844 check_result(result, "sigrdata tostruct siginfo");
3846 if (dns_name_compare(&siginfo.signer, zone_name) == 0) {
3847 dns_rdata_freestruct(&siginfo);
3848 dns_rdata_reset(&sigrdata);
3849 return ISC_R_SUCCESS;
3852 dns_rdata_freestruct(&siginfo);
3854 } while (dns_rdataset_next(chase_sigkeyrdataset) == ISC_R_SUCCESS);
3856 dns_rdata_reset(&sigrdata);
3858 return ISC_R_FAILURE;
3863 initialization(dns_name_t * name)
3865 isc_result_t result;
3866 isc_boolean_t true = ISC_TRUE;
3868 chase_nsrdataset = NULL;
3869 result = advanced_rrsearch(&chase_nsrdataset, name, dns_rdatatype_ns,
3870 dns_rdatatype_any, &true);
3871 if (result != ISC_R_SUCCESS) {
3872 printf("\n;; NS RRset is missing to continue validation:"
3874 return ISC_R_FAILURE;
3876 INSIST(chase_nsrdataset != NULL);
3877 prepare_lookup(name);
3879 dup_name(name, &chase_current_name, mctx);
3881 return ISC_R_SUCCESS;
3886 print_rdataset(dns_name_t * name, dns_rdataset_t *rdataset, isc_mem_t *mctx)
3888 isc_buffer_t * b = NULL;
3889 isc_result_t result;
3892 result = isc_buffer_allocate(mctx, &b, 9000);
3893 check_result(result, "isc_buffer_allocate");
3895 printrdataset(name, rdataset, b);
3897 isc_buffer_usedregion(b, &r);
3898 r.base[r.length] = '\0';
3901 printf("%s\n", r.base);
3903 isc_buffer_free(&b);
3908 dup_name(dns_name_t *source, dns_name_t *target, isc_mem_t *mctx) {
3909 isc_result_t result;
3911 if (dns_name_dynamic(target))
3912 dns_name_free(target, mctx);
3913 result = dns_name_dup(source, mctx, target);
3914 check_result(result, "dns_name_dup");
3919 * take a DNSKEY RRset and the RRSIG RRset corresponding in parameter
3920 * return ISC_R_SUCCESS if the DNSKEY RRset contains a trusted_key
3921 * and the RRset is valid
3922 * return ISC_R_NOTFOUND if not contains trusted key
3923 or if the RRset isn't valid
3924 * return ISC_R_FAILURE if problem
3928 contains_trusted_key(dns_name_t *name, dns_rdataset_t *rdataset,
3929 dns_rdataset_t *sigrdataset,
3932 isc_result_t result;
3934 dst_key_t * trustedKey = NULL;
3935 dst_key_t * dnsseckey = NULL;
3938 if (name == NULL || rdataset == NULL) {
3939 return ISC_R_FAILURE;
3942 result = dns_rdataset_first(rdataset);
3943 check_result(result, "empty rdataset");
3944 dns_rdata_init(&rdata);
3947 dns_rdataset_current(rdataset, &rdata);
3948 INSIST(rdata.type == dns_rdatatype_dnskey);
3950 result = dns_dnssec_keyfromrdata(name, &rdata,
3952 check_result(result, "dns_dnssec_keyfromrdata");
3955 for (i = 0; i< tk_list.nb_tk; i++) {
3956 if (dst_key_compare(tk_list.key[i], dnsseckey)
3958 dns_rdata_reset(&rdata);
3960 printf(";; Ok, find a Trusted Key in the "
3961 "DNSKEY RRset: %d\n",
3962 dst_key_id(dnsseckey));
3963 if (sigchase_verify_sig_key(name, rdataset,
3968 dst_key_free(&dnsseckey);
3970 return ISC_R_SUCCESS;
3975 dns_rdata_reset(&rdata);
3976 if (dnsseckey != NULL)
3977 dst_key_free(&dnsseckey);
3978 } while (dns_rdataset_next(rdataset) == ISC_R_SUCCESS);
3980 if (trustedKey != NULL)
3981 dst_key_free(&trustedKey);
3984 return ISC_R_NOTFOUND;
3988 sigchase_verify_sig(dns_name_t *name, dns_rdataset_t *rdataset,
3989 dns_rdataset_t *keyrdataset,
3990 dns_rdataset_t *sigrdataset,
3993 isc_result_t result;
3994 dns_rdata_t keyrdata;
3995 dst_key_t * dnsseckey = NULL;
3997 result = dns_rdataset_first(keyrdataset);
3998 check_result(result, "empty DNSKEY dataset");
3999 dns_rdata_init(&keyrdata);
4002 dns_rdataset_current(keyrdataset, &keyrdata);
4003 INSIST(keyrdata.type == dns_rdatatype_dnskey);
4005 result = dns_dnssec_keyfromrdata(name, &keyrdata,
4007 check_result(result, "dns_dnssec_keyfromrdata");
4009 result = sigchase_verify_sig_key(name, rdataset, dnsseckey,
4011 if (result == ISC_R_SUCCESS) {
4012 dns_rdata_reset(&keyrdata);
4013 dst_key_free(&dnsseckey);
4014 return(ISC_R_SUCCESS);
4016 dst_key_free(&dnsseckey);
4017 } while (dns_rdataset_next(chase_keyrdataset) == ISC_R_SUCCESS);
4019 dns_rdata_reset(&keyrdata);
4021 return ISC_R_NOTFOUND;
4025 sigchase_verify_sig_key(dns_name_t *name, dns_rdataset_t *rdataset,
4026 dst_key_t* dnsseckey,
4027 dns_rdataset_t *sigrdataset, isc_mem_t *mctx)
4029 isc_result_t result;
4030 dns_rdata_t sigrdata;
4031 dns_rdata_sig_t siginfo;
4033 result = dns_rdataset_first(sigrdataset);
4034 check_result(result, "empty RRSIG dataset");
4035 dns_rdata_init(&sigrdata);
4038 dns_rdataset_current(sigrdataset, &sigrdata);
4040 result = dns_rdata_tostruct(&sigrdata, &siginfo, NULL);
4041 check_result(result, "sigrdata tostruct siginfo");
4044 * Test if the id of the DNSKEY is
4045 * the id of the DNSKEY signer's
4047 if (siginfo.keyid == dst_key_id(dnsseckey)) {
4049 result = dns_rdataset_first(rdataset);
4050 check_result(result, "empty DS dataset");
4052 result = dns_dnssec_verify(name, rdataset, dnsseckey,
4053 ISC_FALSE, mctx, &sigrdata);
4055 printf(";; VERIFYING ");
4056 print_type(rdataset->type);
4057 printf(" RRset for ");
4058 dns_name_print(name, stdout);
4059 printf(" with DNSKEY:%d: %s\n", dst_key_id(dnsseckey),
4060 isc_result_totext(result));
4062 if (result == ISC_R_SUCCESS) {
4063 dns_rdata_reset(&sigrdata);
4067 dns_rdata_freestruct(&siginfo);
4069 } while (dns_rdataset_next(chase_sigkeyrdataset) == ISC_R_SUCCESS);
4071 dns_rdata_reset(&sigrdata);
4073 return ISC_R_NOTFOUND;
4078 sigchase_verify_ds(dns_name_t *name, dns_rdataset_t *keyrdataset,
4079 dns_rdataset_t *dsrdataset, isc_mem_t *mctx)
4081 isc_result_t result;
4082 dns_rdata_t keyrdata;
4083 dns_rdata_t newdsrdata;
4084 dns_rdata_t dsrdata;
4085 dns_rdata_ds_t dsinfo;
4086 dst_key_t* dnsseckey = NULL;
4087 unsigned char dsbuf[DNS_DS_BUFFERSIZE];
4089 result = dns_rdataset_first(dsrdataset);
4090 check_result(result, "empty DSset dataset");
4091 dns_rdata_init(&dsrdata);
4093 dns_rdataset_current(dsrdataset, &dsrdata);
4095 result = dns_rdata_tostruct(&dsrdata, &dsinfo, NULL);
4096 check_result(result, "dns_rdata_tostruct for DS");
4098 result = dns_rdataset_first(keyrdataset);
4099 check_result(result, "empty KEY dataset");
4100 dns_rdata_init(&keyrdata);
4103 dns_rdataset_current(keyrdataset, &keyrdata);
4104 INSIST(keyrdata.type == dns_rdatatype_dnskey);
4106 result = dns_dnssec_keyfromrdata(name, &keyrdata,
4108 check_result(result, "dns_dnssec_keyfromrdata");
4111 * Test if the id of the DNSKEY is the
4112 * id of DNSKEY referenced by the DS
4114 if (dsinfo.key_tag == dst_key_id(dnsseckey)) {
4115 dns_rdata_init(&newdsrdata);
4117 result = dns_ds_buildrdata(name, &keyrdata,
4119 dsbuf, &newdsrdata);
4120 dns_rdata_freestruct(&dsinfo);
4122 if (result != ISC_R_SUCCESS) {
4123 dns_rdata_reset(&keyrdata);
4124 dns_rdata_reset(&newdsrdata);
4125 dns_rdata_reset(&dsrdata);
4126 dst_key_free(&dnsseckey);
4127 dns_rdata_freestruct(&dsinfo);
4128 printf("Oops: impossible to build"
4134 if (dns_rdata_compare(&dsrdata,
4135 &newdsrdata) == 0) {
4136 printf(";; OK a DS valids a DNSKEY"
4138 printf(";; Now verify that this"
4139 " DNSKEY validates the "
4142 result = sigchase_verify_sig_key(name,
4145 chase_sigkeyrdataset,
4147 if (result == ISC_R_SUCCESS) {
4148 dns_rdata_reset(&keyrdata);
4149 dns_rdata_reset(&newdsrdata);
4150 dns_rdata_reset(&dsrdata);
4151 dst_key_free(&dnsseckey);
4157 printf(";; This DS is NOT the DS for"
4158 " the chasing KEY: FAILED\n");
4161 dns_rdata_reset(&newdsrdata);
4163 dst_key_free(&dnsseckey);
4165 } while (dns_rdataset_next(chase_keyrdataset) == ISC_R_SUCCESS);
4166 dns_rdata_reset(&keyrdata);
4168 } while (dns_rdataset_next(chase_dsrdataset) == ISC_R_SUCCESS);
4170 dns_rdata_reset(&dsrdata); WARNING
4173 return ISC_R_NOTFOUND;
4178 * take a pointer on a rdataset in parameter and try to resolv it.
4179 * the searched rrset is a rrset on 'name' with type 'type'
4180 * (and if the type is a rrsig the signature cover 'covers').
4181 * the lookedup is to known if you have already done the query on the net.
4182 * ISC_R_SUCCESS: if we found the rrset
4183 * ISC_R_NOTFOUND: we do not found the rrset in cache
4184 * and we do a query on the net
4185 * ISC_R_FAILURE: rrset not found
4188 advanced_rrsearch(dns_rdataset_t **rdataset, dns_name_t * name,
4189 dns_rdatatype_t type,
4190 dns_rdatatype_t covers,
4191 isc_boolean_t *lookedup)
4193 isc_boolean_t tmplookedup;
4195 INSIST(rdataset != NULL);
4197 if (*rdataset != NULL)
4198 return(ISC_R_SUCCESS);
4200 tmplookedup = *lookedup;
4201 if ((*rdataset = sigchase_scanname(type, covers,
4202 lookedup, name)) == NULL) {
4204 return (ISC_R_FAILURE);
4205 return (ISC_R_NOTFOUND);
4207 *lookedup = ISC_FALSE;
4208 return(ISC_R_SUCCESS);
4215 sigchase_td(dns_message_t * msg)
4217 isc_result_t result;
4218 dns_name_t * name = NULL;
4219 isc_boolean_t have_answer = ISC_FALSE;
4221 isc_boolean_t true = ISC_TRUE;
4223 if ((result = dns_message_firstname(msg, DNS_SECTION_ANSWER))
4225 dns_message_currentname(msg, DNS_SECTION_ANSWER, &name);
4226 if (current_lookup->trace_root_sigchase) {
4227 initialization(name);
4233 if (!current_lookup->trace_root_sigchase) {
4234 result = dns_message_firstname(msg,
4235 DNS_SECTION_AUTHORITY);
4236 if (result == ISC_R_SUCCESS)
4237 dns_message_currentname(msg,
4238 DNS_SECTION_AUTHORITY,
4241 = chase_scanname_section(msg, name,
4244 DNS_SECTION_AUTHORITY);
4245 dup_name(name, &chase_authority_name, mctx);
4246 if (chase_nsrdataset != NULL) {
4247 have_delegation_ns = ISC_TRUE;
4248 printf("no response but there is a delegation"
4249 " in authority section:");
4250 dns_name_print(name, stdout);
4254 printf("no response and no delegation in "
4255 "authority section but a reference"
4257 dns_name_print(name, stdout);
4259 error_message = msg;
4263 printf(";; NO ANSWERS: %s\n",
4264 isc_result_totext(result));
4265 dns_name_free(&chase_name, mctx);
4274 = chase_scanname_section(msg, &chase_name,
4278 DNS_SECTION_ANSWER);
4279 if (chase_rdataset != NULL)
4280 have_response = ISC_TRUE;
4283 result = advanced_rrsearch(&chase_keyrdataset,
4284 &chase_current_name,
4285 dns_rdatatype_dnskey,
4287 &chase_keylookedup);
4288 if (result == ISC_R_FAILURE) {
4289 printf("\n;; DNSKEY is missing to continue validation:"
4293 if (result == ISC_R_NOTFOUND)
4295 INSIST(chase_keyrdataset != NULL);
4296 printf("\n;; DNSKEYset:\n");
4297 print_rdataset(&chase_current_name , chase_keyrdataset, mctx);
4300 result = advanced_rrsearch(&chase_sigkeyrdataset,
4301 &chase_current_name,
4302 dns_rdatatype_rrsig,
4303 dns_rdatatype_dnskey,
4304 &chase_sigkeylookedup);
4305 if (result == ISC_R_FAILURE) {
4306 printf("\n;; RRSIG of DNSKEY is missing to continue validation:"
4310 if (result == ISC_R_NOTFOUND)
4312 INSIST(chase_sigkeyrdataset != NULL);
4313 printf("\n;; RRSIG of the DNSKEYset:\n");
4314 print_rdataset(&chase_current_name , chase_sigkeyrdataset, mctx);
4317 if (!chase_dslookedup && !chase_nslookedup) {
4318 if (!delegation_follow) {
4319 result = contains_trusted_key(&chase_current_name,
4321 chase_sigkeyrdataset,
4325 INSIST(chase_dsrdataset != NULL);
4326 INSIST(chase_sigdsrdataset != NULL);
4327 result = sigchase_verify_ds(&chase_current_name,
4333 if (result != ISC_R_SUCCESS) {
4334 printf("\n;; chain of trust can't be validated:"
4339 chase_dsrdataset = NULL;
4340 chase_sigdsrdataset = NULL;
4344 if (have_response || (!have_delegation_ns && !have_response)) {
4345 /* test if it's a grand father case */
4347 if (have_response) {
4348 result = advanced_rrsearch(&chase_sigrdataset,
4350 dns_rdatatype_rrsig,
4354 if (result == ISC_R_FAILURE) {
4355 printf("\n;; RRset is missing to continue"
4356 " validation SHOULD NOT APPEND:"
4363 result = advanced_rrsearch(&chase_sigrdataset,
4364 &chase_authority_name,
4365 dns_rdatatype_rrsig,
4368 if (result == ISC_R_FAILURE) {
4369 printf("\n;; RRSIG is missing to continue"
4370 " validation SHOULD NOT APPEND:"
4375 result = grandfather_pb_test(&chase_current_name,
4377 if (result != ISC_R_SUCCESS) {
4378 dns_name_t tmp_name;
4380 printf("\n;; We are in a Grand Father Problem:"
4381 " See 2.2.1 in RFC 3568\n");
4382 chase_rdataset = NULL;
4383 chase_sigrdataset = NULL;
4384 have_response = ISC_FALSE;
4385 have_delegation_ns = ISC_FALSE;
4387 dns_name_init(&tmp_name, NULL);
4388 result = child_of_zone(&chase_name, &chase_current_name,
4390 if (dns_name_dynamic(&chase_authority_name))
4391 dns_name_free( &chase_authority_name, mctx);
4392 dup_name(&tmp_name, &chase_authority_name, mctx);
4393 printf(";; and we try to continue chain of trust"
4394 " validation of the zone: ");
4395 dns_name_print(&chase_authority_name, stdout);
4397 have_delegation_ns = ISC_TRUE;
4403 chase_sigrdataset = NULL;
4407 if (have_delegation_ns) {
4408 chase_nsrdataset = NULL;
4409 result = advanced_rrsearch(&chase_nsrdataset,
4410 &chase_authority_name,
4414 if (result == ISC_R_FAILURE) {
4415 printf("\n;;NSset is missing to continue validation:"
4419 if (result == ISC_R_NOTFOUND) {
4422 INSIST(chase_nsrdataset != NULL);
4424 result = advanced_rrsearch(&chase_dsrdataset,
4425 &chase_authority_name,
4429 if (result == ISC_R_FAILURE) {
4430 printf("\n;; DSset is missing to continue validation:"
4434 if (result == ISC_R_NOTFOUND)
4436 INSIST(chase_dsrdataset != NULL);
4437 printf("\n;; DSset:\n");
4438 print_rdataset(&chase_authority_name , chase_dsrdataset, mctx);
4440 result = advanced_rrsearch(&chase_sigdsrdataset,
4441 &chase_authority_name,
4442 dns_rdatatype_rrsig,
4445 if (result != ISC_R_SUCCESS) {
4446 printf("\n;; DSset is missing to continue validation:"
4450 printf("\n;; RRSIGset of DSset\n");
4451 print_rdataset(&chase_authority_name,
4452 chase_sigdsrdataset, mctx);
4453 INSIST(chase_sigdsrdataset != NULL);
4455 result = sigchase_verify_sig(&chase_authority_name,
4458 chase_sigdsrdataset, mctx);
4459 if (result != ISC_R_SUCCESS) {
4460 printf("\n;; Impossible to verify the DSset:"
4464 chase_keyrdataset = NULL;
4465 chase_sigkeyrdataset = NULL;
4468 prepare_lookup(&chase_authority_name);
4470 have_response = ISC_FALSE;
4471 have_delegation_ns = ISC_FALSE;
4472 delegation_follow = ISC_TRUE;
4473 error_message = NULL;
4474 dup_name(&chase_authority_name, &chase_current_name, mctx);
4475 dns_name_free(&chase_authority_name, mctx);
4480 if (error_message != NULL) {
4481 dns_rdataset_t * rdataset;
4482 dns_rdataset_t * sigrdataset;
4483 dns_name_t rdata_name;
4484 isc_result_t ret = ISC_R_FAILURE;
4486 dns_name_init(&rdata_name, NULL);
4487 result = prove_nx(error_message, &chase_name,
4488 current_lookup->rdclass_sigchase,
4489 current_lookup->rdtype_sigchase, &rdata_name,
4490 &rdataset, &sigrdataset);
4491 if (&rdata_name == NULL || rdataset == NULL ||
4492 sigrdataset == NULL) {
4493 printf("\n;; Impossible to verify the non-existence,"
4494 " the NSEC RRset can't be validated:"
4498 ret = sigchase_verify_sig(&rdata_name, rdataset,
4501 if (ret != ISC_R_SUCCESS) {
4502 dns_name_free(&rdata_name, mctx);
4503 printf("\n;; Impossible to verify the NSEC RR to prove"
4504 " the non-existence : FAILED\n\n");
4507 dns_name_free(&rdata_name, mctx);
4508 if (result != ISC_R_SUCCESS) {
4509 printf("\n;; Impossible to verify the non-existence:"
4514 printf("\n;; OK the query doesn't have response but"
4515 " we have validate this fact : SUCCESS\n\n");
4521 printf(";; cleanandgo \n");
4522 if (dns_name_dynamic(&chase_current_name))
4523 dns_name_free(&chase_current_name, mctx);
4524 if (dns_name_dynamic(&chase_authority_name))
4525 dns_name_free(&chase_authority_name, mctx);
4530 result = advanced_rrsearch(&chase_rdataset, &chase_name,
4531 current_lookup->rdtype_sigchase,
4534 if (result == ISC_R_FAILURE) {
4535 printf("\n;; RRsig of RRset is missing to continue validation"
4536 " SHOULD NOT APPEND: FAILED\n\n");
4539 result = sigchase_verify_sig(&chase_name, chase_rdataset,
4541 chase_sigrdataset, mctx);
4542 if (result != ISC_R_SUCCESS) {
4543 printf("\n;; Impossible to verify the RRset : FAILED\n\n");
4546 print_rdataset(&chase_name , chase_rdataset, mctx);
4547 printf("DNSKEYset:\n");
4548 print_rdataset(&chase_name , chase_keyrdataset, mctx);
4549 printf("RRSIG of RRset:\n");
4550 print_rdataset(&chase_name , chase_sigrdataset, mctx);
4556 printf("\n;; The Answer:\n");
4557 print_rdataset(&chase_name , chase_rdataset, mctx);
4559 printf("\n;; FINISH : we have validate the DNSSEC chain"
4560 " of trust: SUCCESS\n\n");
4571 getneededrr(dns_message_t *msg)
4573 isc_result_t result;
4574 dns_name_t *name = NULL;
4575 dns_rdata_t sigrdata;
4576 dns_rdata_sig_t siginfo;
4577 isc_boolean_t true = ISC_TRUE;
4579 if ((result = dns_message_firstname(msg, DNS_SECTION_ANSWER))
4581 printf(";; NO ANSWERS: %s\n", isc_result_totext(result));
4583 if (chase_name.ndata == NULL) {
4584 return ISC_R_ADDRNOTAVAIL;
4588 dns_message_currentname(msg, DNS_SECTION_ANSWER, &name);
4591 /* What do we chase? */
4592 if (chase_rdataset == NULL) {
4593 result = advanced_rrsearch(&chase_rdataset, name,
4595 dns_rdatatype_any, &true);
4596 if (result != ISC_R_SUCCESS) {
4597 printf("\n;; No Answers: Validation FAILED\n\n");
4598 return ISC_R_NOTFOUND;
4600 dup_name(name, &chase_name, mctx);
4601 printf(";; RRset to chase:\n");
4602 print_rdataset(&chase_name, chase_rdataset, mctx);
4604 INSIST(chase_rdataset != NULL);
4607 if (chase_sigrdataset == NULL) {
4608 result = advanced_rrsearch(&chase_sigrdataset, name,
4609 dns_rdatatype_rrsig,
4610 chase_rdataset->type,
4611 &chase_siglookedup);
4612 if (result == ISC_R_FAILURE) {
4613 printf("\n;; RRSIG is missing for continue validation:"
4615 if (dns_name_dynamic(&chase_name))
4616 dns_name_free(&chase_name, mctx);
4617 return ISC_R_NOTFOUND;
4619 if (result == ISC_R_NOTFOUND) {
4620 return(ISC_R_NOTFOUND);
4622 printf("\n;; RRSIG of the RRset to chase:\n");
4623 print_rdataset(&chase_name, chase_sigrdataset, mctx);
4625 INSIST(chase_sigrdataset != NULL);
4628 /* first find the DNSKEY name */
4629 result = dns_rdataset_first(chase_sigrdataset);
4630 check_result(result, "empty RRSIG dataset");
4631 dns_rdata_init(&sigrdata);
4632 dns_rdataset_current(chase_sigrdataset, &sigrdata);
4633 result = dns_rdata_tostruct(&sigrdata, &siginfo, NULL);
4634 check_result(result, "sigrdata tostruct siginfo");
4635 dup_name(&siginfo.signer, &chase_signame, mctx);
4636 dns_rdata_freestruct(&siginfo);
4637 dns_rdata_reset(&sigrdata);
4639 /* Do we have a key? */
4640 if (chase_keyrdataset == NULL) {
4641 result = advanced_rrsearch(&chase_keyrdataset,
4643 dns_rdatatype_dnskey,
4645 &chase_keylookedup);
4646 if (result == ISC_R_FAILURE) {
4647 printf("\n;; DNSKEY is missing to continue validation:"
4649 dns_name_free(&chase_signame, mctx);
4650 if (dns_name_dynamic(&chase_name))
4651 dns_name_free(&chase_name, mctx);
4652 return ISC_R_NOTFOUND;
4654 if (result == ISC_R_NOTFOUND) {
4655 dns_name_free(&chase_signame, mctx);
4656 return(ISC_R_NOTFOUND);
4658 printf("\n;; DNSKEYset that signs the RRset to chase:\n");
4659 print_rdataset(&chase_signame, chase_keyrdataset, mctx);
4661 INSIST(chase_keyrdataset != NULL);
4663 if (chase_sigkeyrdataset == NULL) {
4664 result = advanced_rrsearch(&chase_sigkeyrdataset,
4666 dns_rdatatype_rrsig,
4667 dns_rdatatype_dnskey,
4668 &chase_sigkeylookedup);
4669 if (result == ISC_R_FAILURE) {
4670 printf("\n;; RRSIG for DNSKEY is missing to continue"
4671 " validation : FAILED\n\n");
4672 dns_name_free(&chase_signame, mctx);
4673 if (dns_name_dynamic(&chase_name))
4674 dns_name_free(&chase_name, mctx);
4675 return ISC_R_NOTFOUND;
4677 if (result == ISC_R_NOTFOUND) {
4678 dns_name_free(&chase_signame, mctx);
4679 return(ISC_R_NOTFOUND);
4681 printf("\n;; RRSIG of the DNSKEYset that signs the "
4682 "RRset to chase:\n");
4683 print_rdataset(&chase_signame, chase_sigkeyrdataset, mctx);
4685 INSIST(chase_sigkeyrdataset != NULL);
4688 if (chase_dsrdataset == NULL) {
4689 result = advanced_rrsearch(&chase_dsrdataset, &chase_signame,
4693 if (result == ISC_R_FAILURE) {
4694 printf("\n;; WARNING There is no DS for the zone: ");
4695 dns_name_print(&chase_signame, stdout);
4698 if (result == ISC_R_NOTFOUND) {
4699 dns_name_free(&chase_signame, mctx);
4700 return(ISC_R_NOTFOUND);
4702 if (chase_dsrdataset != NULL) {
4703 printf("\n;; DSset of the DNSKEYset\n");
4704 print_rdataset(&chase_signame, chase_dsrdataset, mctx);
4708 if (chase_dsrdataset != NULL) {
4710 * if there is no RRSIG of DS,
4711 * we don't want to search on the network
4713 result = advanced_rrsearch(&chase_sigdsrdataset,
4715 dns_rdatatype_rrsig,
4716 dns_rdatatype_ds, &true);
4717 if (result == ISC_R_FAILURE) {
4718 printf(";; WARNING : NO RRSIG DS : RRSIG DS"
4719 " should come with DS\n");
4721 * We continue even the DS couldn't be validated,
4722 * because the DNSKEY could be a Trusted Key.
4724 chase_dsrdataset = NULL;
4727 printf("\n;; RRSIG of the DSset of the DNSKEYset\n");
4728 print_rdataset(&chase_signame, chase_sigdsrdataset,
4738 sigchase_bu(dns_message_t *msg)
4740 isc_result_t result;
4743 if (tk_list.nb_tk == 0) {
4744 result = get_trusted_key(mctx);
4745 if (result != ISC_R_SUCCESS) {
4746 printf("No trusted keys present\n");
4752 ret = getneededrr(msg);
4753 if (ret == ISC_R_NOTFOUND)
4756 if (ret == ISC_R_ADDRNOTAVAIL) {
4757 /* We have no response */
4758 dns_rdataset_t * rdataset;
4759 dns_rdataset_t * sigrdataset;
4760 dns_name_t rdata_name;
4761 dns_name_t query_name;
4764 dns_name_init(&query_name, NULL);
4765 nameFromString(current_lookup->textname, &query_name);
4767 result = prove_nx(msg, &query_name, current_lookup->rdclass,
4768 current_lookup->rdtype, &rdata_name,
4769 &rdataset, &sigrdataset);
4770 dns_name_free(&query_name, mctx);
4771 if (&rdata_name == NULL || rdataset == NULL ||
4772 sigrdataset == NULL) {
4773 printf("\n;; Impossible to verify the Non-existence,"
4774 " the NSEC RRset can't be validated: "
4780 if (result != ISC_R_SUCCESS) {
4781 printf("\n No Answers and impossible to prove the"
4782 " unsecurity : Validation FAILED\n\n");
4786 printf(";; An NSEC prove the non-existence of a answers,"
4787 " Now we want validate this NSEC\n");
4789 dup_name(&rdata_name, &chase_name, mctx);
4790 dns_name_free(&rdata_name, mctx);
4791 chase_rdataset = rdataset;
4792 chase_sigrdataset = sigrdataset;
4793 chase_keyrdataset = NULL;
4794 chase_sigkeyrdataset = NULL;
4795 chase_dsrdataset = NULL;
4796 chase_sigdsrdataset = NULL;
4797 chase_siglookedup = ISC_FALSE;
4798 chase_keylookedup = ISC_FALSE;
4799 chase_dslookedup = ISC_FALSE;
4800 chase_sigdslookedup = ISC_FALSE;
4807 printf("\n\n\n;; WE HAVE MATERIAL, WE NOW DO VALIDATION\n");
4809 result = sigchase_verify_sig(&chase_name, chase_rdataset,
4811 chase_sigrdataset, mctx);
4812 if (result != ISC_R_SUCCESS) {
4813 dns_name_free(&chase_name, mctx);
4814 dns_name_free(&chase_signame, mctx);
4815 printf(";; No DNSKEY is valid to check the RRSIG"
4816 " of the RRset: FAILED\n");
4820 printf(";; OK We found DNSKEY (or more) to validate the RRset\n");
4822 result = contains_trusted_key(&chase_signame, chase_keyrdataset,
4823 chase_sigkeyrdataset, mctx);
4824 if (result == ISC_R_SUCCESS) {
4825 dns_name_free(&chase_name, mctx);
4826 dns_name_free(&chase_signame, mctx);
4827 printf("\n;; Ok this DNSKEY is a Trusted Key,"
4828 " DNSSEC validation is ok: SUCCESS\n\n");
4833 printf(";; Now, we are going to validate this DNSKEY by the DS\n");
4835 if (chase_dsrdataset == NULL) {
4836 dns_name_free(&chase_name, mctx);
4837 dns_name_free(&chase_signame, mctx);
4838 printf(";; the DNSKEY isn't trusted-key and there isn't"
4839 " DS to validate the DNSKEY: FAILED\n");
4844 result = sigchase_verify_ds(&chase_signame, chase_keyrdataset,
4845 chase_dsrdataset, mctx);
4846 if (result != ISC_R_SUCCESS) {
4847 dns_name_free(&chase_signame, mctx);
4848 dns_name_free(&chase_name, mctx);
4849 printf(";; ERROR no DS validates a DNSKEY in the"
4850 " DNSKEY RRset: FAILED\n");
4855 printf(";; OK this DNSKEY (validated by the DS) validates"
4856 " the RRset of the DNSKEYs, thus the DNSKEY validates"
4858 INSIST(chase_sigdsrdataset != NULL);
4860 dup_name(&chase_signame, &chase_name, mctx);
4861 dns_name_free(&chase_signame, mctx);
4862 chase_rdataset = chase_dsrdataset;
4863 chase_sigrdataset = chase_sigdsrdataset;
4864 chase_keyrdataset = NULL;
4865 chase_sigkeyrdataset = NULL;
4866 chase_dsrdataset = NULL;
4867 chase_sigdsrdataset = NULL;
4868 chase_siglookedup = chase_keylookedup = ISC_FALSE;
4869 chase_dslookedup = chase_sigdslookedup = ISC_FALSE;
4871 printf(";; Now, we want to validate the DS : recursive call\n");
4878 sigchase(dns_message_t * msg)
4881 if (current_lookup->do_topdown) {
4894 * return 1 if name1 < name2
4895 * 0 if name1 == name2
4896 * -1 if name1 > name2
4900 inf_name(dns_name_t * name1, dns_name_t * name2)
4904 unsigned int nblabel1;
4905 unsigned int nblabel2;
4910 nblabel1 = dns_name_countlabels(name1);
4911 nblabel2 = dns_name_countlabels(name2);
4913 if (nblabel1 >= nblabel2)
4914 min_lum_label = nblabel2;
4916 min_lum_label = nblabel1;
4919 for (i=1 ; i < min_lum_label; i++) {
4920 dns_name_getlabel(name1, nblabel1 -1 - i, &label1);
4921 dns_name_getlabel(name2, nblabel2 -1 - i, &label2);
4922 if ((ret = isc_region_compare(&label1, &label2)) != 0) {
4929 if (nblabel1 == nblabel2)
4932 if (nblabel1 < nblabel2)
4944 prove_nx_domain(dns_message_t *msg,
4946 dns_name_t *rdata_name,
4947 dns_rdataset_t ** rdataset,
4948 dns_rdataset_t **sigrdataset)
4950 isc_result_t ret = ISC_R_FAILURE;
4951 isc_result_t result = ISC_R_NOTFOUND;
4952 dns_rdataset_t * nsecset = NULL;
4953 dns_rdataset_t * signsecset = NULL ;
4954 dns_rdata_t nsec = DNS_RDATA_INIT;
4955 dns_name_t * nsecname;
4956 dns_rdata_nsec_t nsecstruct;
4958 if ((result = dns_message_firstname(msg, DNS_SECTION_AUTHORITY))
4960 printf(";; nothing in authority section : impossible to"
4961 " validate the non-existence : FAILED\n");
4962 return(ISC_R_FAILURE);
4967 dns_message_currentname(msg, DNS_SECTION_AUTHORITY, &nsecname);
4968 nsecset = search_type(nsecname, dns_rdatatype_nsec,
4970 if (nsecset == NULL)
4973 printf("There is a NSEC for this zone in the"
4974 " AUTHORITY section:\n");
4975 print_rdataset(nsecname, nsecset, mctx);
4977 for (result = dns_rdataset_first(nsecset);
4978 result == ISC_R_SUCCESS;
4979 result = dns_rdataset_next(nsecset)) {
4980 dns_rdataset_current(nsecset, &nsec);
4984 = chase_scanname_section(msg, nsecname,
4985 dns_rdatatype_rrsig,
4987 DNS_SECTION_AUTHORITY);
4988 if (signsecset == NULL) {
4989 printf(";; no RRSIG NSEC in authority section:"
4990 " impossible to validate the "
4991 "non-existence: FAILED\n");
4992 return(ISC_R_FAILURE);
4995 ret = dns_rdata_tostruct(&nsec, &nsecstruct, NULL);
4996 check_result(ret,"dns_rdata_tostruct");
4998 if ((inf_name(nsecname, &nsecstruct.next) == 1 &&
4999 inf_name(name, &nsecstruct.next) == 1) ||
5000 (inf_name(name, nsecname) == 1 &&
5001 inf_name(&nsecstruct.next, name) == 1)) {
5002 dns_rdata_freestruct(&nsecstruct);
5003 *rdataset = nsecset;
5004 *sigrdataset = signsecset;
5005 dup_name(nsecname, rdata_name, mctx);
5007 return ISC_R_SUCCESS;
5010 dns_rdata_freestruct(&nsecstruct);
5012 } while (dns_message_nextname(msg, DNS_SECTION_AUTHORITY)
5016 *sigrdataset = NULL;
5018 return(ISC_R_FAILURE);
5029 prove_nx_type(dns_message_t * msg,
5031 dns_rdataset_t *nsecset,
5032 dns_rdataclass_t class,
5033 dns_rdatatype_t type,
5034 dns_name_t * rdata_name,
5035 dns_rdataset_t ** rdataset,
5036 dns_rdataset_t ** sigrdataset)
5039 dns_rdataset_t * signsecset;
5040 dns_rdata_t nsec = DNS_RDATA_INIT;
5045 ret = dns_rdataset_first(nsecset);
5046 check_result(ret,"dns_rdataset_first");
5048 dns_rdataset_current(nsecset, &nsec);
5050 ret = dns_nsec_typepresent(&nsec, type);
5051 if (ret == ISC_R_SUCCESS)
5052 printf("OK the NSEC said that the type doesn't exist \n");
5054 signsecset = chase_scanname_section(msg, name,
5055 dns_rdatatype_rrsig,
5057 DNS_SECTION_AUTHORITY);
5058 if (signsecset == NULL) {
5059 printf("There isn't RRSIG NSEC for the zone \n");
5060 return ISC_R_FAILURE;
5062 *rdataset = nsecset;
5063 *sigrdataset = signsecset;
5075 prove_nx(dns_message_t * msg,
5077 dns_rdataclass_t class,
5078 dns_rdatatype_t type,
5079 dns_name_t * rdata_name,
5080 dns_rdataset_t ** rdataset,
5081 dns_rdataset_t ** sigrdataset)
5084 dns_rdataset_t * nsecset = NULL;
5087 printf("We want to prove the non-existance of a type of rdata %d"
5088 " or of the zone: \n", type);
5090 if ((ret = dns_message_firstname(msg, DNS_SECTION_AUTHORITY))
5092 printf(";; nothing in authority section : impossible to"
5093 " validate the non-existence : FAILED\n");
5094 return(ISC_R_FAILURE);
5097 nsecset = chase_scanname_section(msg, name, dns_rdatatype_nsec,
5099 DNS_SECTION_AUTHORITY);
5100 if (nsecset != NULL) {
5101 printf("We have a NSEC for this zone :OK\n");
5102 ret = prove_nx_type(msg, name, nsecset, class,
5103 type, rdata_name, rdataset,
5105 if (ret != ISC_R_SUCCESS) {
5106 printf("prove_nx: ERROR type exist\n");
5109 printf("prove_nx: OK type does not exist\n");
5110 return(ISC_R_SUCCESS);
5113 printf("there is no NSEC for this zone: validating "
5114 "that the zone doesn't exist\n");
5115 ret = prove_nx_domain(msg, name, rdata_name,
5116 rdataset, sigrdataset);
5119 /* Never get here */