3 * Where all the hard work concerning chasing
5 * (c) 2005, 2006 NLnet Labs
7 * See the file LICENSE for the license
12 #include <ldns/ldns.h>
15 * trace down from the root to name
18 /* same naive method as in drill0.9
19 * We resolver _ALL_ the names, which is ofcourse not needed
20 * We _do_ use the local resolver to do that, so it still is
21 * fast, but it can be made to run much faster
24 do_trace(ldns_resolver *local_res, ldns_rdf *name, ldns_rr_type t,
29 ldns_rr_list *new_nss_a;
30 ldns_rr_list *new_nss_aaaa;
31 ldns_rr_list *final_answer;
32 ldns_rr_list *new_nss;
33 ldns_rr_list *ns_addr;
46 res = ldns_resolver_new();
50 ldns_resolver_free(res);
52 error("Memory allocation failed");
57 error("Memory allocation failed");
61 /* transfer some properties of local_res to res,
62 * because they were given on the commandline */
63 ldns_resolver_set_ip6(res,
64 ldns_resolver_ip6(local_res));
65 ldns_resolver_set_port(res,
66 ldns_resolver_port(local_res));
67 ldns_resolver_set_debug(res,
68 ldns_resolver_debug(local_res));
69 ldns_resolver_set_dnssec(res,
70 ldns_resolver_dnssec(local_res));
71 ldns_resolver_set_fail(res,
72 ldns_resolver_fail(local_res));
73 ldns_resolver_set_usevc(res,
74 ldns_resolver_usevc(local_res));
75 ldns_resolver_set_random(res,
76 ldns_resolver_random(local_res));
77 ldns_resolver_set_source(res,
78 ldns_resolver_source(local_res));
79 ldns_resolver_set_recursive(res, false);
81 /* setup the root nameserver in the new resolver */
82 status = ldns_resolver_push_nameserver_rr_list(res, global_dns_root);
83 if (status != LDNS_STATUS_OK) {
84 fprintf(stderr, "Error adding root servers to resolver: %s\n", ldns_get_errorstr_by_id(status));
85 ldns_rr_list_print(stdout, global_dns_root);
86 ldns_resolver_free(res);
91 /* this must be a real query to local_res */
92 status = ldns_resolver_send(&p, res, ldns_dname_new_frm_str("."), LDNS_RR_TYPE_NS, c, 0);
93 /* p can still be NULL */
96 if (ldns_pkt_empty(p)) {
97 warning("No root server information received");
100 if (status == LDNS_STATUS_OK) {
101 if (!ldns_pkt_empty(p)) {
102 drill_pkt_print(stdout, local_res, p);
105 error("cannot use local resolver");
109 status = ldns_resolver_send(&p, res, name, t, c, 0);
111 while(status == LDNS_STATUS_OK &&
112 ldns_pkt_reply_type(p) == LDNS_PACKET_REFERRAL) {
115 /* some error occurred, bail out */
119 new_nss_a = ldns_pkt_rr_list_by_type(p,
120 LDNS_RR_TYPE_A, LDNS_SECTION_ADDITIONAL);
121 new_nss_aaaa = ldns_pkt_rr_list_by_type(p,
122 LDNS_RR_TYPE_AAAA, LDNS_SECTION_ADDITIONAL);
123 new_nss = ldns_pkt_rr_list_by_type(p,
124 LDNS_RR_TYPE_NS, LDNS_SECTION_AUTHORITY);
126 if (verbosity != -1) {
127 ldns_rr_list_print(stdout, new_nss);
129 /* checks itself for verbosity */
130 drill_pkt_print_footer(stdout, local_res, p);
132 /* remove the old nameserver from the resolver */
133 while(ldns_resolver_pop_nameserver(res)) { /* do it */ }
135 /* also check for new_nss emptyness */
137 if (!new_nss_aaaa && !new_nss_a) {
139 * no nameserver found!!!
140 * try to resolve the names we do got
142 for(i = 0; i < ldns_rr_list_rr_count(new_nss); i++) {
143 /* get the name of the nameserver */
144 pop = ldns_rr_rdf(ldns_rr_list_rr(new_nss, i), 0);
149 ldns_rr_list_print(stdout, new_nss);
150 ldns_rdf_print(stdout, pop);
151 /* retrieve it's addresses */
152 ns_addr = ldns_rr_list_cat_clone(ns_addr,
153 ldns_get_rr_list_addr_by_name(local_res, pop, c, 0));
157 if (ldns_resolver_push_nameserver_rr_list(res, ns_addr) !=
159 error("Error adding new nameservers");
163 ldns_rr_list_free(ns_addr);
165 ldns_rr_list_print(stdout, ns_addr);
166 error("Could not find the nameserver ip addr; abort");
172 /* add the new ones */
174 if (ldns_resolver_push_nameserver_rr_list(res, new_nss_aaaa) !=
176 error("adding new nameservers");
182 if (ldns_resolver_push_nameserver_rr_list(res, new_nss_a) !=
184 error("adding new nameservers");
190 if (loop_count++ > 20) {
191 /* unlikely that we are doing something usefull */
192 error("Looks like we are looping");
197 status = ldns_resolver_send(&p, res, name, t, c, 0);
203 status = ldns_resolver_send(&p, res, name, t, c, 0);
209 new_nss = ldns_pkt_authority(p);
210 final_answer = ldns_pkt_answer(p);
212 if (verbosity != -1) {
213 ldns_rr_list_print(stdout, final_answer);
214 ldns_rr_list_print(stdout, new_nss);
217 drill_pkt_print_footer(stdout, local_res, p);
224 * Chase the given rr to a known and trusted key
228 * the last argument prev_key_list, if not null, and type == DS, then the ds
229 * rr list we have must all be a ds for the keys in this list
233 do_chase(ldns_resolver *res,
237 ldns_rr_list *trusted_keys,
240 ldns_rr_list * ATTR_UNUSED(prev_key_list),
243 ldns_rr_list *rrset = NULL;
245 ldns_rr *orig_rr = NULL;
254 ldns_status tree_result;
255 ldns_dnssec_data_chain *chain;
256 ldns_dnssec_trust_tree *tree;
258 const ldns_rr_descriptor *descriptor;
259 descriptor = ldns_rr_descript(type);
261 ldns_dname2canonical(name);
263 pkt = ldns_pkt_clone(pkt_o);
265 mesg("No name to chase");
267 return LDNS_STATUS_EMPTY_LABEL;
269 if (verbosity != -1) {
270 printf(";; Chasing: ");
271 ldns_rdf_print(stdout, name);
272 if (descriptor && descriptor->_name) {
273 printf(" %s\n", descriptor->_name);
275 printf(" type %d\n", type);
279 if (!trusted_keys || ldns_rr_list_rr_count(trusted_keys) < 1) {
280 warning("No trusted keys specified");
284 rrset = ldns_pkt_rr_list_by_name_and_type(pkt,
290 /* nothing in answer, try authority */
291 rrset = ldns_pkt_rr_list_by_name_and_type(pkt,
294 LDNS_SECTION_AUTHORITY
297 /* answer might be a cname, chase that first, then chase
298 cname target? (TODO) */
300 rrset = ldns_pkt_rr_list_by_name_and_type(pkt,
306 /* nothing in answer, try authority */
307 rrset = ldns_pkt_rr_list_by_name_and_type(pkt,
310 LDNS_SECTION_AUTHORITY
316 if (verbosity >= 0) {
317 fprintf(stderr, "%s", ldns_get_errorstr_by_id(LDNS_STATUS_MEM_ERR));
318 fprintf(stderr, "\n");
320 return LDNS_STATUS_MEM_ERR;
324 /* not found in original packet, try again */
327 pkt = ldns_resolver_query(res, name, type, c, qflags);
330 if (verbosity >= 0) {
331 fprintf(stderr, "%s", ldns_get_errorstr_by_id(LDNS_STATUS_NETWORK_ERR));
332 fprintf(stderr, "\n");
334 return LDNS_STATUS_NETWORK_ERR;
336 if (verbosity >= 5) {
337 ldns_pkt_print(stdout, pkt);
340 rrset = ldns_pkt_rr_list_by_name_and_type(pkt,
347 orig_rr = ldns_rr_new();
349 /* if the answer had no answer section, we need to construct our own rr (for instance if
350 * the rr qe asked for doesn't exist. This rr will be destroyed when the chain is freed */
351 if (ldns_pkt_ancount(pkt) < 1) {
352 ldns_rr_set_type(orig_rr, type);
353 ldns_rr_set_owner(orig_rr, ldns_rdf_clone(name));
355 chain = ldns_dnssec_build_data_chain(res, qflags, rrset, pkt, ldns_rr_clone(orig_rr));
357 /* chase the first answer */
358 chain = ldns_dnssec_build_data_chain(res, qflags, rrset, pkt, NULL);
361 if (verbosity >= 4) {
362 printf("\n\nDNSSEC Data Chain:\n");
363 ldns_dnssec_data_chain_print(stdout, chain);
366 result = LDNS_STATUS_OK;
368 tree = ldns_dnssec_derive_trust_tree(chain, NULL);
370 if (verbosity >= 2) {
371 printf("\n\nDNSSEC Trust tree:\n");
372 ldns_dnssec_trust_tree_print(stdout, tree, 0, true);
375 if (ldns_rr_list_rr_count(trusted_keys) > 0) {
376 tree_result = ldns_dnssec_trust_tree_contains_keys(tree, trusted_keys);
378 if (tree_result == LDNS_STATUS_DNSSEC_EXISTENCE_DENIED) {
379 if (verbosity >= 1) {
380 printf("Existence denied or verifiably insecure\n");
382 result = LDNS_STATUS_OK;
383 } else if (tree_result != LDNS_STATUS_OK) {
384 if (verbosity >= 1) {
385 printf("No trusted keys found in tree: first error was: %s\n", ldns_get_errorstr_by_id(tree_result));
387 result = tree_result;
391 if (verbosity >= 0) {
392 printf("You have not provided any trusted keys.\n");
396 ldns_rr_free(orig_rr);
397 ldns_dnssec_trust_tree_free(tree);
398 ldns_dnssec_data_chain_deep_free(chain);
400 ldns_rr_list_deep_free(rrset);
402 /* ldns_rr_free(orig_rr);*/
406 #endif /* HAVE_SSL */
projects / FreeBSD / releng / 10.2.git / blob