mirror of
https://github.com/miekg/dns.git
synced 2025-08-19 16:01:00 +02:00
more lookup stuff
This commit is contained in:
Miek Gieben
parent
f0f567c5f7
commit
eb94be22bb
@ -258,6 +258,7 @@ forever:
|
|||||||
if *check {
|
if *check {
|
||||||
sigCheck(r.Reply, nameserver, *tcp)
|
sigCheck(r.Reply, nameserver, *tcp)
|
||||||
nsecCheck(r.Reply)
|
nsecCheck(r.Reply)
|
||||||
|
// dns.AssertDelegationSigner(r.Reply, nil)
|
||||||
}
|
}
|
||||||
if *short {
|
if *short {
|
||||||
r.Reply = shortMsg(r.Reply)
|
r.Reply = shortMsg(r.Reply)
|
||||||
|
|||||||
58
lookup.go
58
lookup.go
@ -1,5 +1,7 @@
|
|||||||
package dns
|
package dns
|
||||||
|
|
||||||
|
// This file is in flux
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"math/rand"
|
"math/rand"
|
||||||
"strings"
|
"strings"
|
||||||
@ -15,6 +17,55 @@ const (
|
|||||||
INDETERMINATE
|
INDETERMINATE
|
||||||
)
|
)
|
||||||
|
|
||||||
|
// Check if the returned message has a delegation signer record
|
||||||
|
// Algo:
|
||||||
|
// The auth section's owner name (should be all equal) - seperate check!
|
||||||
|
// The ownername of the DS records must match the right side of the qname
|
||||||
|
//
|
||||||
|
func AssertDelegationSigner(m *Msg, trustdb []*RR_DNSKEY) error {
|
||||||
|
|
||||||
|
// look for the DS(s)
|
||||||
|
dss := make([]*RR_DS, 0)
|
||||||
|
// If there are ddssen, there should also be a SIG (what if not?)
|
||||||
|
var sig *RR_RRSIG
|
||||||
|
for _, r := range m.Ns {
|
||||||
|
if d, ok := r.(*RR_DS); ok {
|
||||||
|
dss = append(dss ,d)
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
if s, ok := r.(*RR_RRSIG); ok {
|
||||||
|
if s.TypeCovered == TypeDS {
|
||||||
|
sig = s
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if len(dss) == 0 {
|
||||||
|
// No DSs found ...
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
println("DSs found", len(dss))
|
||||||
|
if sig == nil {
|
||||||
|
// No SIG found ...
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
println("SIG found")
|
||||||
|
|
||||||
|
|
||||||
|
// Ownername of the DSs should match the qname
|
||||||
|
if CompareLabels(dss[0].Header().Name, m.Question[0].Name) == 0 {
|
||||||
|
// No match
|
||||||
|
}
|
||||||
|
// Optionally keep track of these comparison, it should increase
|
||||||
|
println("Match found between delegation DS and qname")
|
||||||
|
println(dss[0].String())
|
||||||
|
println(sig.String())
|
||||||
|
|
||||||
|
|
||||||
|
return nil
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
// Types of answers (without looking the RFCs)
|
// Types of answers (without looking the RFCs)
|
||||||
// len(m.Ns) > 0
|
// len(m.Ns) > 0
|
||||||
// NS records in there? -> delegation (rcode should be rcode.Success)
|
// NS records in there? -> delegation (rcode should be rcode.Success)
|
||||||
@ -106,6 +157,13 @@ func primingZone() (a, aaaa []string) {
|
|||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Validate the root key with the DS records we've gotten offline
|
||||||
|
func createTrustDB(dss []*RR_DS, a, aaaa []string) *[]RR_DNSKEY {
|
||||||
|
// Query a root server, get the DNSKEY, toDS() and check
|
||||||
|
return nil
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
// Parse the builtin trust anchor and return the DS records
|
// Parse the builtin trust anchor and return the DS records
|
||||||
func primingTrust() []*RR_DS {
|
func primingTrust() []*RR_DS {
|
||||||
ta, _ := ReadTrustAnchor(strings.NewReader(RootAnchorXML))
|
ta, _ := ReadTrustAnchor(strings.NewReader(RootAnchorXML))
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user