func main() {
conf, err := dns.ClientConfigFromFile("/etc/resolv.conf")
if len(os.Args) != 2 || err != nil {
fmt.Printf("%s DOMAIN\n", os.Args[0])
os.Exit(1)
}
m := new(dns.Msg)
m.SetQuestion(dns.Fqdn(os.Args[1]), dns.TypeDNSKEY)
m.SetEdns0(2048, true)
c := new(dns.Client)
r, _ := c.Exchange(m, conf.Servers[0]+":"+conf.Port)
if r == nil {
fmt.Printf("*** no answer received for %s\n", os.Args[1])
os.Exit(1)
}
if r.Rcode != dns.RcodeSuccess {
fmt.Printf(" *** invalid answer name %s after DNSKEY query for %s\n", os.Args[1], os.Args[1])
os.Exit(1)
}
for _, k := range r.Answer {
if key, ok := k.(*dns.RR_DNSKEY); ok {
key.Hdr.Ttl = 0
for _, alg := range []int{dns.SHA1, dns.SHA256, dns.SHA384} {
ds := key.ToDS(alg)
fmt.Printf("%v; %d\n", ds, key.Flags)
}
}
}
}
// probe creates a packet and sends it to the nameserver. It
// returns a fingerprint.
func probe(c *dns.Client, addr string, f *fingerprint) *fingerprint {
m := f.msg()
r, err := c.Exchange(m, addr)
if err != nil {
return errorToFingerprint(err)
}
return toFingerprint(r)
}
// Get the key from the DNS (uses the local resolver) and return them.
// If nothing is found we return nil
func getKey(name string, keytag uint16, server string, tcp bool) *dns.RR_DNSKEY {
c := new(dns.Client)
if tcp {
c.Net = "tcp"
}
m := new(dns.Msg)
m.SetQuestion(name, dns.TypeDNSKEY)
m.SetEdns0(4096, true)
r, err := c.Exchange(m, server)
if err != nil {
return nil
}
for _, k := range r.Answer {
if k1, ok := k.(*dns.RR_DNSKEY); ok {
if k1.KeyTag() == keytag {
return k1
}
}
}
return nil
}