// Build the domain object doing a DNS query. To this function works the domain must be
// registered correctly and delegated in the DNS tree
func (h *DomainVerificationHandler) queryDomain(w http.ResponseWriter, r *http.Request) {
	domain, err := scan.QueryDomain(h.FQDN)
	if err != nil {
		log.Println("Error while resolving FQDN. Details:", err)
		w.WriteHeader(http.StatusInternalServerError)
		return
	}

	w.WriteHeader(http.StatusOK)
	domainResponse := protocol.ToDomainResponse(domain, false)
	h.Response = &domainResponse
}
Beispiel #2
0
// We are now using a real open resolver (from DNS watch - http://dns.watch) to retrieve a domain
// with DNSSEC problems in the chain-of-trust. We replaced DNS OARC because it was giving to much
// timeout (maybe was under attack)
func domainQueryWithDNSSECErrors() {
	config.ShelterConfig.Scan.Resolver.Address = "84.200.69.80"
	config.ShelterConfig.Scan.Resolver.Port = 53

	domain, err := scan.QueryDomain("dnssec-failed.org.")
	if err != nil {
		utils.Fatalln("Error retrieving domain", err)
	}

	if len(domain.Nameservers) != 5 {
		utils.Fatalln(fmt.Sprintf("Not returning the correct number of nameservers. "+
			"Expected %d and got %d", 5, len(domain.Nameservers)), nil)
	}

	// We have 2 DNSKEYS but only one has the bit SEP on for the domain dnssec-failed.org.
	if len(domain.DSSet) != 1 {
		utils.Fatalln(fmt.Sprintf("Not returning the correct number of DS records. "+
			"Expected %d and got %d", 1, len(domain.DSSet)), nil)
	}
}
Beispiel #3
0
func domainQuery() {
	_, dnskey, rrsig, _, _ := generateAndSignDomain("example.com.br.")

	dns.HandleFunc("example.com.br.", func(w dns.ResponseWriter, dnsRequestMessage *dns.Msg) {
		defer w.Close()

		if dnsRequestMessage.Question[0].Qtype == dns.TypeNS {
			dnsResponseMessage := &dns.Msg{
				MsgHdr:   dns.MsgHdr{},
				Question: dnsRequestMessage.Question,
				Answer: []dns.RR{
					&dns.NS{
						Hdr: dns.RR_Header{
							Name:   "example.com.br.",
							Rrtype: dns.TypeNS,
							Class:  dns.ClassINET,
							Ttl:    86400,
						},
						Ns: "ns1.example.com.br.",
					},
				},
			}
			dnsResponseMessage.SetReply(dnsRequestMessage)
			w.WriteMsg(dnsResponseMessage)

		} else if dnsRequestMessage.Question[0].Qtype == dns.TypeDNSKEY {
			dnsResponseMessage := &dns.Msg{
				MsgHdr: dns.MsgHdr{
					Authoritative: true,
				},
				Question: dnsRequestMessage.Question,
				Answer: []dns.RR{
					dnskey,
					rrsig,
				},
			}
			dnsResponseMessage.SetReply(dnsRequestMessage)
			w.WriteMsg(dnsResponseMessage)
		}
	})

	dns.HandleFunc("ns1.example.com.br.", func(w dns.ResponseWriter, dnsRequestMessage *dns.Msg) {
		defer w.Close()

		if dnsRequestMessage.Question[0].Qtype == dns.TypeA {
			dnsResponseMessage := &dns.Msg{
				MsgHdr: dns.MsgHdr{
					Authoritative: true,
				},
				Question: dnsRequestMessage.Question,
				Answer: []dns.RR{
					&dns.A{
						Hdr: dns.RR_Header{
							Name:   "ns1.example.com.br.",
							Rrtype: dns.TypeA,
							Class:  dns.ClassINET,
							Ttl:    86400,
						},
						A: net.ParseIP("127.0.0.1"),
					},
				},
			}
			dnsResponseMessage.SetReply(dnsRequestMessage)
			w.WriteMsg(dnsResponseMessage)

		} else if dnsRequestMessage.Question[0].Qtype == dns.TypeAAAA {
			dnsResponseMessage := &dns.Msg{
				MsgHdr: dns.MsgHdr{
					Authoritative: true,
				},
				Question: dnsRequestMessage.Question,
				Answer: []dns.RR{
					&dns.AAAA{
						Hdr: dns.RR_Header{
							Name:   "ns1.example.com.br.",
							Rrtype: dns.TypeAAAA,
							Class:  dns.ClassINET,
							Ttl:    86400,
						},
						AAAA: net.ParseIP("::1"),
					},
				},
			}
			dnsResponseMessage.SetReply(dnsRequestMessage)
			w.WriteMsg(dnsResponseMessage)
		}
	})

	domain, err := scan.QueryDomain("example.com.br.")
	if err != nil {
		utils.Fatalln("Error resolving a domain", err)
	}

	if domain.FQDN != "example.com.br." {
		utils.Fatalln("Did not set FQDN properly in domain query", nil)
	}

	if len(domain.Nameservers) != 1 {
		println(len(domain.Nameservers))
		utils.Fatalln("Did not return the desired nameservers in domain query", nil)
	}

	if domain.Nameservers[0].Host != "ns1.example.com.br." {
		utils.Fatalln("Did not set a valid host in domain query", nil)
	}

	if domain.Nameservers[0].IPv4.String() != "127.0.0.1" {
		utils.Fatalln("Did not set a valid IPv4 in domain query", nil)
	}

	if domain.Nameservers[0].IPv6.String() != "::1" {
		utils.Fatalln("Did not set a valid IPv6 in domain query", nil)
	}

	if len(domain.DSSet) != 1 {
		utils.Fatalln("Did not return the desired DS set in domain query", nil)
	}

	if domain.DSSet[0].Keytag != dnskey.KeyTag() {
		utils.Fatalln("Did not set a valid keytag in domain query", nil)
	}

	if domain.DSSet[0].Algorithm != model.DSAlgorithm(dnskey.Algorithm) {
		utils.Fatalln("Did not set a valid algorithm in domain query", nil)
	}
}