Ejemplo n.º 1
0
func checkNS(ns *Nameserver, fqdn, fieldPrefix string) (errs map[string][]string) {
	errs = make(map[string][]string)

	msg := new(dns.Msg)
	msg.SetQuestion(fqdn, dns.TypeSOA)
	msg.RecursionDesired = false

	server := ns.Name
	if strings.HasSuffix(ns.Name, fqdn) {
		server = ns.Glue
	}

	client := new(dns.Client)
	response, _, err := client.Exchange(msg, server+":53")

	if err == nil {
		if !response.Authoritative || len(response.Answer) == 0 {
			errs[fieldPrefix] = append(errs[fieldPrefix], "Not authoritative for domain!")
		}

	} else {
		log.Printf("Error while querying %s [%s]. Details: %s", ns.Name, ns.Glue, err.Error())
		errs[fieldPrefix] = append(errs[fieldPrefix], "Fail to query server!")
	}

	return
}
Ejemplo n.º 2
0
// Retrieve the MX records for miek.nl.
func ExampleMX() {
	config, _ := dns.ClientConfigFromFile("/etc/resolv.conf")
	c := new(dns.Client)
	m := new(dns.Msg)
	m.SetQuestion("miek.nl.", dns.TypeMX)
	m.RecursionDesired = true
	r, _, err := c.Exchange(m, config.Servers[0]+":"+config.Port)
	if err != nil {
		return
	}
	if r.Rcode != dns.RcodeSuccess {
		return
	}
	for _, a := range r.Answer {
		if mx, ok := a.(*dns.MX); ok {
			fmt.Printf("%s\n", mx.String())
		}
	}
}
Ejemplo n.º 3
0
// Retrieve the DNSKEY records of a zone and convert them
// to DS records for SHA1, SHA256 and SHA384.
func ExampleDS(zone string) {
	config, _ := dns.ClientConfigFromFile("/etc/resolv.conf")
	c := new(dns.Client)
	m := new(dns.Msg)
	if zone == "" {
		zone = "miek.nl"
	}
	m.SetQuestion(dns.Fqdn(zone), dns.TypeDNSKEY)
	m.SetEdns0(4096, true)
	r, _, err := c.Exchange(m, config.Servers[0]+":"+config.Port)
	if err != nil {
		return
	}
	if r.Rcode != dns.RcodeSuccess {
		return
	}
	for _, k := range r.Answer {
		if key, ok := k.(*dns.DNSKEY); ok {
			for _, alg := range []uint8{dns.SHA1, dns.SHA256, dns.SHA384} {
				fmt.Printf("%s; %d\n", key.ToDS(alg).String(), key.Flags)
			}
		}
	}
}
Ejemplo n.º 4
0
func checkDSs(DSs []*DS, ns *Nameserver, fqdn string) (errs map[string][]string) {
	if len(ns.Name) == 0 {
		// Don't need to check DS if the nameserver is empty
		return
	}

	errs = make(map[string][]string)

	msg := new(dns.Msg)
	msg.SetQuestion(fqdn, dns.TypeDNSKEY)
	msg.RecursionDesired = false

	server := ns.Name
	if strings.HasSuffix(ns.Name, fqdn) {
		server = ns.Glue
	}

	client := new(dns.Client)
	response, _, err := client.Exchange(msg, server+":53")

	if err != nil {
		log.Printf("Error while querying DNSKEY in %s [%s]. Details: %s", ns.Name, ns.Glue, err.Error())
		errs["ds0-keytag"] = append(errs["ds0-keytag"], "Fail to query server "+ns.Name+"!")
		errs["ds1-keytag"] = append(errs["ds1-keytag"], "Fail to query server "+ns.Name+"!")
		return
	}

	if response.Truncated {
		client.Net = "tcp"
		response, _, err = client.Exchange(msg, server+":53")

		if err != nil {
			log.Printf("Error while querying DNSKEY in %s [%s]. Details: %s", ns.Name, ns.Glue, err.Error())
			errs["ds0-keytag"] = append(errs["ds0-keytag"], "Fail to query server "+ns.Name+"!")
			errs["ds1-keytag"] = append(errs["ds1-keytag"], "Fail to query server "+ns.Name+"!")
			return
		}
	}

	ds1 := DSs[0]
	ds2 := DSs[1]
	foundDS1 := false
	foundDS2 := false

	for _, rr := range response.Answer {
		if rr.Header().Rrtype == dns.TypeDNSKEY {
			dnskeyRR := rr.(*dns.DNSKEY)

			if int(dnskeyRR.KeyTag()) == ds1.KeyTag {
				foundDS1 = true

				ds := dnskeyRR.ToDS(ds1.DigestType)
				if int(ds.Algorithm) != ds1.Algorithm {
					errs["ds0-algorithm"] = append(errs["ds0-algorithm"], "Algorithm does not match with DNSKEY in "+ns.Name)
				} else if strings.ToUpper(ds.Digest) != ds1.Digest {
					errs["ds0-digest"] = append(errs["ds0-digest"], "Digest does not match with DNSKEY in "+ns.Name)
				} else if dnskeyRR.Flags&dns.SEP == 0 {
					errs["ds0-keytag"] = append(errs["ds0-keytag"], "DNSKEY is not a SEP in "+ns.Name)
				}

			}

			if int(dnskeyRR.KeyTag()) == ds2.KeyTag {
				foundDS2 = true

				ds := dnskeyRR.ToDS(ds2.DigestType)
				if int(ds.Algorithm) != ds2.Algorithm {
					errs["ds1-algorithm"] = append(errs["ds1-algorithm"], "Algorithm does not match with DNSKEY in "+ns.Name)
				} else if strings.ToUpper(ds.Digest) != ds2.Digest {
					errs["ds1-digest"] = append(errs["ds1-digest"], "Digest does not match with DNSKEY in "+ns.Name)
				} else if dnskeyRR.Flags&dns.SEP == 0 {
					errs["ds1-keytag"] = append(errs["ds1-keytag"], "DNSKEY is not a SEP in "+ns.Name)
				}

			}
		}
	}

	if !foundDS1 && len(ds1.Digest) > 0 {
		errs["ds0-keytag"] = append(errs["ds0-keytag"], "Related DNSKEY not found in "+ns.Name)
	}

	if !foundDS2 && len(ds2.Digest) > 0 {
		errs["ds1-keytag"] = append(errs["ds1-keytag"], "Related DNSKEY not found in "+ns.Name)
	}

	return
}