Example #1
0
// LookupDNSSEC sends the provided DNS message to a randomly chosen server (see
// ExchangeOne) with DNSSEC enabled. If the lookup fails, this method sends a
// clarification query to determine if it's because DNSSEC was invalid or just
// a run-of-the-mill error. If it's because of DNSSEC, it returns ErrorDNSSEC.
func (dnsResolver *DNSResolver) LookupDNSSEC(m *dns.Msg) (*dns.Msg, time.Duration, error) {
	// Set DNSSEC OK bit
	m.SetEdns0(4096, true)
	r, rtt, err := dnsResolver.ExchangeOne(m)
	if err != nil {
		return r, rtt, err
	}

	if r.Rcode != dns.RcodeSuccess && r.Rcode != dns.RcodeNameError && r.Rcode != dns.RcodeNXRrset {
		if r.Rcode == dns.RcodeServerFailure {
			// Re-send query with +cd to see if SERVFAIL was caused by DNSSEC
			// validation failure at the resolver
			m.CheckingDisabled = true
			checkR, _, err := dnsResolver.ExchangeOne(m)
			if err != nil {
				return r, rtt, err
			}

			if checkR.Rcode != dns.RcodeServerFailure {
				// DNSSEC error, so we return the testable object.
				err = DNSSECError{}
				return r, rtt, err
			}
		}
		err = fmt.Errorf("Invalid response code: %d-%s", r.Rcode, dns.RcodeToString[r.Rcode])
		return r, rtt, err
	}

	return r, rtt, err
}