func (r *DNSProvider) changeRecord(action, fqdn, value string, ttl int) error {
// Find the zone for the given fqdn
zone, err := acme.FindZoneByFqdn(fqdn, []string{r.nameserver})
if err != nil {
return err
}
// Create RR
rr := new(dns.TXT)
rr.Hdr = dns.RR_Header{Name: fqdn, Rrtype: dns.TypeTXT, Class: dns.ClassINET, Ttl: uint32(ttl)}
rr.Txt = []string{value}
rrs := []dns.RR{rr}
// Create dynamic update packet
m := new(dns.Msg)
m.SetUpdate(zone)
switch action {
case "INSERT":
// Always remove old challenge left over from who knows what.
m.RemoveRRset(rrs)
m.Insert(rrs)
case "REMOVE":
m.Remove(rrs)
default:
return fmt.Errorf("Unexpected action: %s", action)
}
// Setup client
c := new(dns.Client)
c.SingleInflight = true
// TSIG authentication / msg signing
if len(r.tsigKey) > 0 && len(r.tsigSecret) > 0 {
m.SetTsig(dns.Fqdn(r.tsigKey), r.tsigAlgorithm, 300, time.Now().Unix())
c.TsigSecret = map[string]string{dns.Fqdn(r.tsigKey): r.tsigSecret}
}
// Send the query
reply, _, err := c.Exchange(m, r.nameserver)
if err != nil {
return fmt.Errorf("DNS update failed: %v", err)
}
if reply != nil && reply.Rcode != dns.RcodeSuccess {
return fmt.Errorf("DNS update failed. Server replied: %s", dns.RcodeToString[reply.Rcode])
}
return nil
}
// Dynamically remove a full set of RR records stored in DNS
func (s *Service) RemoveName(zone string, rr []dns.RR) error {
m := new(dns.Msg)
m.SetUpdate(zone)
m.SetTsig(dns.Fqdn(s.Key), dns.HmacMD5, 300, time.Now().Unix())
m.RemoveName(rr)
h, err := s.ServerPort()
if err != nil {
return err
}
c := new(dns.Client)
c.TsigSecret = map[string]string{dns.Fqdn(s.Key): s.Secret}
r, _, err := c.Exchange(m, h)
if err != nil {
return err
}
if r.Rcode != dns.RcodeSuccess {
return errors.New(fmt.Sprintf("invalid exchange answer"))
}
return nil
}
func (r *RFC2136Provider) list() ([]dns.RR, error) {
logrus.Debugf("Fetching records for '%s'", r.zoneName)
t := new(dns.Transfer)
t.TsigSecret = map[string]string{r.tsigKeyName: r.tsigSecret}
m := new(dns.Msg)
m.SetAxfr(r.zoneName)
m.SetTsig(r.tsigKeyName, dns.HmacMD5, 300, time.Now().Unix())
env, err := t.In(m, r.nameserver)
if err != nil {
return nil, fmt.Errorf("Failed to fetch records via AXFR: %v", err)
}
records := make([]dns.RR, 0)
for e := range env {
if e.Error != nil {
logrus.Errorf("AXFR envelope error: %v", e.Error)
continue
}
records = append(records, e.RR...)
}
return records, nil
}
func handleDNSRequest(w dns.ResponseWriter, r *dns.Msg) {
if *debug {
Log.Printf("handleRequest: message: %+v\n", r)
}
m := new(dns.Msg)
m.SetReply(r)
m.Compress = false
switch r.Opcode {
case dns.OpcodeQuery:
parseQuery(m)
case dns.OpcodeUpdate:
for _, question := range r.Question {
for _, rr := range r.Ns {
updateRecord(rr, &question)
}
}
}
if r.IsTsig() != nil {
if w.TsigStatus() == nil {
m.SetTsig(r.Extra[len(r.Extra)-1].(*dns.TSIG).Hdr.Name,
dns.HmacMD5, 300, time.Now().Unix())
} else {
Log.Println("Status", w.TsigStatus().Error())
}
}
w.WriteMsg(m)
}
func formerr(w dns.ResponseWriter, req *dns.Msg) {
m := new(dns.Msg)
m.MsgHdr.Opcode = dns.OpcodeUpdate
if req.IsTsig() != nil {
m.SetTsig(userFromTsig(req), dns.HmacMD5, 300, time.Now().Unix())
}
w.WriteMsg(m.SetRcode(req, dns.RcodeFormatError))
}
// Deal with the zone options
func configZONE(w dns.ResponseWriter, req *dns.Msg, t *dns.TXT, c *Config) error {
sx := strings.Split(t.Txt[0], " ")
if len(sx) == 0 {
return nil
}
switch strings.ToUpper(sx[0]) {
case "READ":
if len(sx) != 3 {
return nil
}
logPrintf("config READ %s %s\n", dns.Fqdn(sx[1]), sx[2])
if e := c.ReadZoneFile(dns.Fqdn(sx[1]), sx[2]); e != nil {
logPrintf("failed to read %s: %s\n", sx[2], e.Error())
return e
}
logPrintf("config added: READ %s %s\n", dns.Fqdn(sx[1]), sx[2])
noerr(w, req)
case "READXFR":
if len(sx) != 3 {
return nil
}
logPrintf("config READXFR %s %s\n", dns.Fqdn(sx[1]), sx[2])
if e := c.ReadZoneXfr(dns.Fqdn(sx[1]), sx[2]); e != nil {
logPrintf("failed to axfr %s: %s\n", sx[2], e.Error())
return e
}
logPrintf("config added: READXFR %s %s\n", dns.Fqdn(sx[1]), sx[2])
noerr(w, req)
case "DROP":
if len(sx) != 2 {
return nil
}
logPrintf("config DROP %s\n", dns.Fqdn(sx[1]))
if e := c.DropZone(dns.Fqdn(sx[1])); e != nil {
logPrintf("Failed to drop %s: %s\n", dns.Fqdn(sx[1]), e.Error())
return e
}
logPrintf("config dropped: DROP %s\n", dns.Fqdn(sx[1]))
noerr(w, req)
case "LIST":
logPrintf("config LIST\n")
m := new(dns.Msg)
m.SetReply(req)
// Add the zones to the additional section
for zone, _ := range c.Zones {
a, _ := dns.NewRR("ZONE. TXT \"" + zone + "\"")
m.Extra = append(m.Extra, a)
}
m.SetTsig(userFromTsig(req), dns.HmacMD5, 300, time.Now().Unix())
w.WriteMsg(m)
}
return nil
}
func serverHandlerReturnSuccess(w dns.ResponseWriter, req *dns.Msg) {
m := new(dns.Msg)
m.SetReply(req)
if t := req.IsTsig(); t != nil {
if w.TsigStatus() == nil {
// Validated
m.SetTsig(rfc2136TestZone, dns.HmacMD5, 300, time.Now().Unix())
}
}
w.WriteMsg(m)
}
func (r *RFC2136Provider) sendMessage(msg *dns.Msg) error {
c := new(dns.Client)
c.TsigSecret = map[string]string{r.tsigKeyName: r.tsigSecret}
c.SingleInflight = true
msg.SetTsig(r.tsigKeyName, dns.HmacMD5, 300, time.Now().Unix())
resp, _, err := c.Exchange(msg, r.nameserver)
if err != nil {
return err
}
if resp != nil && resp.Rcode != dns.RcodeSuccess {
return fmt.Errorf("Bad return code: %s", dns.RcodeToString[resp.Rcode])
}
return nil
}
func serverHandlerReturnSuccess(w dns.ResponseWriter, req *dns.Msg) {
m := new(dns.Msg)
m.SetReply(req)
if req.Opcode == dns.OpcodeQuery && req.Question[0].Qtype == dns.TypeSOA && req.Question[0].Qclass == dns.ClassINET {
// Return SOA to appease findZoneByFqdn()
soaRR, _ := dns.NewRR(fmt.Sprintf("%s %d IN SOA ns1.%s admin.%s 2016022801 28800 7200 2419200 1200", rfc2136TestZone, rfc2136TestTTL, rfc2136TestZone, rfc2136TestZone))
m.Answer = []dns.RR{soaRR}
}
if t := req.IsTsig(); t != nil {
if w.TsigStatus() == nil {
// Validated
m.SetTsig(rfc2136TestZone, dns.HmacMD5, 300, time.Now().Unix())
}
}
w.WriteMsg(m)
}
func (d *DNSResponder) handleDNS(w dns.ResponseWriter, r *dns.Msg) {
var (
v4 bool
rr dns.RR
a net.IP
)
dom := r.Question[0].Name
m := new(dns.Msg)
m.SetReply(r)
if ip, ok := w.RemoteAddr().(*net.UDPAddr); ok {
a = ip.IP
v4 = a.To4() != nil
}
if ip, ok := w.RemoteAddr().(*net.TCPAddr); ok {
a = ip.IP
v4 = a.To4() != nil
}
if v4 {
rr = new(dns.A)
rr.(*dns.A).Hdr = dns.RR_Header{Name: dom, Rrtype: dns.TypeA, Class: dns.ClassINET, Ttl: 0}
rr.(*dns.A).A = a.To4()
} else {
rr = new(dns.AAAA)
rr.(*dns.AAAA).Hdr = dns.RR_Header{Name: dom, Rrtype: dns.TypeAAAA, Class: dns.ClassINET, Ttl: 0}
rr.(*dns.AAAA).AAAA = a
}
switch r.Question[0].Qtype {
case dns.TypeAAAA, dns.TypeA:
m.Answer = append(m.Answer, rr)
}
if r.IsTsig() != nil {
if w.TsigStatus() == nil {
m.SetTsig(r.Extra[len(r.Extra)-1].(*dns.TSIG).Hdr.Name, dns.HmacMD5, 300, time.Now().Unix())
}
}
w.WriteMsg(m)
}
func (r *DNSProviderRFC2136) changeRecord(action, fqdn, value string, ttl int) error {
// Create RR
rr := new(dns.TXT)
rr.Hdr = dns.RR_Header{Name: fqdn, Rrtype: dns.TypeTXT, Class: dns.ClassINET, Ttl: uint32(ttl)}
rr.Txt = []string{value}
rrs := make([]dns.RR, 1)
rrs[0] = rr
// Create dynamic update packet
m := new(dns.Msg)
m.SetUpdate(dns.Fqdn(r.zone))
switch action {
case "INSERT":
m.Insert(rrs)
case "REMOVE":
m.Remove(rrs)
default:
return fmt.Errorf("Unexpected action: %s", action)
}
// Setup client
c := new(dns.Client)
c.SingleInflight = true
// TSIG authentication / msg signing
if len(r.tsigKey) > 0 && len(r.tsigSecret) > 0 {
m.SetTsig(dns.Fqdn(r.tsigKey), dns.HmacMD5, 300, time.Now().Unix())
c.TsigSecret = map[string]string{dns.Fqdn(r.tsigKey): r.tsigSecret}
}
// Send the query
reply, _, err := c.Exchange(m, r.nameserver)
if err != nil {
return fmt.Errorf("DNS update failed: %v", err)
}
if reply != nil && reply.Rcode != dns.RcodeSuccess {
return fmt.Errorf("DNS update failed. Server replied: %s", dns.RcodeToString[reply.Rcode])
}
return nil
}
// base handler for dns server
func dnsHandler(w dns.ResponseWriter, request *dns.Msg) {
response := new(dns.Msg)
response.SetReply(request)
response.Compress = false
switch request.Opcode {
case dns.OpcodeQuery:
for _, q := range response.Question {
if readRR, e := getRecord(q.Name, q.Qtype); e == nil {
rr := readRR.(dns.RR)
if rr.Header().Name == q.Name {
response.Answer = append(response.Answer, rr)
}
}
}
case dns.OpcodeUpdate:
if request.IsTsig() != nil && w.TsigStatus() == nil {
for _, question := range request.Question {
for _, rr := range request.Ns {
updateRecord(rr, &question)
}
}
} else {
log.Println("droping update without tsig or with bad sig")
}
}
if request.IsTsig() != nil {
if w.TsigStatus() == nil {
response.SetTsig(request.Extra[len(request.Extra)-1].(*dns.TSIG).Hdr.Name, dns.HmacMD5, 300, time.Now().Unix())
} else {
log.Println("Status: ", w.TsigStatus().Error())
}
}
w.WriteMsg(response)
}
func handleReflect(w dns.ResponseWriter, r *dns.Msg) {
var (
v4 bool
rr dns.RR
str string
a net.IP
)
// TC must be done here
m := new(dns.Msg)
m.SetReply(r)
m.Compress = *compress
if ip, ok := w.RemoteAddr().(*net.UDPAddr); ok {
str = "Port: " + strconv.Itoa(ip.Port) + " (udp)"
a = ip.IP
v4 = a.To4() != nil
}
if ip, ok := w.RemoteAddr().(*net.TCPAddr); ok {
str = "Port: " + strconv.Itoa(ip.Port) + " (tcp)"
a = ip.IP
v4 = a.To4() != nil
}
if v4 {
rr = new(dns.RR_A)
rr.(*dns.RR_A).Hdr = dns.RR_Header{Name: dom, Rrtype: dns.TypeA, Class: dns.ClassINET, Ttl: 0}
rr.(*dns.RR_A).A = a.To4()
} else {
rr = new(dns.RR_AAAA)
rr.(*dns.RR_AAAA).Hdr = dns.RR_Header{Name: dom, Rrtype: dns.TypeAAAA, Class: dns.ClassINET, Ttl: 0}
rr.(*dns.RR_AAAA).AAAA = a
}
t := new(dns.RR_TXT)
t.Hdr = dns.RR_Header{Name: dom, Rrtype: dns.TypeTXT, Class: dns.ClassINET, Ttl: 0}
t.Txt = []string{str}
switch r.Question[0].Qtype {
case dns.TypeAXFR:
c := make(chan *dns.XfrToken)
var e *error
if err := dns.XfrSend(w, r, c, e); err != nil {
close(c)
return
}
soa, _ := dns.NewRR(`whoami.miek.nl. IN SOA elektron.atoom.net. miekg.atoom.net. (
2009032802
21600
7200
604800
3600)`)
c <- &dns.XfrToken{RR: []dns.RR{soa, t, rr, soa}}
close(c)
w.Hijack()
// w.Close() // Client closes
return
case dns.TypeTXT:
m.Answer = append(m.Answer, t)
m.Extra = append(m.Extra, rr)
default:
fallthrough
case dns.TypeAAAA, dns.TypeA:
m.Answer = append(m.Answer, rr)
m.Extra = append(m.Extra, t)
}
if r.IsTsig() != nil {
if w.TsigStatus() == nil {
m.SetTsig(r.Extra[len(r.Extra)-1].(*dns.RR_TSIG).Hdr.Name, dns.HmacMD5, 300, time.Now().Unix())
} else {
println("Status", w.TsigStatus().Error())
}
}
if *printf {
fmt.Printf("%v\n", m.String())
}
w.Write(m)
}
func noerr(w dns.ResponseWriter, req *dns.Msg) {
m := new(dns.Msg)
m.MsgHdr.Opcode = dns.OpcodeUpdate
m.SetTsig(userFromTsig(req), dns.HmacMD5, 300, time.Now().Unix())
w.WriteMsg(m.SetReply(req))
}
func main() {
short = flag.Bool("short", false, "abbreviate long DNSSEC records")
dnssec := flag.Bool("dnssec", false, "request DNSSEC records")
query := flag.Bool("question", false, "show question")
check := flag.Bool("check", false, "check internal DNSSEC consistency")
six := flag.Bool("6", false, "use IPv6 only")
four := flag.Bool("4", false, "use IPv4 only")
anchor := flag.String("anchor", "", "use the DNSKEY in this file as trust anchor")
tsig := flag.String("tsig", "", "request tsig with key: [hmac:]name:key")
port := flag.Int("port", 53, "port number to use")
aa := flag.Bool("aa", false, "set AA flag in query")
ad := flag.Bool("ad", false, "set AD flag in query")
cd := flag.Bool("cd", false, "set CD flag in query")
rd := flag.Bool("rd", true, "set RD flag in query")
fallback := flag.Bool("fallback", false, "fallback to 4096 bytes bufsize and after that TCP")
tcp := flag.Bool("tcp", false, "TCP mode, multiple queries are asked over the same connection")
nsid := flag.Bool("nsid", false, "set edns nsid option")
client := flag.String("client", "", "set edns client-subnet option")
clientdraftcode := flag.Bool("clientdraft", false, "set edns client-subnet option using the draft option code")
opcode := flag.String("opcode", "query", "set opcode to query|update|notify")
rcode := flag.String("rcode", "success", "set rcode to noerror|formerr|nxdomain|servfail|...")
//serial := flag.Int("serial", 0, "perform an IXFR with this serial")
flag.Usage = func() {
fmt.Fprintf(os.Stderr, "Usage: %s [options] [@server] [qtype...] [qclass...] [name ...]\n", os.Args[0])
flag.PrintDefaults()
}
var (
qtype []uint16
qclass []uint16
qname []string
)
flag.Parse()
if *anchor != "" {
f, err := os.Open(*anchor)
if err != nil {
fmt.Fprintf(os.Stderr, "Failure to open %s: %s\n", *anchor, err.Error())
}
r, err := dns.ReadRR(f, *anchor)
if err != nil {
fmt.Fprintf(os.Stderr, "Failure to read an RR from %s: %s\n", *anchor, err.Error())
}
if k, ok := r.(*dns.DNSKEY); !ok {
fmt.Fprintf(os.Stderr, "No DNSKEY read from %s\n", *anchor)
} else {
dnskey = k
}
}
var nameserver string
Flags:
for i := 0; i < flag.NArg(); i++ {
// If it starts with @ it is a nameserver
if flag.Arg(i)[0] == '@' {
nameserver = flag.Arg(i)
continue Flags
}
// First class, then type, to make ANY queries possible
// And if it looks like type, it is a type
if k, ok := dns.StringToType[strings.ToUpper(flag.Arg(i))]; ok {
qtype = append(qtype, k)
continue Flags
}
// If it looks like a class, it is a class
if k, ok := dns.StringToClass[strings.ToUpper(flag.Arg(i))]; ok {
qclass = append(qclass, k)
continue Flags
}
// If it starts with TYPExxx it is unknown rr
if strings.HasPrefix(flag.Arg(i), "TYPE") {
i, e := strconv.Atoi(string([]byte(flag.Arg(i))[4:]))
if e == nil {
qtype = append(qtype, uint16(i))
continue Flags
}
}
// If it starts with CLASSxxx it is unknown class
if strings.HasPrefix(flag.Arg(i), "CLASS") {
i, e := strconv.Atoi(string([]byte(flag.Arg(i))[5:]))
if e == nil {
qclass = append(qclass, uint16(i))
continue Flags
}
}
// Anything else is a qname
qname = append(qname, flag.Arg(i))
}
if len(qname) == 0 {
qname = []string{"."}
if len(qtype) == 0 {
qtype = append(qtype, dns.TypeNS)
}
}
if len(qtype) == 0 {
qtype = append(qtype, dns.TypeA)
}
if len(qclass) == 0 {
qclass = append(qclass, dns.ClassINET)
}
if len(nameserver) == 0 {
conf, err := dns.ClientConfigFromFile("/etc/resolv.conf")
if err != nil {
fmt.Fprintln(os.Stderr, err)
os.Exit(2)
}
nameserver = "@" + conf.Servers[0]
}
nameserver = string([]byte(nameserver)[1:]) // chop off @
// if the nameserver is from /etc/resolv.conf the [ and ] are already
// added, thereby breaking net.ParseIP. Check for this and don't
// fully qualify such a name
if nameserver[0] == '[' && nameserver[len(nameserver)-1] == ']' {
nameserver = nameserver[1 : len(nameserver)-1]
}
if i := net.ParseIP(nameserver); i != nil {
nameserver = net.JoinHostPort(nameserver, strconv.Itoa(*port))
} else {
nameserver = dns.Fqdn(nameserver) + ":" + strconv.Itoa(*port)
}
c := new(dns.Client)
t := new(dns.Transfer)
c.Net = "udp"
if *four {
c.Net = "udp4"
}
if *six {
c.Net = "udp6"
}
if *tcp {
c.Net = "tcp"
if *four {
c.Net = "tcp4"
}
if *six {
c.Net = "tcp6"
}
}
m := new(dns.Msg)
m.MsgHdr.Authoritative = *aa
m.MsgHdr.AuthenticatedData = *ad
m.MsgHdr.CheckingDisabled = *cd
m.MsgHdr.RecursionDesired = *rd
m.Question = make([]dns.Question, 1)
m.Opcode = dns.OpcodeQuery
if op, ok := dns.StringToOpcode[strings.ToUpper(*opcode)]; ok {
m.Opcode = op
}
m.Rcode = dns.RcodeSuccess
if rc, ok := dns.StringToRcode[strings.ToUpper(*rcode)]; ok {
m.Rcode = rc
}
if *dnssec || *nsid || *client != "" {
o := new(dns.OPT)
o.Hdr.Name = "."
o.Hdr.Rrtype = dns.TypeOPT
if *dnssec {
o.SetDo()
o.SetUDPSize(dns.DefaultMsgSize)
}
if *nsid {
e := new(dns.EDNS0_NSID)
e.Code = dns.EDNS0NSID
o.Option = append(o.Option, e)
// NSD will not return nsid when the udp message size is too small
o.SetUDPSize(dns.DefaultMsgSize)
}
if *client != "" {
e := new(dns.EDNS0_SUBNET)
e.Code = dns.EDNS0SUBNET
if *clientdraftcode {
e.DraftOption = true
}
e.SourceScope = 0
e.Address = net.ParseIP(*client)
if e.Address == nil {
fmt.Fprintf(os.Stderr, "Failure to parse IP address: %s\n", *client)
return
}
e.Family = 1 // IP4
e.SourceNetmask = net.IPv4len * 8
if e.Address.To4() == nil {
e.Family = 2 // IP6
e.SourceNetmask = net.IPv6len * 8
}
o.Option = append(o.Option, e)
}
m.Extra = append(m.Extra, o)
}
if *tcp {
co := new(dns.Conn)
tcp := "tcp"
if *six {
tcp = "tcp6"
}
var err error
if co.Conn, err = net.DialTimeout(tcp, nameserver, 2*time.Second); err != nil {
fmt.Fprintf(os.Stderr, "Dialing "+nameserver+" failed: "+err.Error()+"\n")
return
}
defer co.Close()
qt := dns.TypeA
qc := uint16(dns.ClassINET)
for i, v := range qname {
if i < len(qtype) {
qt = qtype[i]
}
if i < len(qclass) {
qc = qclass[i]
}
m.Question[0] = dns.Question{dns.Fqdn(v), qt, qc}
m.Id = dns.Id()
if *tsig != "" {
if algo, name, secret, ok := tsigKeyParse(*tsig); ok {
m.SetTsig(name, algo, 300, time.Now().Unix())
c.TsigSecret = map[string]string{name: secret}
t.TsigSecret = map[string]string{name: secret}
} else {
fmt.Fprintf(os.Stderr, ";; TSIG key data error\n")
continue
}
}
co.SetReadDeadline(time.Now().Add(2 * time.Second))
co.SetWriteDeadline(time.Now().Add(2 * time.Second))
if *query {
fmt.Printf("%s", m.String())
fmt.Printf("\n;; size: %d bytes\n\n", m.Len())
}
then := time.Now()
if e := co.WriteMsg(m); e != nil {
fmt.Fprintf(os.Stderr, ";; %s\n", e.Error())
continue
}
r, e := co.ReadMsg()
if e != nil {
fmt.Fprintf(os.Stderr, ";; %s\n", e.Error())
continue
}
rtt := time.Since(then)
if r.Id != m.Id {
fmt.Fprintf(os.Stderr, "Id mismatch\n")
continue
}
if *check {
sigCheck(r, nameserver, true)
denialCheck(r)
fmt.Println()
}
if *short {
r = shortMsg(r)
}
fmt.Printf("%v", r)
fmt.Printf("\n;; query time: %.3d µs, server: %s(%s), size: %d bytes\n", rtt/1e3, nameserver, tcp, r.Len())
}
return
}
qt := dns.TypeA
qc := uint16(dns.ClassINET)
Query:
for i, v := range qname {
if i < len(qtype) {
qt = qtype[i]
}
if i < len(qclass) {
qc = qclass[i]
}
m.Question[0] = dns.Question{dns.Fqdn(v), qt, qc}
m.Id = dns.Id()
if *tsig != "" {
if algo, name, secret, ok := tsigKeyParse(*tsig); ok {
m.SetTsig(name, algo, 300, time.Now().Unix())
c.TsigSecret = map[string]string{name: secret}
t.TsigSecret = map[string]string{name: secret}
} else {
fmt.Fprintf(os.Stderr, "TSIG key data error\n")
continue
}
}
if *query {
fmt.Printf("%s", m.String())
fmt.Printf("\n;; size: %d bytes\n\n", m.Len())
}
if qt == dns.TypeAXFR || qt == dns.TypeIXFR {
env, err := t.In(m, nameserver)
if err != nil {
fmt.Printf(";; %s\n", err.Error())
continue
}
envelope := 0
record := 0
for e := range env {
if e.Error != nil {
fmt.Printf(";; %s\n", e.Error.Error())
continue Query
}
for _, r := range e.RR {
fmt.Printf("%s\n", r)
}
record += len(e.RR)
envelope++
}
fmt.Printf("\n;; xfr size: %d records (envelopes %d)\n", record, envelope)
continue
}
r, rtt, e := c.Exchange(m, nameserver)
Redo:
if e != nil {
fmt.Printf(";; %s\n", e.Error())
continue
}
if r.Id != m.Id {
fmt.Fprintf(os.Stderr, "Id mismatch\n")
return
}
if r.MsgHdr.Truncated && *fallback {
if !*dnssec {
fmt.Printf(";; Truncated, trying %d bytes bufsize\n", dns.DefaultMsgSize)
o := new(dns.OPT)
o.Hdr.Name = "."
o.Hdr.Rrtype = dns.TypeOPT
o.SetUDPSize(dns.DefaultMsgSize)
m.Extra = append(m.Extra, o)
r, rtt, e = c.Exchange(m, nameserver)
*dnssec = true
goto Redo
} else {
// First EDNS, then TCP
fmt.Printf(";; Truncated, trying TCP\n")
c.Net = "tcp"
r, rtt, e = c.Exchange(m, nameserver)
goto Redo
}
}
if r.MsgHdr.Truncated && !*fallback {
fmt.Printf(";; Truncated\n")
}
if *check {
sigCheck(r, nameserver, *tcp)
denialCheck(r)
fmt.Println()
}
if *short {
r = shortMsg(r)
}
fmt.Printf("%v", r)
fmt.Printf("\n;; query time: %.3d µs, server: %s(%s), size: %d bytes\n", rtt/1e3, nameserver, c.Net, r.Len())
}
}
func main() {
short = flag.Bool("short", false, "abbreviate long DNSSEC records")
dnssec := flag.Bool("dnssec", false, "request DNSSEC records")
query := flag.Bool("question", false, "show question")
check := flag.Bool("check", false, "check internal DNSSEC consistency")
raw := flag.Bool("raw", false, "do not strip 'http://' from the qname")
six := flag.Bool("6", false, "use IPv6 only")
four := flag.Bool("4", false, "use IPv4 only")
anchor := flag.String("anchor", "", "use the DNSKEY in this file for interal DNSSEC consistency")
tsig := flag.String("tsig", "", "request tsig with key: [hmac:]name:key")
port := flag.Int("port", 53, "port number to use")
aa := flag.Bool("aa", false, "set AA flag in query")
ad := flag.Bool("ad", false, "set AD flag in query")
cd := flag.Bool("cd", false, "set CD flag in query")
rd := flag.Bool("rd", true, "set RD flag in query")
fallback := flag.Bool("fallback", false, "fallback to 4096 bytes bufsize and after that TCP")
tcp := flag.Bool("tcp", false, "TCP mode")
nsid := flag.Bool("nsid", false, "set edns nsid option")
client := flag.String("client", "", "set edns client-subnet option")
//serial := flag.Int("serial", 0, "perform an IXFR with this serial")
flag.Usage = func() {
fmt.Fprintf(os.Stderr, "Usage: %s [options] [@server] [qtype] [qclass] [name ...]\n", os.Args[0])
flag.PrintDefaults()
}
qtype := uint16(0)
qclass := uint16(dns.ClassINET)
var qname []string
flag.Parse()
if *anchor != "" {
f, err := os.Open(*anchor)
if err != nil {
fmt.Fprintf(os.Stderr, "Failure to open %s: %s\n", *anchor, err.Error())
}
r, err := dns.ReadRR(f, *anchor)
if err != nil {
fmt.Fprintf(os.Stderr, "Failure to read an RR from %s: %s\n", *anchor, err.Error())
}
if k, ok := r.(*dns.DNSKEY); !ok {
fmt.Fprintf(os.Stderr, "No DNSKEY read from %s\n", *anchor)
} else {
dnskey = k
}
}
var nameserver string
Flags:
for i := 0; i < flag.NArg(); i++ {
// If it starts with @ it is a nameserver
if flag.Arg(i)[0] == '@' {
nameserver = flag.Arg(i)
continue Flags
}
// First class, then type, to make ANY queries possible
// And if it looks like type, it is a type
if k, ok := dns.StringToType[strings.ToUpper(flag.Arg(i))]; ok {
qtype = k
continue Flags
}
// If it looks like a class, it is a class
if k, ok := dns.StringToClass[strings.ToUpper(flag.Arg(i))]; ok {
qclass = k
continue Flags
}
// If it starts with TYPExxx it is unknown rr
if strings.HasPrefix(flag.Arg(i), "TYPE") {
i, e := strconv.Atoi(string([]byte(flag.Arg(i))[4:]))
if e == nil {
qtype = uint16(i)
continue Flags
}
}
// Anything else is a qname
qname = append(qname, flag.Arg(i))
}
if len(qname) == 0 {
qname = make([]string, 1)
qname[0] = "."
qtype = dns.TypeNS
}
if qtype == 0 {
qtype = dns.TypeA
}
if len(nameserver) == 0 {
conf, err := dns.ClientConfigFromFile("/etc/resolv.conf")
if err != nil {
fmt.Fprintln(os.Stderr, err)
os.Exit(2)
}
nameserver = "@" + conf.Servers[0]
}
nameserver = string([]byte(nameserver)[1:]) // chop off @
// if the nameserver is from /etc/resolv.conf the [ and ] are already
// added, thereby breaking net.ParseIP. Check for this and don't
// fully qualify such a name
if nameserver[0] == '[' && nameserver[len(nameserver)-1] == ']' {
nameserver = nameserver[1 : len(nameserver)-1]
}
if i := net.ParseIP(nameserver); i != nil {
nameserver = net.JoinHostPort(nameserver, strconv.Itoa(*port))
} else {
nameserver = dns.Fqdn(nameserver) + ":" + strconv.Itoa(*port)
}
c := new(dns.Client)
if *tcp {
c.Net = "tcp"
if *four {
c.Net = "tcp4"
}
if *six {
c.Net = "tcp6"
}
} else {
c.Net = "udp"
if *four {
c.Net = "udp4"
}
if *six {
c.Net = "udp6"
}
}
m := new(dns.Msg)
m.MsgHdr.Authoritative = *aa
m.MsgHdr.AuthenticatedData = *ad
m.MsgHdr.CheckingDisabled = *cd
m.MsgHdr.RecursionDesired = *rd
m.Question = make([]dns.Question, 1)
if *dnssec || *nsid || *client != "" {
o := new(dns.OPT)
o.Hdr.Name = "."
o.Hdr.Rrtype = dns.TypeOPT
if *dnssec {
o.SetDo()
o.SetUDPSize(dns.DefaultMsgSize)
}
if *nsid {
e := new(dns.EDNS0_NSID)
e.Code = dns.EDNS0NSID
o.Option = append(o.Option, e)
// NSD will not return nsid when the udp message size is too small
o.SetUDPSize(dns.DefaultMsgSize)
}
if *client != "" {
e := new(dns.EDNS0_SUBNET)
e.Code = dns.EDNS0SUBNET
e.SourceScope = 0
e.Address = net.ParseIP(*client)
if e.Address == nil {
fmt.Fprintf(os.Stderr, "Failure to parse IP address: %s\n", *client)
return
}
e.Family = 1 // IP4
e.SourceNetmask = net.IPv4len * 8
if e.Address.To4() == nil {
e.Family = 2 // IP6
e.SourceNetmask = net.IPv6len * 8
}
o.Option = append(o.Option, e)
}
m.Extra = append(m.Extra, o)
}
for _, v := range qname {
if !*raw && strings.HasPrefix(v, "http://") {
v = v[7:]
if v[len(v)-1] == '/' {
v = v[:len(v)-1]
}
}
m.Question[0] = dns.Question{dns.Fqdn(v), qtype, qclass}
m.Id = dns.Id()
// Add tsig
if *tsig != "" {
if algo, name, secret, ok := tsigKeyParse(*tsig); ok {
m.SetTsig(name, algo, 300, time.Now().Unix())
c.TsigSecret = map[string]string{name: secret}
} else {
fmt.Fprintf(os.Stderr, "TSIG key data error\n")
return
}
}
if *query {
fmt.Printf("%s", m.String())
fmt.Printf("\n;; size: %d bytes\n\n", m.Len())
}
if qtype == dns.TypeAXFR {
c.Net = "tcp"
doXfr(c, m, nameserver)
continue
}
if qtype == dns.TypeIXFR {
doXfr(c, m, nameserver)
continue
}
r, rtt, e := c.Exchange(m, nameserver)
Redo:
if e != nil {
fmt.Printf(";; %s\n", e.Error())
continue
}
if r.Id != m.Id {
fmt.Fprintf(os.Stderr, "Id mismatch\n")
return
}
if r.MsgHdr.Truncated && *fallback {
if c.Net != "tcp" {
if !*dnssec {
fmt.Printf(";; Truncated, trying %d bytes bufsize\n", dns.DefaultMsgSize)
o := new(dns.OPT)
o.Hdr.Name = "."
o.Hdr.Rrtype = dns.TypeOPT
o.SetUDPSize(dns.DefaultMsgSize)
m.Extra = append(m.Extra, o)
r, rtt, e = c.Exchange(m, nameserver)
*dnssec = true
goto Redo
} else {
// First EDNS, then TCP
fmt.Printf(";; Truncated, trying TCP\n")
c.Net = "tcp"
r, rtt, e = c.Exchange(m, nameserver)
goto Redo
}
}
}
if r.MsgHdr.Truncated && !*fallback {
fmt.Printf(";; Truncated\n")
}
if *check {
sigCheck(r, nameserver, *tcp)
}
if *short {
r = shortMsg(r)
}
fmt.Printf("%v", r)
fmt.Printf("\n;; query time: %.3d µs, server: %s(%s), size: %d bytes\n", rtt/1e3, nameserver, c.Net, r.Len())
}
}
func handleReflect(w dns.ResponseWriter, r *dns.Msg) {
reflectHandled += 1
if reflectHandled%1000 == 0 {
fmt.Printf("Served %d reflections\n", reflectHandled)
}
var (
v4 bool
rr dns.RR
str string
a net.IP
)
m := new(dns.Msg)
m.SetReply(r)
m.Compress = *compress
if ip, ok := w.RemoteAddr().(*net.UDPAddr); ok {
str = "Port: " + strconv.Itoa(ip.Port) + " (udp)"
a = ip.IP
v4 = a.To4() != nil
}
if ip, ok := w.RemoteAddr().(*net.TCPAddr); ok {
str = "Port: " + strconv.Itoa(ip.Port) + " (tcp)"
a = ip.IP
v4 = a.To4() != nil
}
if v4 {
rr = new(dns.A)
rr.(*dns.A).Hdr = dns.RR_Header{Name: dom, Rrtype: dns.TypeA, Class: dns.ClassINET, Ttl: 0}
rr.(*dns.A).A = a.To4()
} else {
rr = new(dns.AAAA)
rr.(*dns.AAAA).Hdr = dns.RR_Header{Name: dom, Rrtype: dns.TypeAAAA, Class: dns.ClassINET, Ttl: 0}
rr.(*dns.AAAA).AAAA = a
}
t := new(dns.TXT)
t.Hdr = dns.RR_Header{Name: dom, Rrtype: dns.TypeTXT, Class: dns.ClassINET, Ttl: 0}
t.Txt = []string{str}
switch r.Question[0].Qtype {
case dns.TypeTXT:
m.Answer = append(m.Answer, t)
m.Extra = append(m.Extra, rr)
default:
fallthrough
case dns.TypeAAAA, dns.TypeA:
m.Answer = append(m.Answer, rr)
m.Extra = append(m.Extra, t)
case dns.TypeAXFR, dns.TypeIXFR:
c := make(chan *dns.Envelope)
tr := new(dns.Transfer)
defer close(c)
err := tr.Out(w, r, c)
if err != nil {
return
}
soa, _ := dns.NewRR(`whoami.miek.nl. 0 IN SOA linode.atoom.net. miek.miek.nl. 2009032802 21600 7200 604800 3600`)
c <- &dns.Envelope{RR: []dns.RR{soa, t, rr, soa}}
w.Hijack()
// w.Close() // Client closes connection
return
}
if r.IsTsig() != nil {
if w.TsigStatus() == nil {
m.SetTsig(r.Extra[len(r.Extra)-1].(*dns.TSIG).Hdr.Name, dns.HmacMD5, 300, time.Now().Unix())
} else {
println("Status", w.TsigStatus().Error())
}
}
if *printf {
fmt.Printf("%v\n", m.String())
}
// set TC when question is tc.miek.nl.
if m.Question[0].Name == "tc.miek.nl." {
m.Truncated = true
// send half a message
buf, _ := m.Pack()
w.Write(buf[:len(buf)/2])
return
}
w.WriteMsg(m)
}