// Create a dns message from a fingerprint string and
// a DNS question. The order of a string is always the same.
// .,IN,NS,QUERY,NOERROR,qr,aa,tc,RD,ad,ad,z,1,0,0,1,DO,4096,nsid
func (f *fingerprint) msg() *dns.Msg {
m := new(dns.Msg)
m.MsgHdr.Id = dns.Id()
m.Question = make([]dns.Question, 1)
m.Question[0] = dns.Question{f.Query.Name, f.Query.Qtype, f.Query.Qclass}
m.MsgHdr.Opcode = f.Opcode
m.MsgHdr.Rcode = f.Rcode
m.MsgHdr.Response = f.Response
m.MsgHdr.Authoritative = f.Authoritative
m.MsgHdr.Truncated = f.Truncated
m.MsgHdr.RecursionDesired = f.RecursionDesired
m.MsgHdr.AuthenticatedData = f.AuthenticatedData
m.MsgHdr.CheckingDisabled = f.CheckingDisabled
m.MsgHdr.Zero = f.Zero
if f.Do {
// Add an OPT section.
m.SetEdns0(0, true)
// We have added an OPT RR, set the size.
m.Extra[0].(*dns.RR_OPT).SetUDPSize(uint16(f.UDPSize))
if f.Nsid {
m.Extra[0].(*dns.RR_OPT).SetNsid("")
}
}
return m
}
func main() {
conf, err := dns.ClientConfigFromFile("/etc/resolv.conf")
if len(os.Args) != 2 || err != nil {
fmt.Printf("%s DOMAIN\n", os.Args[0])
os.Exit(1)
}
m := new(dns.Msg)
m.SetQuestion(dns.Fqdn(os.Args[1]), dns.TypeDNSKEY)
m.SetEdns0(2048, true)
c := new(dns.Client)
r, _ := c.Exchange(m, conf.Servers[0]+":"+conf.Port)
if r == nil {
fmt.Printf("*** no answer received for %s\n", os.Args[1])
os.Exit(1)
}
if r.Rcode != dns.RcodeSuccess {
fmt.Printf(" *** invalid answer name %s after DNSKEY query for %s\n", os.Args[1], os.Args[1])
os.Exit(1)
}
for _, k := range r.Answer {
if key, ok := k.(*dns.RR_DNSKEY); ok {
key.Hdr.Ttl = 0
for _, alg := range []int{dns.SHA1, dns.SHA256, dns.SHA384} {
ds := key.ToDS(alg)
fmt.Printf("%v; %d\n", ds, key.Flags)
}
}
}
}
// Get the key from the DNS (uses the local resolver) and return them.
// If nothing is found we return nil
func getKey(name string, keytag uint16, server string, tcp bool) *dns.RR_DNSKEY {
c := new(dns.Client)
if tcp {
c.Net = "tcp"
}
m := new(dns.Msg)
m.SetQuestion(name, dns.TypeDNSKEY)
m.SetEdns0(4096, true)
r, err := c.Exchange(m, server)
if err != nil {
return nil
}
for _, k := range r.Answer {
if k1, ok := k.(*dns.RR_DNSKEY); ok {
if k1.KeyTag() == keytag {
return k1
}
}
}
return nil
}
