Exemple #1
0
func sectionCheck(set []dns.RR, server string, tcp bool) {
	var key *dns.DNSKEY
	for _, rr := range set {
		if rr.Header().Rrtype == dns.TypeRRSIG {
			rrset := getRRset(set, rr.Header().Name, rr.(*dns.RRSIG).TypeCovered)
			if dnskey == nil {
				key = getKey(rr.(*dns.RRSIG).SignerName, rr.(*dns.RRSIG).KeyTag, server, tcp)
			} else {
				key = dnskey
			}
			if key == nil {
				fmt.Printf(";? DNSKEY %s/%d not found\n", rr.(*dns.RRSIG).SignerName, rr.(*dns.RRSIG).KeyTag)
				continue
			}
			where := "net"
			if dnskey != nil {
				where = "disk"
			}
			if err := rr.(*dns.RRSIG).Verify(key, rrset); err != nil {
				fmt.Printf(";- Bogus signature, %s does not validate (DNSKEY %s/%d/%s) [%s]\n",
					shortSig(rr.(*dns.RRSIG)), key.Header().Name, key.KeyTag(), where, err.Error())
			} else {
				fmt.Printf(";+ Secure signature, %s validates (DNSKEY %s/%d/%s)\n", shortSig(rr.(*dns.RRSIG)), key.Header().Name, key.KeyTag(), where)
			}
		}
	}
}
func CalcTag(flags uint16, algorithm uint8, publickey string) uint16 {
	key := new(dns.DNSKEY)
	key.Hdr.Name = "."
	key.Hdr.Rrtype = dns.TypeDNSKEY
	key.Hdr.Class = dns.ClassINET
	key.Hdr.Ttl = 3600
	key.Flags = flags
	key.Protocol = 3
	key.Algorithm = algorithm
	key.PublicKey = publickey

	return key.KeyTag()
}
Exemple #3
0
func (s *Server) SetKeys(k *dns.DNSKEY, p dns.PrivateKey) {
	s.dnsKey = k
	s.keyTag = k.KeyTag()
	s.privKey = p
	s.registry.DNSSEC(true)
}
Exemple #4
0
func (s *server) setKeys(k *dns.DNSKEY, p dns.PrivateKey) {
	s.PubKey = k
	s.KeyTag = k.KeyTag()
	s.PrivKey = p
}