func generateAndSignDomain(fqdn string) (
model.Domain, *dns.DNSKEY, *dns.RRSIG, time.Time, time.Time,
) {
dnskey, rrsig, err := utils.GenerateKSKAndSignZone(fqdn)
if err != nil {
utils.Fatalln("Error creating KSK DNSSEC keys and signatures", err)
}
ds := dnskey.ToDS(uint8(model.DSDigestTypeSHA1))
domain := model.Domain{
FQDN: fqdn,
Nameservers: []model.Nameserver{
{
Host: fmt.Sprintf("ns1.%s", fqdn),
IPv4: net.ParseIP("127.0.0.1"),
},
},
DSSet: []model.DS{
{
Keytag: dnskey.KeyTag(),
Algorithm: utils.ConvertKeyAlgorithm(dnskey.Algorithm),
DigestType: model.DSDigestTypeSHA1,
Digest: ds.Digest,
},
},
}
owner, _ := mail.ParseAddress("*****@*****.**")
domain.Owners = []model.Owner{
{
Email: owner,
Language: "pt-BR",
},
}
lastCheckAt := time.Now().Add(-72 * time.Hour)
lastOKAt := lastCheckAt.Add(-24 * time.Hour)
// Set all nameservers with error and the last check equal of the error check interval,
// this will force the domain to be checked
for index, _ := range domain.Nameservers {
domain.Nameservers[index].LastCheckAt = lastCheckAt
domain.Nameservers[index].LastOKAt = lastOKAt
domain.Nameservers[index].LastStatus = model.NameserverStatusServerFailure
}
// Set all DS records with error and the last check equal of the error check interval,
// this will force the domain to be checked
for index, _ := range domain.DSSet {
domain.DSSet[index].LastCheckAt = lastCheckAt
domain.DSSet[index].LastOKAt = lastOKAt
domain.DSSet[index].LastStatus = model.DSStatusTimeout
}
return domain, dnskey, rrsig, lastCheckAt, lastOKAt
}
// Function to mock a domain
func generateAndSaveDomain(fqdn string, domainDAO dao.DomainDAO, dnskey *dns.DNSKEY) {
ds := dnskey.ToDS(uint8(model.DSDigestTypeSHA1))
domain := model.Domain{
FQDN: fqdn,
Nameservers: []model.Nameserver{
{
Host: fmt.Sprintf("ns1.%s", fqdn),
IPv4: net.ParseIP("127.0.0.1"),
},
},
DSSet: []model.DS{
{
Keytag: dnskey.KeyTag(),
Algorithm: utils.ConvertKeyAlgorithm(dnskey.Algorithm),
DigestType: model.DSDigestTypeSHA1,
Digest: ds.Digest,
},
},
}
owner, _ := mail.ParseAddress("*****@*****.**")
domain.Owners = []model.Owner{
{
Email: owner,
Language: "pt-BR",
},
}
lastCheckAt := time.Now().Add(-72 * time.Hour)
lastOKAt := lastCheckAt.Add(-24 * time.Hour)
// Set all nameservers with error and the last check equal of the error check interval,
// this will force the domain to be checked
for index, _ := range domain.Nameservers {
domain.Nameservers[index].LastCheckAt = lastCheckAt
domain.Nameservers[index].LastOKAt = lastOKAt
domain.Nameservers[index].LastStatus = model.NameserverStatusServerFailure
}
// Set all DS records with error and the last check equal of the error check interval,
// this will force the domain to be checked
for index, _ := range domain.DSSet {
domain.DSSet[index].LastCheckAt = lastCheckAt
domain.DSSet[index].LastOKAt = lastOKAt
domain.DSSet[index].LastStatus = model.DSStatusTimeout
}
if err := domainDAO.Save(&domain); err != nil {
utils.Fatalln(fmt.Sprintf("Fail to save domain %s", domain.FQDN), err)
}
}
// Generates a report with the amount of time of a scan
func scanQuerierReport(config ScanQuerierTestConfigFile) {
report := " # | Total | QPS | Memory (MB)\n" +
"-----------------------------------------------------\n"
// Report variables
scale := []int{10, 50, 100, 500, 1000, 5000,
10000, 50000, 100000, 500000, 1000000, 5000000}
fqdn := "domain.com.br."
dnskey, rrsig, err := utils.GenerateKSKAndSignZone(fqdn)
if err != nil {
utils.Fatalln("Error creating DNSSEC keys and signatures", err)
}
ds := dnskey.ToDS(uint8(model.DSDigestTypeSHA1))
dns.HandleFunc(fqdn, func(w dns.ResponseWriter, dnsRequestMessage *dns.Msg) {
defer w.Close()
if dnsRequestMessage.Question[0].Qtype == dns.TypeSOA {
dnsResponseMessage := &dns.Msg{
MsgHdr: dns.MsgHdr{
Authoritative: true,
},
Question: dnsRequestMessage.Question,
Answer: []dns.RR{
&dns.SOA{
Hdr: dns.RR_Header{
Name: fqdn,
Rrtype: dns.TypeSOA,
Class: dns.ClassINET,
Ttl: 86400,
},
Ns: "ns1." + fqdn,
Mbox: "rafael.justo.net.br.",
Serial: 2013112600,
Refresh: 86400,
Retry: 86400,
Expire: 86400,
Minttl: 900,
},
},
}
dnsResponseMessage.SetReply(dnsRequestMessage)
w.WriteMsg(dnsResponseMessage)
} else if dnsRequestMessage.Question[0].Qtype == dns.TypeDNSKEY {
dnsResponseMessage := &dns.Msg{
MsgHdr: dns.MsgHdr{
Authoritative: true,
},
Question: dnsRequestMessage.Question,
Answer: []dns.RR{
dnskey,
rrsig,
},
}
dnsResponseMessage.SetReply(dnsRequestMessage)
w.WriteMsg(dnsResponseMessage)
}
})
for _, numberOfItems := range scale {
var domains []*model.Domain
for i := 0; i < numberOfItems; i++ {
// We create an object with different nameservers because we don't want to put the
// nameserver in the query rate limit check
domains = append(domains, &model.Domain{
FQDN: fqdn,
Nameservers: []model.Nameserver{
{
Host: fmt.Sprintf("ns%d.%s", i, fqdn),
IPv4: net.ParseIP("127.0.0.1"),
},
},
DSSet: []model.DS{
{
Keytag: dnskey.KeyTag(),
Algorithm: utils.ConvertKeyAlgorithm(dnskey.Algorithm),
DigestType: model.DSDigestTypeSHA1,
Digest: ds.Digest,
},
},
})
}
utils.Println(fmt.Sprintf("Generating report - scale %d", numberOfItems))
totalDuration, queriesPerSecond, _, _ :=
calculateScanQuerierDurations(config, domains)
var memStats runtime.MemStats
runtime.ReadMemStats(&memStats)
report += fmt.Sprintf("% -8d | %16s | %4d | %14.2f\n",
numberOfItems,
time.Duration(int64(totalDuration)).String(),
queriesPerSecond,
float64(memStats.Alloc)/float64(MB),
)
}
utils.WriteReport(config.Report.ReportFile, report)
}
func domainWithNoDNSSECErrors(config ScanQuerierTestConfigFile) {
dnskey, rrsig, err := utils.GenerateKSKAndSignZone("br.")
if err != nil {
utils.Fatalln("Error creating DNSSEC keys and signatures", err)
}
ds := dnskey.ToDS(uint8(model.DSDigestTypeSHA1))
domainsToQueryChannel := make(chan *model.Domain, config.Scan.DomainsBufferSize)
domainsToQueryChannel <- &model.Domain{
FQDN: "br.",
Nameservers: []model.Nameserver{
{
Host: "ns1.br",
IPv4: net.ParseIP("127.0.0.1"),
},
},
DSSet: []model.DS{
{
Keytag: dnskey.KeyTag(),
Algorithm: utils.ConvertKeyAlgorithm(dnskey.Algorithm),
DigestType: model.DSDigestTypeSHA1,
Digest: ds.Digest,
},
},
}
domainsToQueryChannel <- nil // Poison pill
dns.HandleFunc("br.", func(w dns.ResponseWriter, dnsRequestMessage *dns.Msg) {
defer w.Close()
if dnsRequestMessage.Question[0].Qtype == dns.TypeSOA {
dnsResponseMessage := &dns.Msg{
MsgHdr: dns.MsgHdr{
Authoritative: true,
},
Question: dnsRequestMessage.Question,
Answer: []dns.RR{
&dns.SOA{
Hdr: dns.RR_Header{
Name: "br.",
Rrtype: dns.TypeSOA,
Class: dns.ClassINET,
Ttl: 86400,
},
Ns: "ns1.br.",
Mbox: "rafael.justo.net.br.",
Serial: 2013112600,
Refresh: 86400,
Retry: 86400,
Expire: 86400,
Minttl: 900,
},
},
}
dnsResponseMessage.SetReply(dnsRequestMessage)
w.WriteMsg(dnsResponseMessage)
} else if dnsRequestMessage.Question[0].Qtype == dns.TypeDNSKEY {
dnsResponseMessage := &dns.Msg{
MsgHdr: dns.MsgHdr{
Authoritative: true,
},
Question: dnsRequestMessage.Question,
Answer: []dns.RR{
dnskey,
rrsig,
},
}
dnsResponseMessage.SetReply(dnsRequestMessage)
w.WriteMsg(dnsResponseMessage)
}
})
domains := runScan(config, domainsToQueryChannel)
for _, domain := range domains {
if domain.FQDN != "br." ||
domain.DSSet[0].LastStatus != model.DSStatusOK {
utils.Fatalln(fmt.Sprintf("Error checking a well configured DNSSEC domain. "+
"Expected FQDN 'br.' with status %d and got FQDN '%s' with status %d",
model.DSStatusOK, domain.FQDN, domain.DSSet[0].LastStatus), nil)
}
}
}