예제 #1
0
func checkNS(ns *Nameserver, fqdn, fieldPrefix string) (errs map[string][]string) {
	errs = make(map[string][]string)

	msg := new(dns.Msg)
	msg.SetQuestion(fqdn, dns.TypeSOA)
	msg.RecursionDesired = false

	server := ns.Name
	if strings.HasSuffix(ns.Name, fqdn) {
		server = ns.Glue
	}

	client := new(dns.Client)
	response, _, err := client.Exchange(msg, server+":53")

	if err == nil {
		if !response.Authoritative || len(response.Answer) == 0 {
			errs[fieldPrefix] = append(errs[fieldPrefix], "Not authoritative for domain!")
		}

	} else {
		log.Printf("Error while querying %s [%s]. Details: %s", ns.Name, ns.Glue, err.Error())
		errs[fieldPrefix] = append(errs[fieldPrefix], "Fail to query server!")
	}

	return
}
예제 #2
0
func ExamplePrivateHandle() {
	dns.PrivateHandle("APAIR", TypeAPAIR, NewAPAIR)
	defer dns.PrivateHandleRemove(TypeAPAIR)

	rr, err := dns.NewRR("miek.nl. APAIR (1.2.3.4    1.2.3.5)")
	if err != nil {
		log.Fatal("could not parse APAIR record: ", err)
	}
	fmt.Println(rr)
	// Output: miek.nl.	3600	IN	APAIR	1.2.3.4 1.2.3.5

	m := new(dns.Msg)
	m.Id = 12345
	m.SetQuestion("miek.nl.", TypeAPAIR)
	m.Answer = append(m.Answer, rr)

	fmt.Println(m)
	// ;; opcode: QUERY, status: NOERROR, id: 12345
	// ;; flags: rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
	//
	// ;; QUESTION SECTION:
	// ;miek.nl.	IN	 APAIR
	//
	// ;; ANSWER SECTION:
	// miek.nl.	3600	IN	APAIR	1.2.3.4 1.2.3.5
}
예제 #3
0
// Retrieve the MX records for miek.nl.
func ExampleMX() {
	config, _ := dns.ClientConfigFromFile("/etc/resolv.conf")
	c := new(dns.Client)
	m := new(dns.Msg)
	m.SetQuestion("miek.nl.", dns.TypeMX)
	m.RecursionDesired = true
	r, _, err := c.Exchange(m, config.Servers[0]+":"+config.Port)
	if err != nil {
		return
	}
	if r.Rcode != dns.RcodeSuccess {
		return
	}
	for _, a := range r.Answer {
		if mx, ok := a.(*dns.MX); ok {
			fmt.Printf("%s\n", mx.String())
		}
	}
}
예제 #4
0
// Retrieve the DNSKEY records of a zone and convert them
// to DS records for SHA1, SHA256 and SHA384.
func ExampleDS(zone string) {
	config, _ := dns.ClientConfigFromFile("/etc/resolv.conf")
	c := new(dns.Client)
	m := new(dns.Msg)
	if zone == "" {
		zone = "miek.nl"
	}
	m.SetQuestion(dns.Fqdn(zone), dns.TypeDNSKEY)
	m.SetEdns0(4096, true)
	r, _, err := c.Exchange(m, config.Servers[0]+":"+config.Port)
	if err != nil {
		return
	}
	if r.Rcode != dns.RcodeSuccess {
		return
	}
	for _, k := range r.Answer {
		if key, ok := k.(*dns.DNSKEY); ok {
			for _, alg := range []uint8{dns.SHA1, dns.SHA256, dns.SHA384} {
				fmt.Printf("%s; %d\n", key.ToDS(alg).String(), key.Flags)
			}
		}
	}
}
예제 #5
0
func checkDSs(DSs []*DS, ns *Nameserver, fqdn string) (errs map[string][]string) {
	if len(ns.Name) == 0 {
		// Don't need to check DS if the nameserver is empty
		return
	}

	errs = make(map[string][]string)

	msg := new(dns.Msg)
	msg.SetQuestion(fqdn, dns.TypeDNSKEY)
	msg.RecursionDesired = false

	server := ns.Name
	if strings.HasSuffix(ns.Name, fqdn) {
		server = ns.Glue
	}

	client := new(dns.Client)
	response, _, err := client.Exchange(msg, server+":53")

	if err != nil {
		log.Printf("Error while querying DNSKEY in %s [%s]. Details: %s", ns.Name, ns.Glue, err.Error())
		errs["ds0-keytag"] = append(errs["ds0-keytag"], "Fail to query server "+ns.Name+"!")
		errs["ds1-keytag"] = append(errs["ds1-keytag"], "Fail to query server "+ns.Name+"!")
		return
	}

	if response.Truncated {
		client.Net = "tcp"
		response, _, err = client.Exchange(msg, server+":53")

		if err != nil {
			log.Printf("Error while querying DNSKEY in %s [%s]. Details: %s", ns.Name, ns.Glue, err.Error())
			errs["ds0-keytag"] = append(errs["ds0-keytag"], "Fail to query server "+ns.Name+"!")
			errs["ds1-keytag"] = append(errs["ds1-keytag"], "Fail to query server "+ns.Name+"!")
			return
		}
	}

	ds1 := DSs[0]
	ds2 := DSs[1]
	foundDS1 := false
	foundDS2 := false

	for _, rr := range response.Answer {
		if rr.Header().Rrtype == dns.TypeDNSKEY {
			dnskeyRR := rr.(*dns.DNSKEY)

			if int(dnskeyRR.KeyTag()) == ds1.KeyTag {
				foundDS1 = true

				ds := dnskeyRR.ToDS(ds1.DigestType)
				if int(ds.Algorithm) != ds1.Algorithm {
					errs["ds0-algorithm"] = append(errs["ds0-algorithm"], "Algorithm does not match with DNSKEY in "+ns.Name)
				} else if strings.ToUpper(ds.Digest) != ds1.Digest {
					errs["ds0-digest"] = append(errs["ds0-digest"], "Digest does not match with DNSKEY in "+ns.Name)
				} else if dnskeyRR.Flags&dns.SEP == 0 {
					errs["ds0-keytag"] = append(errs["ds0-keytag"], "DNSKEY is not a SEP in "+ns.Name)
				}

			}

			if int(dnskeyRR.KeyTag()) == ds2.KeyTag {
				foundDS2 = true

				ds := dnskeyRR.ToDS(ds2.DigestType)
				if int(ds.Algorithm) != ds2.Algorithm {
					errs["ds1-algorithm"] = append(errs["ds1-algorithm"], "Algorithm does not match with DNSKEY in "+ns.Name)
				} else if strings.ToUpper(ds.Digest) != ds2.Digest {
					errs["ds1-digest"] = append(errs["ds1-digest"], "Digest does not match with DNSKEY in "+ns.Name)
				} else if dnskeyRR.Flags&dns.SEP == 0 {
					errs["ds1-keytag"] = append(errs["ds1-keytag"], "DNSKEY is not a SEP in "+ns.Name)
				}

			}
		}
	}

	if !foundDS1 && len(ds1.Digest) > 0 {
		errs["ds0-keytag"] = append(errs["ds0-keytag"], "Related DNSKEY not found in "+ns.Name)
	}

	if !foundDS2 && len(ds2.Digest) > 0 {
		errs["ds1-keytag"] = append(errs["ds1-keytag"], "Related DNSKEY not found in "+ns.Name)
	}

	return
}