2010-12-31 02:38:16 +11:00
|
|
|
package main
|
2011-02-09 06:22:43 +11:00
|
|
|
|
2010-12-31 02:38:16 +11:00
|
|
|
import (
|
|
|
|
"dns"
|
|
|
|
"flag"
|
|
|
|
"fmt"
|
2011-12-17 03:37:21 +11:00
|
|
|
"os"
|
2011-02-25 02:13:23 +11:00
|
|
|
"strconv"
|
2010-12-31 04:48:29 +11:00
|
|
|
"strings"
|
2012-03-02 08:40:34 +11:00
|
|
|
"time"
|
2010-12-31 02:38:16 +11:00
|
|
|
)
|
|
|
|
|
2012-01-24 06:47:39 +11:00
|
|
|
var dnskey *dns.RR_DNSKEY
|
|
|
|
|
2011-07-05 07:57:26 +10:00
|
|
|
func q(w dns.RequestWriter, m *dns.Msg) {
|
2012-02-25 09:43:34 +11:00
|
|
|
if err := w.Send(m); err != nil {
|
|
|
|
fmt.Printf("%s\n", err.Error())
|
|
|
|
w.Write(nil)
|
|
|
|
return
|
|
|
|
}
|
2011-08-08 21:10:35 +10:00
|
|
|
r, err := w.Receive()
|
2011-09-19 23:16:05 +10:00
|
|
|
if err != nil {
|
2011-12-17 05:18:18 +11:00
|
|
|
fmt.Printf("%s\n", err.Error())
|
2012-02-25 09:43:34 +11:00
|
|
|
w.Write(nil)
|
|
|
|
return
|
2011-09-19 23:16:05 +10:00
|
|
|
}
|
2012-05-08 21:51:12 +10:00
|
|
|
w.Close()
|
2012-03-05 08:32:23 +11:00
|
|
|
if w.TsigStatus() != nil {
|
|
|
|
fmt.Printf(";; Couldn't verify TSIG signature: %s\n", w.TsigStatus().Error())
|
|
|
|
}
|
2011-07-25 16:58:34 +10:00
|
|
|
w.Write(r)
|
2011-07-05 07:57:26 +10:00
|
|
|
}
|
|
|
|
|
2010-12-31 02:38:16 +11:00
|
|
|
func main() {
|
2011-09-19 23:16:05 +10:00
|
|
|
dnssec := flag.Bool("dnssec", false, "request DNSSEC records")
|
|
|
|
query := flag.Bool("question", false, "show question")
|
2012-01-24 05:38:22 +11:00
|
|
|
short := flag.Bool("short", false, "abbreviate long DNSSEC records")
|
2012-01-21 23:41:52 +11:00
|
|
|
check := flag.Bool("check", false, "check internal DNSSEC consistency")
|
2012-05-21 23:45:26 +10:00
|
|
|
six := flag.Bool("6", false, "use IPv6 only")
|
|
|
|
four := flag.Bool("4", false, "use IPv4 only")
|
2012-02-25 06:35:56 +11:00
|
|
|
anchor := flag.String("anchor", "", "use the DNSKEY in this file for interal DNSSEC consistency")
|
2012-05-06 01:37:33 +10:00
|
|
|
tsig := flag.String("tsig", "", "request tsig with key: [hmac:]name:key")
|
2011-12-18 06:14:39 +11:00
|
|
|
port := flag.Int("port", 53, "port number to use")
|
2011-09-19 23:16:05 +10:00
|
|
|
aa := flag.Bool("aa", false, "set AA flag in query")
|
|
|
|
ad := flag.Bool("ad", false, "set AD flag in query")
|
|
|
|
cd := flag.Bool("cd", false, "set CD flag in query")
|
2012-02-22 21:42:51 +11:00
|
|
|
rd := flag.Bool("rd", true, "set RD flag in query")
|
2012-02-25 09:43:34 +11:00
|
|
|
fallback := flag.Bool("fallback", false, "fallback to 4096 bytes bufsize and after that TCP")
|
2011-09-19 23:16:05 +10:00
|
|
|
tcp := flag.Bool("tcp", false, "TCP mode")
|
|
|
|
nsid := flag.Bool("nsid", false, "ask for NSID")
|
2010-12-31 04:48:29 +11:00
|
|
|
flag.Usage = func() {
|
2011-12-18 06:14:39 +11:00
|
|
|
fmt.Fprintf(os.Stderr, "Usage: %s [@server] [qtype] [qclass] [name ...]\n", os.Args[0])
|
2010-12-31 04:48:29 +11:00
|
|
|
flag.PrintDefaults()
|
|
|
|
}
|
2010-12-31 03:15:59 +11:00
|
|
|
|
2011-07-05 07:57:26 +10:00
|
|
|
conf, _ := dns.ClientConfigFromFile("/etc/resolv.conf")
|
|
|
|
nameserver := "@" + conf.Servers[0]
|
|
|
|
qtype := uint16(0)
|
2010-12-31 02:38:16 +11:00
|
|
|
qclass := uint16(dns.ClassINET) // Default qclass
|
|
|
|
var qname []string
|
|
|
|
|
|
|
|
flag.Parse()
|
2012-02-25 06:35:56 +11:00
|
|
|
if *anchor != "" {
|
|
|
|
f, err := os.Open(*anchor)
|
|
|
|
if err != nil {
|
|
|
|
fmt.Fprintf(os.Stderr, "Failure to open %s: %s\n", *anchor, err.Error())
|
|
|
|
}
|
|
|
|
r, err := dns.ReadRR(f, *anchor)
|
|
|
|
if err != nil {
|
|
|
|
fmt.Fprintf(os.Stderr, "Failure to read an RR from %s: %s\n", *anchor, err.Error())
|
|
|
|
}
|
|
|
|
if k, ok := r.(*dns.RR_DNSKEY); !ok {
|
|
|
|
fmt.Fprintf(os.Stderr, "No DNSKEY read from %s\n", *anchor)
|
|
|
|
} else {
|
|
|
|
dnskey = k
|
|
|
|
}
|
|
|
|
}
|
2010-12-31 02:38:16 +11:00
|
|
|
|
2011-02-24 01:25:11 +11:00
|
|
|
Flags:
|
2010-12-31 02:38:16 +11:00
|
|
|
for i := 0; i < flag.NArg(); i++ {
|
|
|
|
// If it starts with @ it is a nameserver
|
|
|
|
if flag.Arg(i)[0] == '@' {
|
|
|
|
nameserver = flag.Arg(i)
|
2011-02-24 01:25:11 +11:00
|
|
|
continue Flags
|
2010-12-31 02:38:16 +11:00
|
|
|
}
|
2011-02-25 02:13:23 +11:00
|
|
|
// First class, then type, to make ANY queries possible
|
2011-01-19 01:44:30 +11:00
|
|
|
// And if it looks like type, it is a type
|
2011-12-18 06:14:39 +11:00
|
|
|
if k, ok := dns.Str_rr[strings.ToUpper(flag.Arg(i))]; ok {
|
|
|
|
qtype = k
|
2012-02-25 06:35:56 +11:00
|
|
|
switch qtype {
|
|
|
|
case dns.TypeAXFR:
|
|
|
|
fmt.Fprintf(os.Stderr, "AXFR not supported\n")
|
|
|
|
return
|
|
|
|
case dns.TypeIXFR:
|
|
|
|
fmt.Fprintf(os.Stderr, "AXFR not supported\n")
|
|
|
|
return
|
|
|
|
}
|
2011-12-18 06:14:39 +11:00
|
|
|
continue Flags
|
2010-12-31 02:38:16 +11:00
|
|
|
}
|
2011-01-19 01:44:30 +11:00
|
|
|
// If it looks like a class, it is a class
|
2011-12-18 06:14:39 +11:00
|
|
|
if k, ok := dns.Str_class[strings.ToUpper(flag.Arg(i))]; ok {
|
|
|
|
qclass = k
|
|
|
|
continue Flags
|
2010-12-31 02:38:16 +11:00
|
|
|
}
|
2011-02-25 02:13:23 +11:00
|
|
|
// If it starts with TYPExxx it is unknown rr
|
|
|
|
if strings.HasPrefix(flag.Arg(i), "TYPE") {
|
|
|
|
i, e := strconv.Atoi(string([]byte(flag.Arg(i))[4:]))
|
|
|
|
if e == nil {
|
|
|
|
qtype = uint16(i)
|
2012-02-25 06:35:56 +11:00
|
|
|
switch qtype {
|
|
|
|
case dns.TypeAXFR:
|
|
|
|
fmt.Fprintf(os.Stderr, "AXFR not supported\n")
|
|
|
|
return
|
|
|
|
case dns.TypeIXFR:
|
|
|
|
fmt.Fprintf(os.Stderr, "AXFR not supported\n")
|
|
|
|
return
|
|
|
|
}
|
2011-02-25 02:13:23 +11:00
|
|
|
continue Flags
|
|
|
|
}
|
|
|
|
}
|
2011-02-22 02:00:30 +11:00
|
|
|
|
2010-12-31 02:38:16 +11:00
|
|
|
// Anything else is a qname
|
|
|
|
qname = append(qname, flag.Arg(i))
|
|
|
|
}
|
2011-07-25 16:58:34 +10:00
|
|
|
if len(qname) == 0 {
|
|
|
|
qname = make([]string, 1)
|
|
|
|
qname[0] = "."
|
|
|
|
qtype = dns.TypeNS
|
|
|
|
}
|
|
|
|
if qtype == 0 {
|
|
|
|
qtype = dns.TypeA
|
|
|
|
}
|
2011-03-29 01:13:34 +11:00
|
|
|
|
2010-12-31 04:48:29 +11:00
|
|
|
nameserver = string([]byte(nameserver)[1:]) // chop off @
|
2011-12-18 06:14:39 +11:00
|
|
|
nameserver += ":" + strconv.Itoa(*port)
|
2011-01-17 20:51:33 +11:00
|
|
|
|
2012-03-02 08:40:34 +11:00
|
|
|
// We use the async query handling, just to show how it is to be used.
|
2012-03-27 18:26:04 +11:00
|
|
|
dns.HandleQuery(".", q)
|
2012-05-22 04:58:41 +10:00
|
|
|
dns.ListenAndQuery(nil)
|
2012-05-26 18:31:44 +10:00
|
|
|
c := new(dns.Client)
|
2011-03-30 20:14:36 +11:00
|
|
|
if *tcp {
|
2011-07-05 07:57:26 +10:00
|
|
|
c.Net = "tcp"
|
2012-05-21 23:45:26 +10:00
|
|
|
if *four {
|
|
|
|
c.Net = "tcp4"
|
|
|
|
}
|
|
|
|
if *six {
|
|
|
|
c.Net = "tcp6"
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
c.Net = "udp"
|
|
|
|
if *four {
|
|
|
|
c.Net = "udp4"
|
|
|
|
}
|
|
|
|
if *six {
|
|
|
|
c.Net = "udp6"
|
|
|
|
}
|
2011-03-30 20:14:36 +11:00
|
|
|
}
|
2011-03-29 01:51:29 +11:00
|
|
|
|
2011-07-05 07:57:26 +10:00
|
|
|
m := new(dns.Msg)
|
|
|
|
m.MsgHdr.Authoritative = *aa
|
|
|
|
m.MsgHdr.AuthenticatedData = *ad
|
|
|
|
m.MsgHdr.CheckingDisabled = *cd
|
|
|
|
m.MsgHdr.RecursionDesired = *rd
|
|
|
|
m.Question = make([]dns.Question, 1)
|
|
|
|
if *dnssec || *nsid {
|
2011-12-17 03:37:21 +11:00
|
|
|
o := new(dns.RR_OPT)
|
|
|
|
o.Hdr.Name = "."
|
|
|
|
o.Hdr.Rrtype = dns.TypeOPT
|
|
|
|
if *dnssec {
|
|
|
|
o.SetDo()
|
|
|
|
o.SetUDPSize(dns.DefaultMsgSize)
|
|
|
|
}
|
|
|
|
if *nsid {
|
2012-06-01 02:36:27 +10:00
|
|
|
// Ask for it
|
|
|
|
e := new(dns.EDNS0_NSID)
|
|
|
|
e.SetBytes([]byte(""))
|
|
|
|
o.Option = append(o.Option, e)
|
2011-12-17 03:37:21 +11:00
|
|
|
}
|
|
|
|
m.Extra = append(m.Extra, o)
|
2011-07-05 07:57:26 +10:00
|
|
|
}
|
2011-09-20 20:52:23 +10:00
|
|
|
|
2011-07-25 16:58:34 +10:00
|
|
|
for _, v := range qname {
|
|
|
|
m.Question[0] = dns.Question{v, qtype, qclass}
|
|
|
|
m.Id = dns.Id()
|
2011-09-19 23:16:05 +10:00
|
|
|
if *query {
|
|
|
|
fmt.Printf("%s\n", m.String())
|
|
|
|
}
|
2012-03-02 08:40:34 +11:00
|
|
|
// Add tsig
|
|
|
|
if *tsig != "" {
|
|
|
|
if algo, name, secret, ok := tsigKeyParse(*tsig); ok {
|
2012-05-21 22:56:14 +10:00
|
|
|
m.SetTsig(name, algo, 300, time.Now().Unix())
|
2012-03-03 07:19:37 +11:00
|
|
|
c.TsigSecret = map[string]string{name: secret}
|
2012-03-02 08:40:34 +11:00
|
|
|
} else {
|
2012-03-05 08:32:23 +11:00
|
|
|
fmt.Fprintf(os.Stderr, "tsig key data error\n")
|
2012-03-02 08:40:34 +11:00
|
|
|
return
|
|
|
|
}
|
|
|
|
}
|
2011-07-25 16:58:34 +10:00
|
|
|
c.Do(m, nameserver)
|
|
|
|
}
|
2011-03-29 01:51:29 +11:00
|
|
|
|
2011-03-30 23:54:43 +11:00
|
|
|
i := 0
|
|
|
|
forever:
|
2011-03-30 20:14:36 +11:00
|
|
|
for {
|
|
|
|
select {
|
2012-05-22 16:51:30 +10:00
|
|
|
case r := <-c.Reply:
|
2011-09-11 05:37:57 +10:00
|
|
|
if r.Reply != nil {
|
2011-09-19 23:16:05 +10:00
|
|
|
if r.Reply.Rcode == dns.RcodeSuccess {
|
|
|
|
if r.Request.Id != r.Reply.Id {
|
|
|
|
fmt.Printf("Id mismatch\n")
|
|
|
|
}
|
|
|
|
}
|
2012-02-25 09:43:34 +11:00
|
|
|
if r.Reply.MsgHdr.Truncated && *fallback {
|
|
|
|
if c.Net != "tcp" {
|
2012-05-06 01:37:33 +10:00
|
|
|
if !*dnssec {
|
2012-02-25 09:43:34 +11:00
|
|
|
fmt.Printf(";; Truncated, trying %d bytes bufsize\n", dns.DefaultMsgSize)
|
|
|
|
o := new(dns.RR_OPT)
|
|
|
|
o.Hdr.Name = "."
|
|
|
|
o.Hdr.Rrtype = dns.TypeOPT
|
|
|
|
o.SetUDPSize(dns.DefaultMsgSize)
|
|
|
|
m.Extra = append(m.Extra, o)
|
|
|
|
*dnssec = true
|
|
|
|
c.Do(m, nameserver)
|
|
|
|
break
|
|
|
|
} else {
|
|
|
|
// First EDNS, then TCP
|
|
|
|
fmt.Printf(";; Truncated, trying TCP\n")
|
|
|
|
c.Net = "tcp"
|
|
|
|
c.Do(m, nameserver)
|
|
|
|
break
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if r.Reply.MsgHdr.Truncated && !*fallback {
|
|
|
|
fmt.Printf(";; Truncated\n")
|
|
|
|
}
|
2012-01-21 23:41:52 +11:00
|
|
|
if *check {
|
2012-01-23 21:23:46 +11:00
|
|
|
sigCheck(r.Reply, nameserver, *tcp)
|
2012-01-21 23:41:52 +11:00
|
|
|
nsecCheck(r.Reply)
|
|
|
|
}
|
2012-01-21 22:28:50 +11:00
|
|
|
if *short {
|
|
|
|
r.Reply = shortMsg(r.Reply)
|
|
|
|
}
|
|
|
|
|
|
|
|
fmt.Printf("%v", r.Reply)
|
2012-06-01 03:19:54 +10:00
|
|
|
fmt.Printf("\n;; query time: %.3d µs, server: %s(%s), size: %dB\n", r.Rtt/1e3, r.RemoteAddr, r.RemoteAddr.Network(), r.Reply.Len())
|
2012-05-05 07:18:29 +10:00
|
|
|
// Server maybe
|
2011-02-25 02:13:23 +11:00
|
|
|
}
|
2011-03-30 23:54:43 +11:00
|
|
|
i++
|
|
|
|
if i == len(qname) {
|
|
|
|
break forever
|
|
|
|
}
|
2011-02-25 02:13:23 +11:00
|
|
|
}
|
2010-12-31 02:38:16 +11:00
|
|
|
}
|
|
|
|
}
|
2011-03-02 00:57:21 +11:00
|
|
|
|
2012-03-02 08:40:34 +11:00
|
|
|
func tsigKeyParse(s string) (algo, name, secret string, ok bool) {
|
|
|
|
s1 := strings.SplitN(s, ":", 3)
|
|
|
|
switch len(s1) {
|
|
|
|
case 2:
|
|
|
|
return "hmac-md5.sig-alg.reg.int.", s1[0], s1[1], true
|
|
|
|
case 3:
|
|
|
|
switch s1[0] {
|
|
|
|
case "hmac-md5":
|
|
|
|
return "hmac-md5.sig-alg.reg.int.", s1[0], s1[1], true
|
|
|
|
case "hmac-sha1":
|
|
|
|
return "hmac-sha1.", s1[1], s1[2], true
|
|
|
|
case "hmac-sha256":
|
|
|
|
return "hmac-sha256.", s1[1], s1[2], true
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2012-01-23 21:23:46 +11:00
|
|
|
func sectionCheck(set []dns.RR, server string, tcp bool) {
|
2012-02-25 06:35:56 +11:00
|
|
|
var key *dns.RR_DNSKEY
|
2012-01-21 23:41:52 +11:00
|
|
|
for _, rr := range set {
|
|
|
|
if rr.Header().Rrtype == dns.TypeRRSIG {
|
|
|
|
rrset := getRRset(set, rr.Header().Name, rr.(*dns.RR_RRSIG).TypeCovered)
|
2012-02-25 06:35:56 +11:00
|
|
|
if dnskey == nil {
|
|
|
|
key = getKey(rr.(*dns.RR_RRSIG).SignerName, rr.(*dns.RR_RRSIG).KeyTag, server, tcp)
|
|
|
|
} else {
|
|
|
|
key = dnskey
|
|
|
|
}
|
2012-01-21 23:41:52 +11:00
|
|
|
if key == nil {
|
|
|
|
fmt.Printf(";? DNSKEY %s/%d not found\n", rr.(*dns.RR_RRSIG).SignerName, rr.(*dns.RR_RRSIG).KeyTag)
|
2012-02-25 06:35:56 +11:00
|
|
|
continue
|
|
|
|
}
|
|
|
|
where := "net"
|
|
|
|
if dnskey != nil {
|
|
|
|
where = "disk"
|
2012-01-21 23:41:52 +11:00
|
|
|
}
|
|
|
|
if err := rr.(*dns.RR_RRSIG).Verify(key, rrset); err != nil {
|
2012-05-06 01:37:33 +10:00
|
|
|
fmt.Printf(";- Bogus signature, %s does not validate (DNSKEY %s/%d/%s) [%s]\n",
|
2012-03-01 07:11:45 +11:00
|
|
|
shortSig(rr.(*dns.RR_RRSIG)), key.Header().Name, key.KeyTag(), where, err.Error())
|
2012-01-21 23:41:52 +11:00
|
|
|
} else {
|
2012-01-24 06:47:39 +11:00
|
|
|
fmt.Printf(";+ Secure signature, %s validates (DNSKEY %s/%d/%s)\n", shortSig(rr.(*dns.RR_RRSIG)), key.Header().Name, key.KeyTag(), where)
|
2012-01-21 23:41:52 +11:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2012-01-22 00:02:38 +11:00
|
|
|
// Check if we have nsec3 records and if so, check them
|
2012-01-21 23:41:52 +11:00
|
|
|
func nsecCheck(in *dns.Msg) {
|
2012-02-25 06:35:56 +11:00
|
|
|
for _, r := range in.Answer {
|
|
|
|
if r.Header().Rrtype == dns.TypeNSEC3 {
|
|
|
|
goto Check
|
|
|
|
}
|
|
|
|
}
|
|
|
|
for _, r := range in.Ns {
|
|
|
|
if r.Header().Rrtype == dns.TypeNSEC3 {
|
|
|
|
goto Check
|
|
|
|
}
|
|
|
|
}
|
|
|
|
for _, r := range in.Extra {
|
|
|
|
if r.Header().Rrtype == dns.TypeNSEC3 {
|
|
|
|
goto Check
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return
|
2012-01-22 00:02:38 +11:00
|
|
|
Check:
|
2012-02-25 06:35:56 +11:00
|
|
|
w, err := in.Nsec3Verify(in.Question[0])
|
|
|
|
switch w {
|
|
|
|
case dns.NSEC3_NXDOMAIN:
|
|
|
|
fmt.Printf(";+ [beta] Correct denial of existence (NSEC3/NXDOMAIN)\n")
|
|
|
|
case dns.NSEC3_NODATA:
|
|
|
|
fmt.Printf(";+ [beta] Correct denial of existence (NSEC3/NODATA)\n")
|
|
|
|
default:
|
|
|
|
// w == 0
|
|
|
|
if err != nil {
|
|
|
|
fmt.Printf(";- [beta] Incorrect denial of existence (NSEC3): %s\n", err.Error())
|
|
|
|
}
|
|
|
|
}
|
2012-01-21 23:41:52 +11:00
|
|
|
}
|
|
|
|
|
2012-01-20 06:45:01 +11:00
|
|
|
// Check the sigs in the msg, get the signer's key (additional query), get the
|
|
|
|
// rrset from the message, check the signature(s)
|
2012-01-23 21:23:46 +11:00
|
|
|
func sigCheck(in *dns.Msg, server string, tcp bool) {
|
2012-02-25 06:35:56 +11:00
|
|
|
sectionCheck(in.Answer, server, tcp)
|
|
|
|
sectionCheck(in.Ns, server, tcp)
|
|
|
|
sectionCheck(in.Extra, server, tcp)
|
2012-01-21 21:58:26 +11:00
|
|
|
}
|
2012-01-20 06:45:01 +11:00
|
|
|
|
2012-01-21 21:58:26 +11:00
|
|
|
// Return the RRset belonging to the signature with name and type t
|
|
|
|
func getRRset(l []dns.RR, name string, t uint16) []dns.RR {
|
2012-01-21 23:41:52 +11:00
|
|
|
l1 := make([]dns.RR, 0)
|
|
|
|
for _, rr := range l {
|
2012-02-29 05:24:38 +11:00
|
|
|
if strings.ToLower(rr.Header().Name) == strings.ToLower(name) && rr.Header().Rrtype == t {
|
2012-01-21 23:41:52 +11:00
|
|
|
l1 = append(l1, rr)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return l1
|
2012-01-20 06:45:01 +11:00
|
|
|
}
|
|
|
|
|
|
|
|
// Get the key from the DNS (uses the local resolver) and return them.
|
|
|
|
// If nothing is found we return nil
|
2012-01-23 21:23:46 +11:00
|
|
|
func getKey(name string, keytag uint16, server string, tcp bool) *dns.RR_DNSKEY {
|
2012-05-26 18:31:44 +10:00
|
|
|
c := new(dns.Client)
|
2012-02-25 06:35:56 +11:00
|
|
|
if tcp {
|
|
|
|
c.Net = "tcp"
|
|
|
|
}
|
2012-01-21 23:41:52 +11:00
|
|
|
m := new(dns.Msg)
|
|
|
|
m.SetQuestion(name, dns.TypeDNSKEY)
|
2012-02-29 05:24:38 +11:00
|
|
|
m.SetEdns0(4096, true)
|
2012-05-07 23:52:50 +10:00
|
|
|
r, err := c.Exchange(m, server)
|
2012-01-21 23:41:52 +11:00
|
|
|
if err != nil {
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
for _, k := range r.Answer {
|
|
|
|
if k1, ok := k.(*dns.RR_DNSKEY); ok {
|
|
|
|
if k1.KeyTag() == keytag {
|
|
|
|
return k1
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return nil
|
2012-01-20 06:45:01 +11:00
|
|
|
}
|
|
|
|
|
2012-01-21 22:16:35 +11:00
|
|
|
// shorten RRSIG to "miek.nl RRSIG(NS)"
|
|
|
|
func shortSig(sig *dns.RR_RRSIG) string {
|
2012-01-21 23:41:52 +11:00
|
|
|
return sig.Header().Name + " RRSIG(" + dns.Rr_str[sig.TypeCovered] + ")"
|
2012-01-21 22:16:35 +11:00
|
|
|
}
|
|
|
|
|
2011-03-02 00:57:21 +11:00
|
|
|
// Walk trough message and short Key data and Sig data
|
|
|
|
func shortMsg(in *dns.Msg) *dns.Msg {
|
|
|
|
for i := 0; i < len(in.Answer); i++ {
|
|
|
|
in.Answer[i] = shortRR(in.Answer[i])
|
|
|
|
}
|
|
|
|
for i := 0; i < len(in.Ns); i++ {
|
|
|
|
in.Ns[i] = shortRR(in.Ns[i])
|
|
|
|
}
|
|
|
|
for i := 0; i < len(in.Extra); i++ {
|
|
|
|
in.Extra[i] = shortRR(in.Extra[i])
|
|
|
|
}
|
2011-03-28 19:01:10 +11:00
|
|
|
return in
|
2011-03-02 00:57:21 +11:00
|
|
|
}
|
|
|
|
|
|
|
|
func shortRR(r dns.RR) dns.RR {
|
|
|
|
switch t := r.(type) {
|
2011-12-17 03:37:21 +11:00
|
|
|
case *dns.RR_DS:
|
|
|
|
t.Digest = "..."
|
2011-10-06 23:47:49 +11:00
|
|
|
case *dns.RR_DNSKEY:
|
|
|
|
t.PublicKey = "..."
|
|
|
|
case *dns.RR_RRSIG:
|
|
|
|
t.Signature = "..."
|
2011-12-17 03:37:21 +11:00
|
|
|
case *dns.RR_NSEC3:
|
2011-12-20 20:29:00 +11:00
|
|
|
t.Salt = "-" // Nobody cares
|
2011-12-17 03:37:21 +11:00
|
|
|
if len(t.TypeBitMap) > 5 {
|
|
|
|
t.TypeBitMap = t.TypeBitMap[1:5]
|
|
|
|
}
|
2011-03-02 00:57:21 +11:00
|
|
|
}
|
|
|
|
return r
|
|
|
|
}
|