Fix non tsig queries
This commit is contained in:
parent
898a2a664a
commit
c5465127f3
|
@ -12,8 +12,16 @@ need to be fixed.
|
|||
array of 256 block lens set to 0. scan RRs, save highest RR / 8 in
|
||||
each block. len is 2 * # non-0 blocks + sum block len
|
||||
We now allocate 32 bytes for each nsec3 seen
|
||||
|
||||
master¹% ./q -dnssec -tsig axfr.:so6ZGir4GPAqINNh9U5c3A== @localhost mx miek.nl
|
||||
dns: overflow unpacking OPT
|
||||
dns: overflow unpacking OPT
|
||||
;; opcode: QUERY, status: NOERROR, id: 32082
|
||||
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, AD
|
||||
|
||||
## Examples to add
|
||||
|
||||
* Nameserver, with a small zone, 1 KSK and online signing;
|
||||
* Recursor - ala FunkenSturm?
|
||||
|
||||
|
||||
|
|
17
client.go
17
client.go
|
@ -150,7 +150,6 @@ func NewClient() *Client {
|
|||
c.QueryChan = DefaultQueryChan
|
||||
c.ReadTimeout = 2 * 1e9
|
||||
c.WriteTimeout = 2 * 1e9
|
||||
c.TsigSecret = make(map[string]string)
|
||||
return c
|
||||
}
|
||||
|
||||
|
@ -381,21 +380,29 @@ func (w *reply) readClient(p []byte) (n int, err error) {
|
|||
// Send sends a dns msg to the address specified in w.
|
||||
// If the message m contains a TSIG record the transaction
|
||||
// signature is calculated.
|
||||
func (w *reply) Send(m *Msg) error {
|
||||
func (w *reply) Send(m *Msg) (err error) {
|
||||
var out []byte
|
||||
if m.IsTsig() {
|
||||
mac := ""
|
||||
name := m.Extra[len(m.Extra)-1].(*RR_TSIG).Hdr.Name
|
||||
if _, ok := w.Client().TsigSecret[name]; !ok {
|
||||
return ErrSecret
|
||||
}
|
||||
out, mac, err := TsigGenerate(m, w.Client().TsigSecret[name], w.tsigRequestMAC, w.tsigTimersOnly)
|
||||
out, mac, err = TsigGenerate(m, w.Client().TsigSecret[name], w.tsigRequestMAC, w.tsigTimersOnly)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
w.tsigRequestMAC = mac
|
||||
if _, err = w.writeClient(out); err != nil {
|
||||
return err
|
||||
} else {
|
||||
ok := false
|
||||
out, ok = m.Pack()
|
||||
if !ok {
|
||||
return ErrPack
|
||||
}
|
||||
}
|
||||
if _, err = w.writeClient(out); err != nil {
|
||||
return err
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
|
|
|
@ -73,7 +73,7 @@ func TestClientTsigAXFR(t *testing.T) {
|
|||
m.SetTsig("axfr.", HmacMD5, 300, uint64(time.Now().Unix()))
|
||||
|
||||
c := NewClient()
|
||||
c.TsigSecret["axfr."] = "so6ZGir4GPAqINNh9U5c3A=="
|
||||
c.TsigSecret = map[string]string{"axfr.": "so6ZGir4GPAqINNh9U5c3A=="}
|
||||
c.Net = "tcp"
|
||||
|
||||
if err := c.XfrReceive(m, "85.223.71.124:53"); err != nil {
|
||||
|
|
|
@ -166,7 +166,7 @@ Flags:
|
|||
if *tsig != "" {
|
||||
if algo, name, secret, ok := tsigKeyParse(*tsig); ok {
|
||||
m.SetTsig(name, algo, 300, uint64(time.Now().Unix()))
|
||||
c.TsigSecret[name] = secret;
|
||||
c.TsigSecret = map[string]string{name: secret}
|
||||
} else {
|
||||
fmt.Fprintf(os.Stderr, "TSIG key error\n")
|
||||
return
|
||||
|
|
4
tsig.go
4
tsig.go
|
@ -7,7 +7,7 @@
|
|||
// c := NewClient()
|
||||
// m.SetQuestion("miek.nl.", TypeMX)
|
||||
// // Set the secret under the name "axfr."
|
||||
// c.TsigSecret["axfr."] = "so6ZGir4GPAqINNh9U5c3A==" // don't forget the . here
|
||||
// c.TsigSecret = map[string]string{"axfr.": "so6ZGir4GPAqINNh9U5c3A=="} // don't forget the . here
|
||||
// // Add the stub TSIG RR to the message
|
||||
// m.SetTsig("axfr.", HmacMD5, 300, uint64(time.Seconds()))
|
||||
// ...
|
||||
|
@ -17,7 +17,7 @@
|
|||
// TSIG record, which in the above example, is also set to 'axfr.' The supported algorithm
|
||||
// include: HmacMD5, HmacSHA1 and HmacSHA256.
|
||||
//
|
||||
// AXFR
|
||||
// AXFR (TODO)
|
||||
// The message requesting an AXFR (almost all TSIG usage is when requesting zone transfers)
|
||||
// for miek.nl with the TSIG record added is now ready to use.
|
||||
// We now need a new client with access to the secrets:
|
||||
|
|
4
types.go
4
types.go
|
@ -994,7 +994,8 @@ func (rr *RR_TSIG) Header() *RR_Header {
|
|||
|
||||
// TSIG has no official presentation format, but this will suffice.
|
||||
func (rr *RR_TSIG) String() string {
|
||||
return rr.Hdr.String() +
|
||||
s := "\n;; TSIG PSEUDOSECTION:\n"
|
||||
s += rr.Hdr.String() +
|
||||
" " + rr.Algorithm +
|
||||
" " + tsigTimeToDate(rr.TimeSigned) +
|
||||
" " + strconv.Itoa(int(rr.Fudge)) +
|
||||
|
@ -1004,6 +1005,7 @@ func (rr *RR_TSIG) String() string {
|
|||
" " + strconv.Itoa(int(rr.Error)) + // BIND prints NOERROR
|
||||
" " + strconv.Itoa(int(rr.OtherLen)) +
|
||||
" " + rr.OtherData
|
||||
return s
|
||||
}
|
||||
|
||||
func (rr *RR_TSIG) Len() int {
|
||||
|
|
Loading…
Reference in New Issue