]>
git.ipfire.org Git - thirdparty/pdns.git/blob - pdns/toysdig.cc
4 #include "dnsparser.hh"
5 #include "rec-lua-conf.hh"
8 #include "dnswriter.hh"
9 #include "dnsrecords.hh"
11 #include "ednssubnet.hh"
12 #include "dnssecinfra.hh"
13 #include "recursor_cache.hh"
15 #include "root-dnssec.hh"
17 #include "validate.hh"
20 class TCPResolver
: public boost::noncopyable
23 TCPResolver(ComboAddress addr
) : d_rsock(AF_INET
, SOCK_STREAM
)
25 d_rsock
.connect(addr
);
28 string
query(const DNSName
& qname
, uint16_t qtype
)
30 cerr
<<"Q "<<qname
<<"/"<<DNSRecordContent::NumberToType(qtype
)<<endl
;
31 vector
<uint8_t> packet
;
32 DNSPacketWriter
pw(packet
, qname
, qtype
);
35 pw
.getHeader()->rd
=true;
37 // we'll do the validation
38 pw
.getHeader()->cd
=true;
39 pw
.getHeader()->ad
=true;
41 // we do require DNSSEC records to do that!
42 pw
.addOpt(2800, 0, EDNSOpts::DNSSECOK
);
46 len
= htons(packet
.size());
47 if(d_rsock
.write((char *) &len
, 2) != 2)
48 throw PDNSException("tcp write failed");
50 d_rsock
.writen(string((char*)&*packet
.begin(), (char*)&*packet
.end()));
52 int bread
=d_rsock
.read((char *) &len
, 2);
54 throw PDNSException("tcp read failed: "+std::string(strerror(errno
)));
56 throw PDNSException("EOF on TCP read");
59 char *creply
= new char[len
];
63 numread
=d_rsock
.read(creply
+n
, len
-n
);
66 throw PDNSException("tcp read failed: "+std::string(strerror(errno
)));
71 string
reply(creply
, len
);
81 class TCPRecordOracle
: public DNSRecordOracle
84 TCPRecordOracle(const ComboAddress
& dest
) : d_dest(dest
) {}
85 vector
<DNSRecord
> get(const DNSName
& qname
, uint16_t qtype
) override
87 TCPResolver
tr(d_dest
);
88 string resp
=tr
.query(qname
, qtype
);
89 MOADNSParser
mdp(false, resp
);
90 vector
<DNSRecord
> ret
;
91 ret
.reserve(mdp
.d_answers
.size());
92 for(const auto& a
: mdp
.d_answers
) {
93 ret
.push_back(a
.first
);
101 GlobalStateHolder
<LuaConfigItems
> g_luaconfs
;
102 LuaConfigItems::LuaConfigItems()
104 for (const auto &dsRecord
: rootDSs
) {
105 auto ds
=std::dynamic_pointer_cast
<DSRecordContent
>(DSRecordContent::make(dsRecord
));
106 dsAnchors
[g_rootdnsname
].insert(*ds
);
110 DNSFilterEngine::DNSFilterEngine() {}
112 int main(int argc
, char** argv
)
116 // g_rootDS = "19036 8 2 49aac11d7b6f6446702e54a1607371607a1a41855200fd2ce1cdde32f24e8fb5";
119 // g_rootDS = argv[5];
121 // g_anchors.insert(DSRecordContent("19036 8 2 49aac11d7b6f6446702e54a1607371607a1a41855200fd2ce1cdde32f24e8fb5"));
123 cerr
<<"Syntax: toysdig IP-address port question question-type [rootDS]\n";
126 ComboAddress
dest(argv
[1] + (*argv
[1]=='@'), atoi(argv
[2]));
127 TCPRecordOracle
tro(dest
);
128 DNSName
qname(argv
[3]);
129 uint16_t qtype
=DNSRecordContent::TypeToNumber(argv
[4]);
130 cout
<<"digraph oneshot {"<<endl
;
132 auto recs
=tro
.get(qname
, qtype
);
134 cspmap_t cspmap
=harvestCSPFromRecs(recs
);
135 cerr
<<"Got "<<cspmap
.size()<<" RRSETs: ";
137 for(const auto& csp
: cspmap
) {
138 cerr
<<" "<<csp
.first
.first
<<'/'<<DNSRecordContent::NumberToType(csp
.first
.second
)<<": "<<csp
.second
.signatures
.size()<<" sigs for "<<csp
.second
.records
.size()<<" records"<<endl
;
139 numsigs
+= csp
.second
.signatures
.size();
143 cspmap_t validrrsets
;
146 for(const auto& csp
: cspmap
) {
147 for(const auto& sig
: csp
.second
.signatures
) {
148 cerr
<<"got rrsig "<<sig
->d_signer
<<"/"<<sig
->d_tag
<<endl
;
149 vState state
= getKeysFor(tro
, sig
->d_signer
, keys
);
150 cerr
<<"! state = "<<vStates
[state
]<<", now have "<<keys
.size()<<" keys at "<<qname
<<endl
;
151 // dsmap.insert(make_pair(dsrc.d_tag, dsrc));
155 validateWithKeySet(cspmap
, validrrsets
, keys
);
158 cerr
<<"no sigs, hoping for Insecure"<<endl
;
159 vState state
= getKeysFor(tro
, qname
, keys
);
160 cerr
<<"! state = "<<vStates
[state
]<<", now have "<<keys
.size()<<" keys at "<<qname
<<endl
;
162 cerr
<<"! validated "<<validrrsets
.size()<<" RRsets out of "<<cspmap
.size()<<endl
;
164 cerr
<<"% validated RRs:"<<endl
;
165 for(auto i
=validrrsets
.begin(); i
!=validrrsets
.end(); i
++) {
166 cerr
<<"% "<<i
->first
.first
<<"/"<<DNSRecordContent::NumberToType(i
->first
.second
)<<endl
;
167 for(auto j
=i
->second
.records
.begin(); j
!=i
->second
.records
.end(); j
++) {
168 cerr
<<"\t% > "<<(*j
)->getZoneRepresentation()<<endl
;
175 catch(std::exception
&e
)
177 cerr
<<"Fatal: "<<e
.what()<<endl
;
179 catch(PDNSException
&pe
)
181 cerr
<<"Fatal: "<<pe
.reason
<<endl
;